Passwords Safety

Part 1

See my password on the back side.

Passwords safety is a pretty ‘searched’ topic on the internet.

You may not know that (who would?) if you don’t research these types of topics, like we do here at DTS InfoTech.

We can assure you that there is much to learn on the topic of passwords safety. It’s important.

But! There is disagreement regarding many subtopics under the main topic of passwords, and it’s also confusing.

You, of course, are free to disagree with us, but I will admit to having a personal opinion about safety as a general rule in life. Which is to say, that if we’re going to make a mistake, let’s err on the side of caution. Erring on the side of caution is a wise axiom in this writer’s opinion.

All that said, this post is our offering on the sometimes confusing discussion of passwords safety.

Let’s cut to the chase about passwords — password management software.

It seems to be current thinking (and technology) that one of the best ways to create and manage your passwords is to use an online password management system. Okay, fair enough.

To help you in your research using this method, here is a link to PC Magazine and their opinion on The Best Password Managers For 2020.

Editors of PC Magazine state, “Still using your kid's birthday as your universal password? You're heading toward trouble. With a password manager, you can have a unique and strong password for every secure website.

We would agree that a unique password for every website you use is a sound strategy.

I’m going to leave you in their good hands. You can start here, and in no time you’ll have a ton of information regarding this online solution. Many people use these systems, but not everyone uses them.

Strong passwords

Many people, this writer included, create, store, and change passwords without using an online solution. Speaking for myself, it’s a level of comfort, knowing my passwords are NOT online. Much could be written. For now, I’ll leave that to your imagination and the online password management systems.

Here are some helpful tips on keeping your passwords safe and secure:

1. Make sure you use different passwords for each of your accounts.

2. Be sure no one watches when you enter your password.

3. Always log off if you leave your device, and anyone is around—it only takes a moment for someone to steal or change the password.

4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.

5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may be infected with malware that steals your passwords.

6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.

7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.

8. Depending on the sensitivity of the information being protected, you should change your passwords periodically and avoid reusing a password for at least one year. Remember the disagreement on this point?

9. Do use at least nine characters of lowercase and uppercase letters, numbers, and symbols in your password? Remember, the more, the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says, “I am happy to be 29!”

11. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says, “To be or not to be?”

12. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters, so it’s not apparent that it’s a password. One idea we recommend is picking a book on your shelf and placing a passwords page within it so only you know where it is.

13. You can also write a “tip sheet” which will give you a clue to remember your password but doesn’t contain your password on it. For example, in the example above, your “tip sheet” might read, “To be, or not to be?”

14. Check your password strength here. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

Two-Factor Authentication

But wait! If those fifteen points are not enough for you, there’s more. Two-Factor Authentication (2FA)!

I found a good definition for Two-Factor Authentication over at Investopedia.

Two-factor authentication (2FA) is the second layer of security to protect an account or system. Users must go through two layers of security before being granted access to an account or system. 2FA increases the safety of online accounts by requiring two additional types of information from the user, such as a password or PIN, an ATM card (a physical device), or fingerprint (biometric information), before the user can log in. The first factor is the password; the second factor is the additional item.

I like the 2FA method

The software platform we use here at DTS to manage our website is HubSpot. I am the administrator, but I don’t have access to managing our website until I enter the six-digit code HubSpot sends me after I login. The code they send is the second factor you must have, or you don’t get in.

Isn’t it inconvenient?

Nope! It’s wicked fast. HubSpot texts the security code to me in less than five seconds. It’s so fast that I receive the code on my Android phone before I can even pick it up on my desk. That’s fast!

I feel good knowing that someone who has hacked my password will NOT have access to our HubSpot account. Why? Because they don’t have my phone, they’ll never see the text for the security code.

Changing passwords

There are disagreements about changing passwords. Everyone has an opinion, including NIST and Microsoft, both of whom have recently relaxed their dogma on the necessity of changing passwords.

You can Google the term ‘changing passwords,’ and you will find numerous articles.

One of the topics of disagreement regarding passwords is the need to change your password periodically. I won’t get into that discussion here. If you’re interested, we have a post you can read here about the practice of changing passwords now and then, read here.

There are benefits to changing your password regularly. Here are four reasons, according to the IT folks at Carleton University:

1. Limits breaches to multiple accounts

Reusing your existing password outside of your company increases the risk of access to several accounts if your password is hacked. Change your password to something unique for each of your accounts. For example, do not use your Facebook password for your company or your bank account.

2. Prevents constant access

A hacker may try to access your account more than once over an extended period. Changing your password reduces the risk that they will have frequent access.

3. Prevents the use of saved passwords

If you lose or change computers, it is possible someone may gain access to your saved passwords. Consistently changing your password means that even if someone finds an old, saved password, it will no longer be useful.

4. Limits access gained by keystroke loggers

A keystroke logger is a surveillance technology used to record the keystrokes we make on our keyboards when we’re typing.

Keystroke loggers are often used to steal login credentials. Regularly changing your password makes it less likely that passwords obtained this way will be useful for any length of time.

DTS InfoTech Can Help

We’re good with passwords. Seriously, we are. We use them all the time, so do our customers, friends, and family. Everyone uses passwords.

On the other hand, most small businesses do not have the expertise, technical resources, or time to understand all this password, cybersecurity, and technology stuff. If this describes you, we can help.

If you would like more information, please give us a call, we’re always happy to chat, and the call is FREE! Calls are always free.

Return to: Passwords

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work