Some years ago, Ellen DeGeneres found a product on late-night television that she had to order. It’s a product to help consumers remember their online passwords. Check it out here… :) 
Ellen password minder youtube video

Today, cyber security has evolved…but almost to the point of coming full circle to Ellen’s suggested password protection solution.

Let’s start with what gets hacked. To a hacker, anything that must be kept under lock and key is probably worth stealing. If a website  (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it.

The Password Challenge

Generally, people do not remember complicated passwords very well. If users are allowed to create their own passwords, they will often create very simple ones like “password”, “1234”, their spouse’s name, or their favorite sports team. Passwords like these are easy for the user to remember, but unfortunately they are also easy for someone else to guess.

Furthermore, any serious hacker who attempts a brute force or dictionary attack will not be sitting at a Web browser, guessing at authentication credentials and typing them in. He will be using an automated tool for the brute force attack that can make thousands of requests per minute with credentials generated from a large list of possible values. Often this list is an actual dictionary, hence the term “dictionary attack.” If a user chooses a common password, such as a dictionary word, the automated tool will eventually guess it, and the user’s account will be compromised.

Password Do’s and Don’t

Krebson Security offers insight and suggestions for creating strong passwords. Here are a few important ones…

  1. Create unique passwords that that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
     
  2. Do not use your network username as your password.
     
  3. Don’t use easily guessed passwords, such as “password” or “user.”
     
  4. Do not choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, your Social Security or phone number, or names of family members.
     
  5. Do not use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords. If you must use dictionary words, try adding a numeral to them, as well as punctuation at the beginning or end of the word (or both!).
     
  6. Avoid using simple adjacent keyboard combinations: For example, “qwerty” and “asdzxc” and “123456” are horrible passwords and that are trivial to crack.
     
  7. Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke. Complexity is nice, but length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.
     
  8. Avoid using the same password at multiple Web sites. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
     
  9. Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
     
  10. Whatever you do, don’t store your list of passwords on your computer in plain text. The advisability of keeping a written list of your passwords have evolved over time. Noted security expert, Bruce Schneier, advises users not to worry about writing down passwords. Just make sure you don’t store the information in plain sight. The most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. If you forget your password, most Web sites will email it to you (assuming you can remember which email address you signed up with).

Yes, we’ve almost come full circle…a privately protected paper list can be more secure than a list saved online!

Regardless, passwords must be chosen very carefully!

 

VANTREO is here to help. If you have a question on cyber protection or anything else, just reply here!