It mortifies me every day when I hear of some new hack, virus, or phishing scheme that crippled some hard working person’s business. It is true that information security is a highly specialized and highly technical field. But, there are a lot of basic things you can do to protect yourself that don’t cost money. These aren’t rocket science, (I know because I work with actual rocket scientists) and they take a minimal amount of time to implement. Let’s take a look at one thing you can do in 15 minutes that will improve your online security.
Are your passwords as secure as you think they are?
Strong passwords are a security joke. Pretty much every login today requires complex passwords with a minimum length as well as variations in case or punctuation. Randomized passwords are great because they prevent dictionary attacks and make brute forcing difficult and time consuming.
The problem is, people have done what they do best and ADAPTED to the easiest way out to meet these arbitrary requirements. The basic standard today is: a password cannot contain a word, must be longer than 8 characters, have upper and lowercase letters, and a number or symbol.
Obviously, you cannot use the word “password” as a secure password. But, technically, “Pa$$w0Rd” meets those requirements. (Some, but very few, password testers will scan for this type of substitution). This is further compounded by the fact that we as a race have trouble remembering real random passwords. Additionally, our enterprise security policy makes us change our password every 90 days. So, we end up with people doing things like “Pa$$w0Rd10”, “Pa$$w0Rd11”, etc. These are so bad for a lot of reasons, but we won’t get into that now.
How to create a secure password
Instead, I am going to teach you a trick that I have been teaching people for 20+ years. This will help you generate a password that you can remember.
Ideally, you would use a utility like LastPass or Passpack to have a true complex, random, 32+ character password. But, I know that statistically, only 3% of people do this. So, I will show you the next best thing that you may actually do.
Think of a sentence. A long one that you can remember is best. It also helps if you could look it up somewhere if you forget it exactly.
Let me give you an example. My sentence is going to be, “Four score and seven years ago, our forefathers brought forth on this continent a new nation.” It can be as long as you want but the longer and more complex the better. We then make a similar substitution for it, as in our “Pa$$w0Rd” example above. But, instead of each letter, we choose the first letter of the word, or the whole word, and make a substitution. You can make the rules whatever you want, but be consistent so you don’t mess with your memory.
For my example, I am going to make the word “four” into the number 4. The word “for” would also be the numeral. And, for fun, I am going to turn “fore” from “forefathers” into a 4 also. So, it looks like this: “4s&7ya”. This is “FOUR Score AND SEVEN Years Ago”. It looks random. And, it is pretty close for the purposes of brute forcing. Longer passwords are the best. Using this method, my whole sentence could be substituted to read “4s&7yaO4Fb4thotcann”.
Again, you are just trying to use a consistent rule set that you can remember. Most services use intelligence like captcha and brute force prevention that makes guessing something like this practically impossible in less than 387 years. At this point, you wouldn’t care anymore!
A final word on passwords
Tip for today: Remove the stupid password expiration policy. Or, make it annual and implement a password that’s really hard to guess or force.
Bonus tip: People always want to use my example. Seriously, don’t use my example. There are plenty of other things you can use from historical speeches or books that are easy to memorize or reference.
Are you ready to learn other ways to keep your information secure and prevent cyber attacks? Contact us to see how we can help YOUR business, its people, and its information stay safe.