Password security has become a trending topic for the past five or so years with online security facing its toughest test from hackers. Hacking is at an all-time high and it’s probably just a matter of time before they get to you, if they haven’t already. It has gotten to a point where some people are considering doing away with the password altogether, but this is easier said than done.
With passwords as strong as ‘123456’, ‘password’ and ‘abc123’, it is little wonder cyber criminals have registered so much success. These were on the list of most common passwords of 2014 according to Splashdata’s annual release gathered from over 3 million leaked passwords that year alone.
What many people tend to go for when choosing passwords is efficiency, rather than security. And with mobile search having already overtaken desktop , the risks couldn’t be higher, particularly taking into account computers have stronger security mechanisms than their mobile counterparts (from operating systems to security software and so on).
Stuck in the Past? Modern-day hacking has become so advanced that breaching passwords you would call strong takes minutes with the most common taking as much as milliseconds. In the past, few – if any – restrictions existed on password length and composition. Shortly after, lowercase, eight-character passwords were deemed sufficient. Later on, it was agreed that a mix of a capital letter, digit and symbol would make things more complex. Then there were others who preferred length over complexity. Until it was discovered how fast computer programs deployed a dictionary (and later Wikipedia) to disastrous consequence. Today, a lot of common names, words and phrases are not recommended, and the list is growing by the day. So, what are password best practices you could use to keep yourself on the safe side? Let’s take a look!
Random Passwords You may have tried to create a new password you thought was strong, only to test it and be proven otherwise. If so, you should probably try random passwords which tend to be infinitely hard to crack. There are tons of online security software available to help you on this front but careful which ones you use because not all are secure. Some of these online tools include password generators and password managers. But wait – password manager, you say? With the recent hacking of LastPass, one of the most robust password managers, it shows no one is safe. This is where mobile security software like Nuvolect’s CrypSafe could come in handy.
Password Length Length increases the entropy of a password and by this we mean the longer a password is, the better although this by itself is not the end-all (there is much more to entropy than length alone). When it comes to length, being random helps. For instance, a password like kangarookangaroo is the opposite of random: this is long, true, but expected. You need to prioritize length and random text, or better yet, mix it up with character complexity.
Password Hints This is one of the first things an attacker would look at. Always make sure you choose password hints that would not offer hackers any ideas that could you in the mud. For websites with mandatory security questions like PayPal, you need to lie on your password hints or, again, go random.
Examples: Instead of listing the color of your first car as ‘white’, you could answer with something like ‘Q3TvteYEKVCdoBoPRXKo’. Questions like the middle school you attended or your mother’s maiden name are easy to find on the web. If you recall the Adobe attack a while back, more than half a million accounts had the word ‘dog’ as a hint with other common ones being ‘name’, ‘nickname’, ‘cat’ and ‘birthday’. In fact, Mitt Romney’s email and DropBox accounts once got hacked by someone who guessed the name of his favorite pet!
Password Reuse Password reuse is never a good thing whether you are reusing an entire password or choosing a common base on which to incorporate the ‘new’ password. This not only makes it easy to guess all your passwords, but also serves as a smokescreen by having you believe it’s a safe password while in the real sense it’s not. Avoid changing or adding characters to old passwords because it would take a computer just a few seconds to make billions of iterations to the old password. Also, avoid sharing passwords at various security levels: the ones you use for banking and shopping needs should be different from social media, the ones you use for social media should be different from the ones you use to stream movies and music. Yes, even if it means different email accounts.
Password Change It is advisable to change your passwords every once in a while. You need not wait for them to be compromised. But how frequent is once in a while? You could do this at least once a year (this long assuming you have in place a very robust password to begin with).
Storing Passwords Having about ten passwords that you change often is not easy to remember, let’s not kid ourselves. That said, you could write them down and store them in a secure place that only you have access to. If they are too sensitive, even a bank vault will do. For those who use password managers ( not all is lost), you could write down the master password which holds the key to all the others. This too, should be changed frequently.
HTTP Secure As already mentioned, hacking methods have prompted a change in online security tact. These days, any website that considers itself serious needs to have HTTP security, better known as HTTPS, if it requires users to log in. This should be visible on the left side of the address bar. The same case also goes for any new app or web service you come across: think before you key in your private details. Being thoughtful when creating your passwords ensures you sleep better at night, especially when it comes to financial or confidential data. Follow these best practices and you should be home and dry! Or you could ask Snowden. CyberSecurity DataBreach InternetSafety InternetTrolls
The Cloud, Your Data, Unknowns Thare are an estimated 3.17 billon users on the Internet today and by definition, by viewing this blog you are one of them. What you may not know is that you are most likely a user of the cloud. Your data on some set of unknown computers with access by unknown companies and government agencies, what could go wrong?
The cloud is a concept that involves storing data on a remote database maintained by a third-party with the Internet serving as a link between your device and that server. This means the data can be accessed anywhere provided there is an Internet connection.
The technology has its fair share of benefits – that we can’t take away from it. It is the reason everyone is talking cloud these days, and gone are the days it used to be a big word marketed as snake oil. In fact, if you own an email account or use social media like Facebook, you are on a cloud platform. for individuals, there is no longer need to burn documents, photos or music on dvd while you can just upload it to the cloud and access it from any corner of the globe. At the enterprise level, companies no longer need to invest fortunes in hardware and software for their storage needs.
This may sound too simple and convenient (it is) but the technology is fraught with danger that may not be apparent on the surface – until you care to think about it.