Keep yourself safe in cyberspace
Online security is a big deal to me. Having worked in and been involved with online systems since the early 90’s (BBS’s anyone?), I’ve seen my share of illegal log ins, hacked password and general online account fraud. On the Sysadmin side of things, I’ve had to investigate and remediate account hijacking and stolen passwords. From the IT support side, I’ve had to help clients define security and password policies to help them keep their businesses safe. And from a personal side, I’ve had my fair share of stolen credit card numbers and personal information leaked (or stolen) from other sites’ security breaches. No one is immune to an online attack, and to think you are not a target means the bad guys already have an advantage.
The password conundrum
All of us – me included – have way too many passwords for the online resources we visit. Each site has its own password requirements (why no standardization?) and expiration policies, which makes keeping track of the passwords very difficult. Because we juggle so many passwords, we try to keep them simple or easy to remember. Most sites require a complex password, capital and lower-case letters, a number and a special character. This helps prevent easy dictionary attacks, but smart password cracking tools will try variations of numbers substituted for letters. [email protected] is just about as weak as Password; Tree is as bad as Tr33, etc.
A popular password concept, and one I recommend, is to ditch the passWORD and use a passPHRASE. For example, “A [email protected] [email protected] @ the B3ach!” is an easy phrase to remember, has a lot of characters and some great variation. I ran this through an online password checker, and it would take approximately 25 undecillion years (25 times 1036th) to break using today’s technology (no idea what technology will be like in just a couple undecillion years!). Problem is, many sites will not allow for long passphrases, preventing you from stepping up your password game.
(Password) expiration date
Unlike milk and fresh foods, and as much as I hate to mention it, expiration is a good thing. Yes, I know, it is a pain, and having to update passwords at different sites creates the multi-password mess we’re in now. But as much of a pain as it is, changing your password every 60 or 90 days is a good thing. The main advantage is if your credentials are stolen through a Web site breach or other security failure, you can minimize your exposure to attack. Trust me, personal information stolen during a data breech does end up on the Dark Web. I’ve seen it and I know it happens. Change your password frequently and the bad guys are always a few steps behind.
One way to help us manage all of our passwords is to use a password manager. There are several options to choose from, but all of them share some common features. One of the most important features is they have a random password generator. These long and complex strings are perfect for securing your Facebook or bank account. Best of all you don’t have to remember them. Another great feature is they are cross-platform compatible. Once a password is set for a site, the password manager will store it and play it back to the same site whether you are on an iPhone, Android, Mac or PC. Lastly, the good ones will easily capture password updates as sites require them and sync the changes across devices. Easy! For a list of the top password managers for 2019, check with our friends at Digital Trends.
As good as it gets?
Complex passwords, passphrases and password managers are good, and all go a long way to keeping you safe while online. Unfortunately, none of these by themselves is enough. In a previous blog (you can check it out here) I bring up the topic of multi-factor authentication. In the next few blogs, I’m going to dig into multi-factor authentication – what it is, what advantages it has and where you can start using it. As that blog stated,”Good security is inconvenient.”