In a world of cyber, is the humble password dead in the water? Not entirely!
While the password has been around for centuries, ways of breaking them have never been far behind. Every single day there is someone, somewhere, unwittingly handing over their password to everything to a random stranger.
How many of you make your passwords something you can easily remember, like a birthday or anniversary? How many of you have been using the same passwords for more than 2 years? I can imagine it’s a fair few!
The cold fact is, if someone wants to get your passwords, there are literally hundreds of ways they can go about it, and in most cases, you won’t even know.
So what can you do to protect yourselves? Well, there’s a few things…
If your Password is any of the ones above….Change it NOW!
That’s right, flat out change it. Likelihood is, if you have been stumbled upon, you are in real trouble. Terms like this will appear in pre-built password lists just waiting to brute-force an account. Change it, change it, CHANGE IT!
Make sure it’s suitably strong. Try to make it contain at least 1 uppercase letter, 1 lowercase letter, a number and a symbol. It;s also good to make it at least 8 characters long. Try to use different passwords for different sites. Don’t write it down for someone to find it, and don’t share it with ANYONE! But how will you remember them?
Ever Heard of a password manager?
There is some debate to how secure password managers are, and many different vendors out there. We’ll cover the secure side of them in a different post, but on the whole they are quite handy.
You effectively save all of your passwords into the application, and every time you visit a site to which you have the passwords saved, it will automatically populate it in the login for you. All this, and you need only remember one password to log into the application in the first place and that’s it. You could literally set 20 character random passwords for every website, and you need never remember them. Again, there are some drawbacks and concerns, but that’s for another article. It beats writing them all down by a land slide and saves you relying on your memory.
An alternative, but somewhat more complex method is to use a method called “Salting” on your passwords. This is basically taking a standard password, and inserting random known characters (called a salt) to the string of characters, therefore creating a random password. Normally a salt is standard and added to different passwords in order to further mask them, but you could try it the other way around.
For example, if your password is TinyDancer0123£ you could use this for both Facebook and Twitter by salting it with the website’s name, or a few letters from it. Pick a system were you take the first, third and last letter of the website, and then add it after the first third and last letters of your password. You’d end up with something Like TFincyDancer0123£k. Odds are you would never have your password guessed as no one would know which letters of the website you have chosen or where you have put them in your password.
Surely there’s something better?
Yup! Turn to Multi-Factor Authentication for a far easier, and secure time!
Multi-factor authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is)
Common implementations often come as 2 factor authentication (2FA), a subset of MFA. It works on the principle of taking two of the three factors, so a Password (Knowledge) and a fingerprint (Possession). This is more and more available today, with many of the common social media platforms taking advantage of the added security.
For example, Gmail accounts can be set up to accept a password (which is as standard), but when the correct password is given, it can prompt a mobile device with the “Google Authenticator” App (Possession) to make sure it’s you logging in.
Take a look to see which of your applications support MFA or 2FA, most of them have prompts when you log in to set them up, some will just have them available in their settings. A quick web search will confirm it for you.
How does this actually help?
Well, in the example above, it would mean you would need to have your password and your phone stolen (and most phones have a pin or pattern code these days).
Of course the more you can separate the different factors from the same hardware, the better.
If you have any concerns, queries or questions, feel free to get in touch with us. If you have a need to learn more, want some multi-factoring ideas or setup and configuration give the guys at Centric Security a shout, we’re sure they’d be happy to help.
Stay safe out there all!