Using secure passwords is one of the best ways to avoid the theft of your most valuable data. Any IT professional can attest to the consequences of using bad passwords. In this post we will be talking about how to generate secure passwords and some common practices and tools you can implement to keep your information safe.
How do passwords get exposed?
Someone you once knew: Someone who was once close to you who wants information from your personal accounts can either use passwords that you may have told them, (if you have not changed your passwords after the relationship ended). They may also be able to guess your password with the help of password recovery tools and information such as knowing your favorite sports team, the name of your pet, or your mothers maiden name.
Brute Force Attack: The second and most common way of exposing passwords is through a brute force attack. A hacker with the right software can guess millions of password combinations until your password is cracked.
Data Breach: You may have heard the term “data breach” if you have seen whats been going on with Target and Home Depot in the news lately. This type of password exposure is one of the hardest for general users to avoid. A data breach is when a company has it’s data stolen which includes your account information. Data breaches result in millions of passwords stolen every year.
Tips to securing passwords:
Don't share private information: Do not share your sensitive account information with anyone, under any circumstances, unless it is absolutely necessary. If you do have to share your password information with someone, be sure to change it when they no longer need access to the account.
Generating secure passwords: When creating passwords be sure to use a complex password, that does not include any dictionary words (especially if they are common in your life such as birthdays, pet or children’s names, favorite colors, TV shows, sports teams, etc). A complex password is at least 16 characters, including upper case letters, numbers, punctuation, and special characters.
Generating Secure PIN codes: one aspect of password security that is often overlooked is the the Personal Identification Number, this is the 4 digit code used to unlock a phone or ATM PIN. There are 10,000 possible choices when coming up with a 4 digit code, some are more secure than others. More common pin codes are often the ones that are used first by someone attempting to access an account. In a study of 3.4 Million codes 11% were found to be 1234. The next most popular PIN was 1111 (6%), followed by 0000, and 1212, and 7777. It is also common for people to use their birth year, the same study found that every combination of digits of the years 1901 through 1999 occurred in the top 20% of the data set. When generating a secure PIN code be sure to use a number that does not have any significance in your life. Along with an insignificant number try to avoid reusing individual numbers in consecutive order such as 1100 or 1122 or 8666.
Do not reuse passwords: A recent study found that on average people own around 25 online accounts, but only use 6 unique passwords. It is important to have unique passwords for all of your accounts. If a malicious entity gains access to one of your accounts, there is nothing stopping them from trying your password on commonly used websites such as facebook, twitter, online banking sites, and most importantly, your email. If a hacker gains access to your email they can often send password reset requests from other websites to your associated compromised email address.
Use 2-Factor Authentication: When creating accounts it is important to utilize a feature called 2-factor authentication when possible. 2-factor authentication will allows that service to send you a confirmation code to your phone or download an app with a time sensitive code that you must input after putting in your password, this makes it hard for unauthorized users to access your account even if they have your password. For more information check out Life hacker post about 2-factor authentication.
Use a password manager: Users often forgo a unique secure password in an attempt to better remember all of the passwords to their accounts. To properly secure your accounts Modern Mechanic recommends using password manager software. A password manager is a program that allows you to store all your username and passwords in one place and use that data to fill out login forms when trying to access your accounts. The companies that make popular password managers deploy high amounts of security measures to make sure your password vault cannot be accessed by would-be hackers. When a user has a password manager there is no more need for a password that is easy to remember and you can start generating complex, unique passwords for all your different accounts.
Modern Mechanic employs enterprise ready password managers for our clients. Our favorite password management software is LastPass. We recommend LastPass to our clients because of their easy to use enterprise licensing system. With LastPass our clients are able to easily access their sites, secure notes, or form fills with an app that integrates with their web browser. LastPass has security tools that allow users to scan their accounts for potential risk factors and warns users when they have used the same password in more than one site and provides a customizable password generator. LastPass allows our clients to securely share passwords between users and when it comes to corporate off-boarding procedures, having LastPass allows account admins to remove that user from LastPass. In seconds an off-boarded user can be separated from all the company accounts.
For more information on LastPass enterprise visit https://lastpass.com/. To get your company set up with LastPass contact Modern Mechanic and we will be happy to help!
Profis, Sharon. "The Guide to Password Security (and Why You Should Care) - CNET." CNET. N.p., 10 May 2012. Web. 13 Oct. 2014.
Silverman, Rosa. "Easy as 1234: The Most Popular PIN Codes Revealed." The Telegraph. Telegraph Media Group, 01 Aug. 2013. Web. 13 Oct. 2014.