Password Setup – A Key Part of Cyber Security » Cealed Carry Inc
Think for a moment about all the different online accounts you have. Accounts likely cover social media, shopping, banking, and your home security cameras, to name a few. Each requires a password to access it. Now think of the horrific damage one could do if they had your passwords and sinister motives. That’s why I’ve dedicated an article entirely to helping you set up strong passwords and check if hackers have compromised your current passwords.
If you missed my latest cybersecurity article titled Cybersecurity Basics You Should Be Using Right Now, remember to check. I explain the principles of managing your personally identifiable information (PII).
Password setup —
Setting up passwords is always a fun topic because no matter how many teachers and industry experts lecture and write about it, horrible passwords are still a problem. Bad actors have several methods to obtain a password and compromise an account. Here are some methods used to steal your password:
Dictionary attacks —
A dictionary attack attempts to crack the password by guessing over and over until it cracks the password. As the name suggests, a dictionary attack works from a database containing a dictionary. It is important to note that the dictionaries used are generally not monolingual. Instead, the dictionary contains words from multiple languages and usually includes slang terms or alphanumeric substitutions (eg 1=I, 2=Z, 3=E, etc.).
A type of spyware called a keylogger allows an attacker to keep track of every key pressed and makes it easier to steal passwords.
Shoulder surf —
This is the low-tech technique of looking over a user’s shoulder when entering a PIN or password. Shoulder surfing is simple yet effective.
Phishing emails are another common technique used by hackers to steal passwords and PII. Phishing emails may look legitimate, but most of them are easy to spot. They often contain grammatical and spelling errors and other telltale signs of fraud. If you receive an email with the subject line “verify your amazon purchase now” but you haven’t made a recent purchase there, you can be sure it’s a phishing scam. The attacker hopes that you will click on the link, attempt to log in, and in doing so, disclose your username and password. If you don’t recognize the sender or just think something seems “off”, don’t even open the email. Mark it as spam, flag it or report it, and move on.
Never respond to an email asking for your password. Organizations will never ask you to give them your password in an email. Another thing you can do to determine if an email is legitimate or not is to hover your mouse over the link before clicking on it. Somewhere in your browser window (usually at the bottom), the URL of the website the link directs you to will become visible. If the link doesn’t seem to take you to the company’s page, don’t click on it. If in doubt, do not click on any links.
Don’t feed phishing.
This CBS News article explains a bit about how people used phishing to get emails from Hillary Clinton.
Choose a password or passphrase —
Anyone who has encountered a compromised account will tell you that it can be a nightmare. But imagine if a hacker breaks into several of your accounts. This can easily happen if you use the same password for multiple accounts.
Using the same password for your online banking services as your email could lead to more than one person blocking your access to your own email account and spamming and/or phishing your contact list . A hacker with the right credentials and a relatively minimal amount of knowledge could destroy your finances. This example alone should be enough to highlight the importance of using different passwords for different accounts and devices.
However, just using a different password is not enough. You must choose a strong password.
And while we’re at it, let’s ditch the concept of passwords and aim for the highest. passphrase. A passphrase will be longer than a password and will require more time and resources to crack. If you disagree with the passphrase plan, observe at least some of the following things rules for creating a strong password.
- Never use common or easy to find personal information. The dog’s name, birthday, anniversaries, your child’s name, your address, etc. These are all terrible passwords that you should avoid using at all costs.
- Use at least one capital letter
- Try to make the password or passphrase as long or complex as possible
- Include special characters (#@!Q$^&*,/?/)
- Do not use the same password or passphrase more than once
- Test the strength of your password or passphrase (use this website to test your passwords)
Bad passwords have been a source of comedy (and tragedy) for decades. Here is the proof :
To finish –
If any of your passwords or phrases don’t meet the best practices mentioned above, change them as soon as possible.
Do you find these cybersecurity articles helpful? We believe online security is important as part of an overall strategy to mitigate risk and avoid trouble. As we get into the different aspects of cybersecurity, feel free to ask questions or request that we cover a specific topic.