Tag Archives: password security

Securing passwords through confidential files electronically or physically.

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Why Passphrases are the Future of Logins

Every so often, whether it be for a company software program like MOZ, a school database like blackboard, or even a personal social media account on twitter, you get one of the two ominous messages.

The Unwanted Messages

You get the “time to reset your password” right after you slowly got used to your new password. Now you have to create a new password that’s memorable but is also hard to crack. Yes, it is a measure of security and caution from the website that is admirable. It is a pain at best for the user.

Then there’s the other message: “oops, you forgot your password too many times. Let’s reset it!” This one is arguably worse because of two things. One, you have to create a whole new password just like the mandatory reset times. But, you have to make it easier to remember than your last one, since you just forgot it. That makes hacking for these passwords so easy.

Where we are with Passwords

While there are some awesome dual-factor authentication apps and tricks as well as new biometric security measures, hacking password details could not be easier right now. Soon, we’ll be strictly using biometric passwords like eye scanning and finger pad touch. Or just using dual-factor using an app like duomobile. But for now, passwords are becoming ever so easy to hack for cyber criminals. They have more advanced technology that can run dictionary hacks and algorithm checks at 1,000,000,000 searches a second. And the only thing standing between your account with credit card info and their supercomputer is the password “qwerty12345.” All jokes aside, that password is extremely common, and there’s simpler derivatives of that password that make the 25 most common passwords of 2020.

Passphrases

While waiting for that futuristic physical password technology, allow me to introduce you to a better password type: pass-phrases. Pass-phrases are exactly what it sounds like. It’s not a word with numbers and symbols, it is a whole phrase that may include further numbers and symbols. While some say it is only a small step of improvement over passwords, let me tell you why they are much more protected.

Benefits of Passphrases

First, the guideline check is simple. They’re just as protected against password guidelines on the vast majority of sites. They are also supported by many sites as well, meaning you will be able to use these wherever you can use your normal pass-word.

They’re more secure. It’s that simple. The more characters and difference in the change of characters, the better. As in, if your password is football10!, that is a password a hacker can crack manually, it’s so straightforward. Now imagine it being “Mile High Miracle 512!” That’s 21 characters compared to 11, which makes the computers check for 10 factorial more possibilities. Simply, that means “football10!” Is a mid-sized fish in a river, “Mile High Miracle 512!” Is a krill in the Pacific.

Example of good Passphrases

Also, football is too simple, and there’s no change after football. Being as specific as possible is best. Take Mile High Miracle 512! Mile High Miracle is a nickname for a specific famous game that my favorite team, the Baltimore Ravens won (it’s a reference to them beating the Denver Broncos in Denver). Next, the 512 part. The game is mostly famous because of one play. The Baltimore quarterback, number 5, threw a last-gasp touchdown to Baltimore wide receiver number 12, to tie the game. 512 is incredibly more random than 10, yet feels more memorable. See how easy that was?

Concluding Thoughts

My point is that passphrases are easier to remember than those one word and 2 number passwords. Especially if they’re close to your heart and mean something. That could mean a song lyric/title/album, or a movie phrase, or a famous sports moment. So if you are a big music fan, next time you are resetting your Chase account, take a minute before you rush to put “RockFan12345.” Think about passphrases, and try something more along the lines of “St41rway 2 Heav3n” instead. Trust me, the time it’ll take to remember which e becomes a 3 is the difference between a bank account compromise and having your financial records safe.

Still confused? Want to learn more about passphrase protection? Or just about cyber security in general? Contact a risk advisor today at 914-357-8444 or visit our website here.

Cyber Liability Insurance, HR Challenges, Risk Management

Password Security for Cyber Protection

Implementing Proper Password Security For Better Cyber Protection

Picture this: it’s the end of the month, and you sit down at your computer to check your bank account balance, there’s only one thing, you forgot your password. What is it again? qwertyuiop1? No, qwertyuiop15? Eh, I’m not sure; I’ll just reset it.

Almost 40% of people deal with issues related to forgotten passwords on a monthly basis (Entrepreneur). This doesn’t only include bank accounts, but with social media and email passwords.

I’m not the only person who struggles to remember all his passwords, and I know I can’t be the only one changing my password every week because I can’t remember if I capitalized the first letter or not. Needless to say, my passwords are lacking in complexity in part because I never realized how risky using a common password can be. Cyber criminals have endless ways to use your private information. Opening fraudulent bank accounts, shopping online, applying for loans, and identity theft are only some of the most common uses of your data. The worst part is, I feel secure after changing my password from Football3! to Football4!. This change is almost completely insignificant to a hacker and most definitely isn’t going to prevent a hacker from getting into one of my accounts.

As a result of my new cyber security paranoia, here are some tips for better password management:

  • Make sure your password is at least 12 characters; it’s better to be safe than sorry. When it comes down to it, adding four characters to your password can be the difference between security and losing your account to cyber criminals.
    • An almost random combo of letters, numbers, and symbols is your best bet for creating a password that hackers will struggle to crack. The longer your password is, the better.
  • Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red House” is also very bad.
    • In other words, stay away from any passwords you think someone else may be using. Think of something original, and don’t use the passwords “123456” or “password.”
  • Another easy way to keep your passwords secure is to keep them private, as in not sharing them with your coworkers, friends, or relatives.
    • Almost 50% of Americans have shared their passwords with another person. A significant part of these shared passwords occurs on streaming sites like Netflix and Hulu. Why is that important you ask? According to the Ponemon Institute, the average person uses the same password for approximately five accounts. Make sure to remember when you’re giving your boy or girlfriend your Netflix password, you may also be giving him or her access to much more.
  • Change your passwords every month if you want to be safe from cyber-attacks. This effort may sound hard to the average person who changes passwords once a year or not at all. But putting the extra time aside to change your passwords is a great way to ensure your cyber security.
  • Multi-factor authentication is a safety method that grants access to an account after presenting two pieces of evidence to an authentication mechanism. By using two-factor authentication, you can protect yourself against almost all cyber attacks; two-factor authentication is one of the most effective ways to combat cyber criminals.
  • Keep your passwords safe and organized by using a password management application; there are plenty of apps that offer free password help. If you’re old fashioned, write passwords in a notebook and keep them in a secure location. Write dates next to your passwords to help you keep track of when to change them.

Final Thoughts

People as a whole have too many passwords: and what comes of all of them? Serious fatigue, to the point where resetting our passwords, is easier than remembering them. But you have to be careful in resetting your password, though it may make you feel safer to change your password every month or two, this still allows hackers a long period of time to get into your account if they’ve already targeted your account. The most important step to having proper password security is making the password long, with almost random strings of letters, numbers, and symbols.

As a result, people like me do dumb things, creating a few password variations to help an untenable situation. Or we do even dumber things, like use passwords such as “password” or “123456.” Or we create a “base” password and add a variation for each site. We know it’s stupid, but we’re driven to these solutions because we are lazy/our memories can’t remember all those passwords. So do yourself a favor and follow those tips to increase your password security.

 

If you have any further questions, contact a Risk Advisor or call 914-357-8444 today!