Tag Archives: passwords

A code needed for a user to gain access to private information.

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Why Passphrases are the Future of Logins

Every so often, whether it be for a company software program like MOZ, a school database like blackboard, or even a personal social media account on twitter, you get one of the two ominous messages.

The Unwanted Messages

You get the “time to reset your password” right after you slowly got used to your new password. Now you have to create a new password that’s memorable but is also hard to crack. Yes, it is a measure of security and caution from the website that is admirable. It is a pain at best for the user.

Then there’s the other message: “oops, you forgot your password too many times. Let’s reset it!” This one is arguably worse because of two things. One, you have to create a whole new password just like the mandatory reset times. But, you have to make it easier to remember than your last one, since you just forgot it. That makes hacking for these passwords so easy.

Where we are with Passwords

While there are some awesome dual-factor authentication apps and tricks as well as new biometric security measures, hacking password details could not be easier right now. Soon, we’ll be strictly using biometric passwords like eye scanning and finger pad touch. Or just using dual-factor using an app like duomobile. But for now, passwords are becoming ever so easy to hack for cyber criminals. They have more advanced technology that can run dictionary hacks and algorithm checks at 1,000,000,000 searches a second. And the only thing standing between your account with credit card info and their supercomputer is the password “qwerty12345.” All jokes aside, that password is extremely common, and there’s simpler derivatives of that password that make the 25 most common passwords of 2020.

Passphrases

While waiting for that futuristic physical password technology, allow me to introduce you to a better password type: pass-phrases. Pass-phrases are exactly what it sounds like. It’s not a word with numbers and symbols, it is a whole phrase that may include further numbers and symbols. While some say it is only a small step of improvement over passwords, let me tell you why they are much more protected.

Benefits of Passphrases

First, the guideline check is simple. They’re just as protected against password guidelines on the vast majority of sites. They are also supported by many sites as well, meaning you will be able to use these wherever you can use your normal pass-word.

They’re more secure. It’s that simple. The more characters and difference in the change of characters, the better. As in, if your password is football10!, that is a password a hacker can crack manually, it’s so straightforward. Now imagine it being “Mile High Miracle 512!” That’s 21 characters compared to 11, which makes the computers check for 10 factorial more possibilities. Simply, that means “football10!” Is a mid-sized fish in a river, “Mile High Miracle 512!” Is a krill in the Pacific.

Example of good Passphrases

Also, football is too simple, and there’s no change after football. Being as specific as possible is best. Take Mile High Miracle 512! Mile High Miracle is a nickname for a specific famous game that my favorite team, the Baltimore Ravens won (it’s a reference to them beating the Denver Broncos in Denver). Next, the 512 part. The game is mostly famous because of one play. The Baltimore quarterback, number 5, threw a last-gasp touchdown to Baltimore wide receiver number 12, to tie the game. 512 is incredibly more random than 10, yet feels more memorable. See how easy that was?

Concluding Thoughts

My point is that passphrases are easier to remember than those one word and 2 number passwords. Especially if they’re close to your heart and mean something. That could mean a song lyric/title/album, or a movie phrase, or a famous sports moment. So if you are a big music fan, next time you are resetting your Chase account, take a minute before you rush to put “RockFan12345.” Think about passphrases, and try something more along the lines of “St41rway 2 Heav3n” instead. Trust me, the time it’ll take to remember which e becomes a 3 is the difference between a bank account compromise and having your financial records safe.

Still confused? Want to learn more about passphrase protection? Or just about cyber security in general? Contact a risk advisor today at 914-357-8444 or visit our website here.

Risk Management

How To Set The Best Passwords For Your OnLine Activites

What’s the longest you’ve ever spent when trying to create a new password that 1) You will remember and 2) Satisfies your particular website’s password requirements? It’s taken me up to fifteen minutes before and that is not an exaggeration. I know you are all sick and tired of getting this message: “Sorry that password won’t work, you must include: a symbol, a number, a hieroglyphic, a gang sign, your favorite poem, an inspiring quote and an uppercase letter.” Here are some ideas for setting up the best passwords for your online activities.

According to a recent Wall Street Journal Article;  in 2003  Bill Burr published an 8-page primer advising people to protect their accounts by inventing awkward new passwords with obscure characters, capital letters and numbers, and to change them regularly. Earlier this month, however, Burr admits that his advice ended up largely incorrect, saying “Much of what I did I now regret.”  

When people change their passwords every 90 days or so, they are usually making very minor changes. These changes can be extremely easy to guess. For example, changing Ba$eball1! to Ba$eball2! isn’t exactly going to prevent hackers from breaking in. Here are some new tips on developing a great, secure password.

  • Drop the password-expiration advice and the requirement for special characters. Studies show they do very little for security, and multiple security experts say they “actually have a negative impact on usability.” And don’t use common substitutions, either! For example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
  • Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
  • The longer the password, the harder it is to crack. Consider a 12-character password or longer.

We have too many passwords: almost three in five adults have five or more unique passwords, and nearly one in three have more than 10, according to a study by Janrain, a user management company.

The result is serious fatigue, to the point where one in three think solving world peace is easier than trying to remember all their passwords. With stats like these, is it any surprise that we collectively hate passwords?

As a result, people like me do dumb things, creating a few password variations to help an increasingly untenable situation. Or we do even dumber things, like use passwords such as “password” or “123456.” Or we create a “base” password and add a variation for each site. We know it’s stupid, but we’re driven to these solutions because we are lazy/our memories just can’t remember all those passwords. Consider John Podesta , Hillary Clinton’s campaign chair set his password for his account as “password” which is how the Russian’s stole all those emails. Easily one of the greatest bone head moves of all time in hindsight. Don’t be a Podesta.

Difficulty in remembering creates dangerous security backdoors that hackers are absolutely loving. So do yourself a favor and follow those three tips to building a safe and secure password. Lastly make sure your cyber liability insurance policy is paid up. All you have to do is watch the news to understand how vulnerable your company really is. If you have any further questions, contact Metropolitan Risk Advisory today!