CATEGORIES

DANGER: Passwords under attack

By Jim Molis

Harden Your Passwords

You might as well not have a password if yours is weak. A hacker can crack an eight-character password that uses only lowercased letters within seconds. Uppercase letters could take just a few minutes. Of the 621 confirmed data breaches in 2012, 76 percent involved network intrusions that exploited weak or stolen credentials, according to Verizon’s 2013 Data Breach Investigations Report (DBIR). If hackers breach your system, they can access personal information or even steal money. Yet many small business owners don’t adequately protect their networks and computers, assuming that they cannot afford proper security, or, worse, that hackers are too busy targeting larger companies. “They can’t make the assumption that just because they’ve done something, it is good enough,” said Cathy Garland, president of local risk technology management company, CG Solutions of Jax.

In fact, 31 percent of the confirmed data breaches that occurred in 2012 impacted companies with 1 to 100 employees, according to Verizon’s 2013 DBIR. “Big companies have made their security robust enough that smaller shops are being targeted,” Garland said. She recommends hardening your passwords by using complex phrases with at least eight characters, mixing numbers, symbols, and upper and lower case letters. The longer the better because once a hacker tries the first 100 possibilities, they have to go character by character. Complex passwords can take weeks, months, or even years to break by brute force. “It would be extremely difficult, if not impossible, to breach within the time someone retains a password, if you change your passwords frequently,” Garland noted.

But keep the same schemes. For example, use your favorite sports teams for social media and movies for banking, while keeping your substitution patterns consistent (i.e., “$” for “s” or “@” for “a”).

“If you stick to the same types of patterns, it will make it easier for you to remember,” Garland said. She also recommends storing your passwords in Password Safe (http://download.cnet.com/Password-Safe/3000-2092_4-10628141.html?tag=mncol;2), which is free software. “It’s locked down with a level of encryption that would make it nearly impossible to hack. Don’t forget your password to access Password Safe though, or you risk being locked out.”

Keeping your passwords safe also mitigates risk. “The last thing anyone should do is enter a password to anything secure when they are on free Wi-Fi,” Garland said. “Hackers often monitor public networks, which sometimes transfer clear text, essentially handing over passwords. Only use wireless networks secured with complex passwords.”

“Password security is probably the biggest potential risk,” said Garland. “If you have one weak password, I can get in and start trying to figure things out.”

 

By Jim Molis

Jim Molis is a contributing write for Advantage Business Magazine. He can be contacted at jmolis@creatwoodpr.com

 

 

Password Tips

DO

Start with a phrase or a word with more than 8 characters

  • I am a jaguars’ fan

Replace specific characters with alternative special characters

  • Replace all “a’s” with the @ symbol

i@m@j@gu@rs’f@n

  • Replace the “i” with the number 1

1@m@j@gu@rs’f@n

You have created a STRONG complex password

DON’T

Avoid creating passwords that use:

  • Dictionary words in any language.
  • Words spelled backwards, common misspellings, and abbreviations.
  • Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or     adjacent letters on your keyboard (qwerty).
  • Personal information. Your name, birthday, driver’s license, passport number, or similar information.

 

Source: CG Solutions of Jax (http://www.cgsolutionsofjax.com/)

 


Leave a Reply