Passwords You just can not avoid them. With all the advances in technology, this is the one thing we can say has gotten worse over time. There are only a few places you can go online if you do not need a username and password when sharing information or using an application or website. Is it any wonder that in the majority of people – for the sake of simplicity and the ability to easily remember it – the same password or variant of the password is used and reused everywhere? I call this the "life password". You used it forever and you use it everywhere. However, if an account is compromised and a human being (as opposed to a software robot) pays attention to it, all your accounts will be effectively compromised. A few years ago, the heartbleed bug and media attention made this obvious to most people. Unfortunately, few have done more than just develop a new life password, and they are missing out on keeping passwords unique. Worse yet, the continued use of weak passwords is the root cause of security breaches.
For years we have told our customers that this is a bad method, but we have also told them to use secure passwords, a cryptic combination of letters, numbers and symbols. And while this is still a truth, the technology used by criminals today can crack an 8-digit password within hours, regardless of its complexity. You may have already seen the result when one of your old colleagues sent you an e-mail tempting you to click on a strange-looking link or story about being in a foreign country and suddenly needing money. By the time your contact becomes aware of the hack, the criminal has changed not only the account password, but also the security questions and the recovery email account used to reset the account. Your partner is almost certainly excluded from the account forever.
We now recommend that you create a passphrase of multiple words and use a unique phrase for all your logins. Simply entering a 10 or 15-character password will increase the time it takes to crack your password from hours to months or even years. While this may seem daunting, it is easier than you think. Start by selecting three words that mean something to you, and use this as a "base" phrase to help you create a hard-to-crack password. When choosing words, we recommend that you go outside your biosphere, such as family and animal names, and choose from your favorite works of literature, music or art. Your keywords could be something like Ringo Abbey Submarine. This way you have the convenience of the "life password" that's easy to remember, but we'll mix it up a bit. The next step is to increase security by separating the words with numbers and / or symbols. It can be a date that means something to you or any symbol you like. We use 1! 65 in this example. Your next step is to create uniqueness. A really easy way to do that is to add an extra word that represents something about the service or site you are using. With all these methods could your password for your Facebook account Ringo1Social! Abbey6 Submarine5 are. You now have something easy to remember, super long unique password. You simply change the one word that is unique to the site, and maybe it's the position in the phrase for your other logins. Google could Ringo1Search! Be Abbey6 Submarine5. As a replacement for the word-based password, you could have a long phrase like "a ring to control them all, a ring to find them!" Use the first letters of each word and some creative letter substitution "oR2RtA, oR2fT!".
You can also group passwords by complexity. Some websites require you to create an account in order to use them, but you do not keep any information on the website and you do not care about your digital identity if the account should be compromised. Password for such sites if you wish. You can have a basic word phrase for websites that are not financial in nature, and then a completely different expression for those who are. Use a third phrase for passwords that you use at work.
Of course, you'll have outliers – websites that limit you to 15 characters, or dislike using the one icon you want to use. Try to stick to the rule with these rules and use something like two words instead of three, or replace them with an abbreviation. These sites are likely to be so few that you can easily retrieve them.
Why not use a password manager? While this is a graceful solution and may even give you the beauty of creating random passwords for your accounts, you risk a few things. For example, if you use an online service such as LastPass, Dashlane, or Roboform that synchronizes your passwords with the cloud, all stored passwords can be unlocked with a single password from any computer with an Internet connection. So, if you're using a website / service like this, make sure it uses two-factor authentication (you'll need to enter a code that's sent as a text message to your phone) to unlock your passkey on the device Use an additional security question when using a computer that you did not previously authorize. Second, and this is a little personal to me, password managers will prevent you from remembering anything other than your master key. I really do not like knowing my passwords. If I'm in a situation where I'm away from the password-based computer and I need to sign in to my bank to make a bank transfer so I'm not overused, that can be pretty damaging. t do it fast.
There are cases, however, where password management or identity and access management (IAM) can actually be a desired thing. Not so long ago, most corporate data resided on internal network servers that had managed access through a single login to the user's computer screen. When a worker was killed, only that one password had to be changed to lock the user. With the widespread adoption of cloud servers and services-many of which are accessible from any Internet connection, not just in the office-these different systems require their own credentials. Managers now face the daunting task of changing passwords on potentially dozens of systems to exclude a terminated user. Just forget to change one, and the results could be devastating to enterprise security. Fortunately, there are enterprise-class IAM systems that are affordable for small businesses as well. Not only do they enable managers to quickly change passwords, but also to make passwords known to users and secure the unauthorized use of cloud systems outside the workplace. IAM systems can create a single sign-on environment with a two-factor authentication scheme that locks out any business like Fort Knox.
The "Toothbrush Rule" Never divide it. Change it frequently. Simply use your phrase-based passwords to change one of your three keywords, and you'll remember both the old and new passwords!
For More Information You Can Read Wired's History: How Apple and Amazon Security Flaws Led to My Epic Hacking, which is a great lesson on how social engineering can give an attacker access to many things. Luckily, since this article, these two companies have tightened things up, but there are many others out there who willingly give information to the wrong party.
With a few simple steps, you can create your own safe and easy-to-remember passwords that make your digital world safer.
If you have questions or want to know more about IAM, please do not hesitate to contact us.