passwords. You simply cannot avoid them. With all technological progress, this is the only thing that we can say has deteriorated over time. There are few places where you can go online where you do not have to create a user name and password for exchanging information or using an application or site. Is it any wonder that the majority of people – for the sake of simplicity and the ability to retrieve it easily – will use and reuse the same password or variant of that password everywhere? I call this the & # 39; life password & # 39 ;. You have used it forever and you use it everywhere. However, if an account is affected and a person (as opposed to a software robot) watches it, then all your accounts are effectively affected. A few years ago, the Heartbleed bug and media attention made this clear to most people. Unfortunately, few have done more than just inventing a new life password and they miss the usefulness of keeping passwords unique. Even worse, the continued use of weak passwords is the main cause of security breaches.
For years we have been telling customers that this is a bad habit, but we have also been told that secure passwords are a cryptic combination of letters, numbers and symbols. And while this still has some truth, the technology used by criminals today can crack an 8-character password, regardless of its complexity, in a matter of hours. You have probably seen the result when one of your old employees sends you an email asking you to click on a strange looking link, or a fake story about being in a foreign country and suddenly needing money. By the time your contact person becomes aware of the hack, the criminal has not only changed the password of the account, but also the security questions and the recovery e-mail account to reset it. Your employee is now almost certainly excluded from the account forever.
We now advise you to devise a password phrase that consists of several words and uses a unique sentence for all your submissions. Simply going to a 10 or 15 character password increases the time it takes to crack your password from hours to months or even years. While this may seem daunting, it is easier than you think. Start by choosing three words that mean something to you and use this as a & # 39; basic & # 39; phrase that you will use to create a hard-to-crack password. When choosing words, we recommend that you go outside of your biosphere, such as family and pet names, and choose something from your favorite works of literature, music, or art. Your basic words can be something like Ringo Abbey Submarine. This way you have the convenience of the & # 39; life password & # 39; that is easy to remember, but we are going to confuse it a bit. The next step is to increase security by separating the words with numbers and / or symbols. It can be a date that means something to you or any symbol that you like. We use 1! 65 in this example. Your next step is to create uniqueness. A very easy way to do this is to add an extra word that represents something about the service or site you use. So with all these methods the password of your Facebook account can be Ringo1Social! Abbey6 are Submarine5. You now have something easy to remember, a super long, unique password. You simply change that one word that is unique to the site, and perhaps it is the position in the sentence, for your other submissions. Google would Ringo1Search! Abbey6 can be Submarine5. To replace the word-based password, you can take any long sentence like : "one ring to rule them all, one ring to find them!" and use the first letters of each word and some replacement of creative letters to come up with "oR2RtA, oR2fT!".
You can also group passwords based on complexity. Some sites require that you "create an account" to use them, but you do not store any information on the site and you do not worry about your digital identity if the account were to be compromised, so that you can live a short, wasted life password for such sites, if you want. You can use a basic phrase for sites that are not financial in nature, and then a completely different sentence for sites that are. Use a third sentence for passwords that you use at work.
Of course you have outliers – sites that limit you to 15 characters, or that don't like using that one symbol that you've decided on. Try to stick to the rule and do something like using two words instead of three, or replace it with an abbreviation. These sites are unlikely to be enough to easily retrieve them.
Why not use a password manager? Although this is a gracious solution and you can even create the beauty of completely creating random passwords for your accounts, you risk a number of things. First, if you use an online service such as LastPass, Dashlane or Roboform, which synchronizes your passwords with the cloud, all your saved passwords can now be unlocked with a single password from any computer with an internet connection. So if you use a site / service like this, make sure that it uses two-factor authentication (which requires you to enter a code that is sent to your phone as a text message to unlock your master key on the device you are using or a additional challenge question when using a computer that you have not previously authorized). Secondly, and this is a bit personal to me, password managers will prevent you from remembering anything other than your master key. I really don't like not knowing my passwords. If I am in a situation where I am not behind the computer with the password software, and I have to log into my bank to make a transfer so that I don't get over the top, it can be pretty damaging if I can & # 39; t do it quickly.
However, there are cases where password management or identity and access management (IAM) can actually be a desired thing. Not long ago, most company data was on internal network servers that had managed access through a single login on the user's computer screen. If an employee was terminated, he only had to change that one password to block the user. Now, with the wide acceptance of cloud servers and services – many of which are accessible through any internet connection, not just in the office – these different systems need their own set of credentials. Managers are now faced with the daunting task of changing passwords on potentially dozens of systems to block a terminated user. Forget about changing one, and the results can be devastating for corporate security. Fortunately, there are enterprise-class IAM systems that are affordable, even for the small business. They enable managers to not only quickly change passwords, but never to reveal passwords to users, further securing the unauthorized use of cloud systems outside the workplace. IAM systems can create a single login environment with a two-factor authentication scheme that can be used to lock any company such as Fort Knox.
The & # 39; toothbrush line & # 39; Never share them. Change them regularly. With your password-based passwords you simply change one of your three keywords and you will successfully remember both the old and the new password!
For further reading you can read the story from Wired magazine: How Apple and Amazon Security Flaws Led to My Epic Hacking, which is a great lesson in how social engineering can get an attacker to gain access to many things. Fortunately, these two companies have tightened things up since this article, but there are many more that easily pass on information to the wrong party.
By taking some simple steps, you can create your own secure and easy to remember passwords that make your digital world more secure.
If you have any questions or would like to know more about IAM, please do not hesitate to contact us.