Crash course in online security round TWO
If you haven’t had the opportunity to read part one, you can find it right here. It discusses the first three of our top eight security need-to-knows.
This second segment focuses on passwords. How to create them and how many you really need.
And in case it all goes to hell, we’ve got you covered in the “What if?” section.
4. Passwords are Hard
I think you would agree, passwords are the worst! There are SO MANY to remember.
At the very least you need three unique, unrelated passwords.
One for your primary, personal email that controls the password resets for everything. A second for your banking information (best practice is one for each bank if you can remember all of them). And a third for everything else, commonly called a “throwaway password.”
Hackers are not likely to get into your Gmail, or your HSBC account. They are much more likely to get an email address and password pair from “that-one-insecure-news-site-that-you-don’t-even-remember-signing-up-for.”
They will then take that password and email combination and see on how many popular sites those access credentials work!
But, how do you make strong, memorable passwords?
Method One: Modify a password ‘stem’
Step 1) Select a password stem. “Tunafish123#@!” (disregard the “”‘s).
Step 2) Add “Echo,” in reference to Echosec, to the end of the stem making the password site specific.
Mix it up: Throw your variable component in the middle. Just in case everyone starts doing the method above!
Remember: The best method for cracking passwords is social engineering. Social engineering is actually the method the English used to crack the German Enigma codes in WW2.
Basically, the English realized that bored enemy soldiers were sending predictable messages. This allowed the English to reduce the number of calculations Allan Turing’s machine was required to make in order to efficiently break the new code every day.
Moral of the story? Don’t be predictable.
At the very least you need three unique, unrelated passwords. [Tweet this]
Method Two: XCKD
The popular webcomic XKCD, written by former NASA engineer Randal Munroe, has some pretty good advice on this.
Step 1) Pick four random words and scramble the order.
Step 2) Throw in a capital letter, a symbol, and a number (for those pesky ‘security’ requirements).
Step 3) Invent a story to help memorize the password.
Starting with “1Q?” (to pass those pesky requirements), and looking at my desk I get “coffee” “business card” “sunglasses” and “computer.” For memorization?
The one question I always get is: “How do you remember your coffee card and computer, but never your glasses?”
Edit (March 28, 2015):Twitter user @KevinSMcArthur correctly pointed out that because I didn't randomly select words but picked them from objects on my desk, I dramatically reduced the number of possibilities for my password. Instead of an entropy of several trillion options, this password has an entropy of about six million options.
Check out the relative password strengths using the link below.
You can test your passwords here: https://howsecureismypassword.net/
Food for thought:
If this was an untrustworthy site, what is to stop them stealing your password? Absolutely nothing! So, don’t check your exact password, check something similar. It was even mentioned on the site! Did you notice? (We also checked their code.)
Password Managers – blessing or a curse?
The security jury is out for deliberation when it comes to password managers. They can be incredibly useful for tracking all those pesky, ever-changing, strings of characters, digits and capitalized letters. However, they are inherently less secure than memorization.
If you were a hacker and wanted to acquire a large number of passwords, what better target than a universal storage mechanism?
The kicker, much like any of these security tricks and tips, do a little research before you bite.
If a hacker wanted to acquire a large number of passwords, what better target than a universal storage mechanism? [Tweet this]
!! What if?
Yup, you did all of this and you still got hacked. It happens. Everyday.
Did you back up your data? Good.
Do you have fraud protection on your financials? Wow, you are way ahead of the curve.
Download Fastcustomer (lets you ‘skip’ the telephone queue). Grab a drink and make the appropriate calls to get things back on track.
If you want to stay safe on the internet, think critically about what you are doing online. Be a skeptic. Back up your data. Use the appropriate measures and tools where necessary.
To Learn More about Echosec, Request A Consultation Today.