Password Hygiene 101

9296918455?profile=RESIZE_400xA password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity.  Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.

Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier.  When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

Protect your information by creating a secure password that makes sense to you, but not to others.  Most people do not realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.[1]

How to make it easy for Hackers 

  • Dictionary Attacks: Avoid consecutive keyboard combinations, such as qwerty or asdfg. Avoid using dictionary words, slang terms, common misspellings, or words spelled backward.  These cracks rely on software that automatically plugs common words into password fields.  Password cracking becomes almost effortless with a tool like ‘John the Ripper’ or similar programs.
  • Cracking Security Questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research.  When you click the “forgot password” link within a webmail service or other site, you are asked to answer a question or series of questions.  The answers can often be found on your social media profile.  This is how Sarah Palin’s Yahoo account was hacked.
  • Simple Passwords: Do not use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.”  The next most popular password was “12345.”  Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”
  • Reuse of Passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.  This is a common mistake.
  • Social Engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

How to make Passwords Secure:

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around, it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you do not control (like computers at an Internet café or library) they could have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop) hackers can intercept your passwords and data over these unsecured connections.
  7. Do not tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Longer and more complicated are preferred.
  10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!”.
  11. Use the keyboard as a palette to create shapes. %tgbHU8* Follow that on the keyboard. It is a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard.
  12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? This one says, “To be or not to be?”
  13. It is okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it is not apparent that it is a password. No one can be expected to remember all the different passwords needed in today’s computer use. 
  14. You can also write a “tip sheet” which will give you a clue to remember your password but does not actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”
  15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.
  16. There are many Password Manager programs/services available and if you decide to use one, please follow the above advice and secure access to your account with a “special” password. Also, consider using 2-Factor authentication if it is available.

 

At Red Sky Alliance, we can help cyber threat teams with services beginning with cyber threat notification services, and analysis.  And we are always available to help and support your needs.

Red Sky Alliance is a Cyberthreat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

 

 

[1] https://www.techradar.com/news/why-a-culture-of-poor-password-hygiene-continues-to-thrive

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!