What does Star Wars and cyber security have in common? May 4th. Which is recognized as “Star Wars day” often repeated as “May the 4th be with you.” As for cybersecurity, this year May 4th is also recognized as World Password Day. The issue of passwords being used for too long reused on too many sites, or simply do not enough complexity has become a significant enough issue to mark the calendar. In hopes to bring attention to the most basic aspect of how we secure access to our personal resources. According to PasswordDay.Org there are 4 steps to better secure your digital life.
Step 1: Strong Password. Most often implemented, but can not stand alone. Add more letters, numbers, symbols, case shift and you’re safe now…right? Well, kind of, you are safer than with something that’s easy to guess like “Password123”. There are many hackers regularly grinding the most common passwords against any email address or Facebook account they can add to their list. So making your password more than 6 characters, especially if it’s a single word is absolutely critical to protecting yourself against this automated assault. Unfortunately, this item is also the most often over-implemented. It doesn’t protect you from many other types of attack, specifically key-loggers (We will get to that later). I know people who use 18 character passwords with mixed & special characters. Their now extreme password not only is inconvenient, but it creates an excuse for them to not implement the second step.
Step 2: Multiple Passwords. If you use the same password everywhere, and one becomes compromised by a hacker, what happens? What would stop a hacker from trying the same username and password against thousands of other popular sites like Facebook, Yahoo & Office365? The thought of having a password for every site you use may seem overwhelming because it is! With the rapid adoption of cloud services and every company creating an online presence, the concept of having to remember that many passwords doesn't just seem impractical, but impossible. I would argue that this step is as important as the first, but it’s the next one that makes both of these possible.
Step 3: Password Manager. Password managers are life savers. They are growing in popularity, and if you aren’t using one already, do yourself a favor and try one out today. LastPass, Dashlane, RoboForm, OnePassword are just a few of the most popular options on the market. All of these cost less than $40/year and the best part is, they will save you time! That’s right, so much time! I know it seems like every new security item just adds inconvenience and eats up more of your time, but LastPass has saved me more than ten times the amount of effort I put into setting it up. I type one password at the start of each day. LastPass then fills in the other 40-50 I use throughout the course of the day. The best part is that a password manager which automatically fills the password field for you will subvert password stealing keyloggers in the event your system is compromised. Which brings me to the last item.
Step 4: Multi-Step Authentication. Two-factor authentication improves your security by a magnitude that dwarfs any password complexity. The most common second-factor “token” is a Goggle authenticator. This is an app that can be installed on your phone. It displays a time-based code which changes every thirty seconds. Putting all your passwords into one proverbial basket makes for a very valuable basket, and it should be heavily guarded. If you’re going to use a password manager, do yourself a huge favor and enable two-factor ASAP.
As I consider items both 1 & 2 to be dependent on item 3 for any practical user, I would reorder this list. But whatever order you follow, take these 4 reasonable steps to protect yourself today. If you have questions regarding the best products or how to implement them, please contact our support. We offer multiple tools to our clients to help execute these steps and answer any concerns you have. 850-426-4370
By Cameron Rowe, President CRC Data Technologies.