Old Security Habits Never Die; They Should
We still seem to see the same bad security habits we’ve always seen. Now, they involve PINs as well as passwords. Here are some bad habits you need to break.
The first bad habit has to do with keeping track of passwords and PINs (Personal Identification Numbers). We’ve discussed passwords ad nauseam, and the problems we find with them are they’re either forgotten, left in places where anyone can see them, used repeatedly, or made so simple that they’re easy to crack.
If you habitually run across any of these problems, you need to seriously think about how you can make your password system stronger. Some of the suggestions we’ve offered include making your passwords long and using a system that lets you vary one or two keystrokes or a word or phrase to keep them different. The system helps you remember your passwords – or at least the ones you use the most or ones you need while away from your computer. In creating your passwords, you’re better off using a longer password instead of a shorter complex one. Longer passwords make it more difficult for hacking software to figure it out.
A related issue is those security questions. Don’t give real answers that involve information in public records. Somebody can easily see where you’ve lived, where you went to school, etc. They can probably find out what your first car was.
PINs are meant to solve most of the issues, but they can run into that “forgetful” problem, too. An additional problem with PINs is that when you change devices, you need to reset the PIN. Again, that can be a real problem if you don’t remember the PIN you used.
Some people use their browser or a feature on their phones to save passwords. The danger there is that those passwords can be easily stolen, especially if you happen to visit a “phishing website,” one that has the look and feel of a legitimate website. When we feel rushed or stressed about things going on in life, we’re more susceptible to clicking one of those links or making a typing mistake. The owners of “phishing websites” typically have website domains related to common typing mistakes – although some companies have those sites, too, to make sure you can reach them. The old habit to break here is to take a deep breath when you’re online to make sure click on a legitimate link or type a domain name correctly.
Rather than use a browser or phone password saver, we recommend you a password manager. Dashlane and Last Pass are two that are well known, but using any manager gives you stronger protection. You’ll need to set aside time to get your password manager properly configured and to enter all the passwords you want to protect. The process includes setting up a master password that gives you access to the electronic vault where all your passwords are stored. The key to success is never, ever forgetting that password or giving it to anyone except one or two trusted people.
Credit card numbers can be hacked, too. A couple of our clients had their numbers stolen, and although they changed passwords, they still wondered what else might be broken in their system.
We can help you with security breaches. We take the time to look closely at your system to see how each change you might make – changing passwords or adding a password manager – will affect you. Our analogy here is to the new kitchen that we’re getting. As we change the room and add things like electrical outlets or lighting fixtures, we have to open holes in our walls and ceiling, and we don’t know what’s there until we get them open. It’s the same with your tech system. Without looking at everything, we can’t tell how one change will affect your system.
Call us – 973-433-6676 – or email us to discuss your needs and do the appropriate patching, including installing and configuring a password manager.