Passwords and Underwear: An Analogy Worth Mentioning

When Thycotic, a security software company, compared passwords to underwear, it certainly got a chuckle or two. But they share three characteristics that are worth more than a mention:

  1. Change them regularly.
  2. Don’t leave them on your desk.
  3. Never lend them.

Without getting into TMI, changing every password every day is a lot more involved than changing your underwear, and it’s really impractical. But you can help make your data more secure by changing passwords monthly or quarterly – or any time you see something that looks funny, odd or out of place.

We’ve seen numbers indicating that 75% of all Internet users employ the same password for all the sites they visit. I would strengthen it by using upper and lower case letters, numerals and special characters. I feel my information is safe because it could take years for a hacker to figure it out.

However, hackers have various tools to crack passwords, and they’ll get one eventually. The longer and more complex your password is, the longer it will take. And, hackers make a business decision in how far to go. If they can get a whole bunch of easily decoded passwords quickly, that’s where they’ll concentrate their efforts. So, if you want to keep your password simple, change it more often. But, do change it regularly.

Don’t leave them out on your desk. I can’t tell you how many times I visit clients and see passwords taped to monitors or walls for the whole world to see. In busy offices, where people walk in and out all day, it would be very easy for a practiced password thief to see a password or two and remember them. If you recoiled with horror at the thought of someone seeing your underwear on your desk, how do you feel about someone getting into your personal or corporate bank or credit-card information?

Never lend your passwords to anyone. Yes, the thought of someone using your password should be just as disgusting as someone wearing… Well, you get the idea.

You can further protect your password by being very careful about which websites you provide information. Remember that 75% figure? If a hacker uses a website for a bogus offer – such as something for free – to get you to sign on with a password, he’ll make the assumption that you lack good judgment or common sense. He’ll also assume you use the same password for dozens of other places, including those where he can either take money from you or find information to sell to others.

If you use cloud-based services, such as Microsoft Office 365, the provider will monitor patterns and notice something out of the ordinary. You, too, should be on the lookout for out-of-the-ordinary things, such as emails with attachments or links from people who normally don’t send you those things or emails with odd subject lines.

If you have any questions about password security, contact us by phone – 973-433-6676 – or email. In the meantime, treat your password like your underwear.

Steps to Take – Mitigate Fallout from Russian Hacking Incident

If you haven’t seen or heard the news, a Russian group has hacked user names and passwords for some 1.2 Billion accounts worldwide.

We urge you to run a virus scan and malware scan as quickly as possible on all of your computers to determine if your system has been infected. This post from The New York Times, which first reported the incident, covers some basic steps you can take. We’ve discussed them before, and they are now very much worth repeating. If you want to learn more, you can read reports from PC Magazine and The New York Times.

 

As always, if you have any questions or concerns, contact us immediately by phone (973-433-6676) or email.

Security Tips for What You Use or Recycle

Whether you’re activating new equipment or continuing to use equipment and websites, and whether you’re recycling old computers, peripherals and devices, there are a number of security steps you can take to avoid a variety of problems. Here’s how to cover your tracks.

Let’s start with passwords. Don’t raise your hands all at once. How many of you tape passwords to your monitor – at the office or at home? How many of you keep them in a file on your computer? How many write them on slips of paper? How many are frustrated by all the rules and by having to keep track of so many passwords?

Did anybody besides me not raise your hand?

Most security experts will tell you should have a separate, strong password for every place that requires one. In the real world, it’s a real pain and highly impractical.

Here’s what I recommend. Create one very secure password you really like and use it for everything. The same security experts will also tell that a very strong password will have three of the following characteristics:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Symbols or special characters

My password has all four – and it’s long. According to the website How Secure Is My Password?, it will take 58 years for someone to crack my code. For perspective, if I would use just my name, it could be cracked immediately. If I add an exclamation point (!), it jumps to 48 seconds. If I add an initial capital letter to the exclamation point, it jumps to 25 minutes. Adding a number increases the time to an hour. Adding another symbol or number gets you up to 58 years.

To give you a better idea of passwords to avoid, SplashData, provider of the SplashID Safe line of password management applications, just released its annual list of the past year’s worst passwords. If you see something familiar in the list, you might want to make a change or two.

So, give your password some thought and some length, and you should be in good shape.  Just be aware that some sites may have some special rules about password creation, but you get the idea. Some sites also have two-factor identification requirements, so make sure you follow the rules. If you use Dropbox to store or share files, we can help you set up a two-factor identification for your protection.

Another area of concern, which is largely out of our individual control, is the theft of information from major retailers’ systems. Target and Nordstrom are the ones that come to mind. I believe the biggest threat to systems such as those is somebody inside stealing information – just like somebody in a company embezzling money.

However, it does raise a question that we, as consumers, need to answer. How much convenience do we want? We’ve all returned products without a receipt, and it’s possible when the retailer retains the transaction and your credit card information. We are trading privacy for convenience.

The newer credit card technology, which is widely used in Europe, uses a chip that the retailer scans. On the backend, no information is stored once the transaction is completed.

Finally, let’s talk about protecting your data – or more accurately erasing and eradicating your data – when you recycle a computer, smartphone, tablet, fax machine, copier or printer. All of them can hold data.

When you go to a reputable recycler, you can be confident they will erase all hard drives and chips. It’s always a good idea to verify that. You can also remove a hard drive from a desktop or laptop computer, and with a laptop, it’s pretty effective to wreck the hard drive by hitting it with a hammer. Desktop hard drives have a steel undercarriage, which makes destruction more difficult.

There are ways to erase or eradicate the data, but we recommend you let us take care of it for you. We can make sure all the data and files you want to keep are backed up so you can restore them for use on other computers and devices. We also can use tools that wipe everything clean and can test to make sure we took off everything.

We are also happy to take any electronics you want to get rid of to GreenVision. State and local laws that affect most of our customers require recycling for all electronics to protect the environment. We take your old stuff there when we install new equipment. Please feel free to call us – 973-433-6676 – or email us to answer your questions, wipe out your data and/or help with your recycling. You can also call us or email us about your password and data security questions.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.