We get it (and IT!)

Phone: 1300-728-259 or .

Category Archives: Passwords

Friday Funny 4.11.16

And this kids, is why you should never write your #password on a #postit note… 🔐

#security  #stickynote #fridayfunny

Top Ashley Madison passwords are just as Terrible as you think…

Top 30 Ashley Madison passwords are just as Terrible as you think…

12.09.15 – Khyati Jain from thehackernews.
http://thehackernews.com/2015/09/ashley-madison-passwords.html?m=1

Yes, you heard it correct!

First the Password Cracking Team ‘CynoSure Prime’ cracked more than 11 Million Ashley Madison passwords in just 10 days (quite an achievement, though), now a member of the team shares the same list of passwords with few calculations.
Out of 11 million passwords, only 4.6 million passwords were unique, and the rest were such weak and horrible ones that one could even think.

While going through the list of password, top 5 used were:

123456 by 120511 users
12345 by 48452 users
password by 39448 users
DEFAULT by 34275 users
123456789 by 26620 users

Honourable mentions in this weak list of Ashley Madisons passwords include ashleymaddison (6213), password1(5959), hello (4425) and monkey (4296).

To view the full list of top 30 Ashley Madison passwords, visit the hacker news here. (Warning – a few of the passwords use rude words.)

 


 

Check out our Password Tech Tips:

Whether it’s an online account, a computer log in or network access, passwords are used to prevent unauthorized access. But far too many people choose weak and easy-to-guess passwords putting themselves at the risk of cyber attack. Don’t fall into the trap of these cyber criminals like theses Ashley Madison passwords users have. Secure your perimeters and never let anyone access your personal information by following these helpful tips.

Observe proper web security

With the rapid advancements in technology comes sophistication of methodologies used by hackers to steal data and destroy web security. Cyber crime is continuously evolving as new programs are made to unlock accounts and combine numbers, letters and special characters to determine passwords. The big question for internet users is – how to choose a strong password that can drive hackers away?

Passwords should have at least eight characters. It is highly recommended that you use a combination of uppercase, lowercase and special characters. “P@s$w0Rd45%” is a thousand times better than “Password1”. Veer away from using passwords that are found in dictionaries. Furthermore, avoid using your name, a family member’s name, phone number, birth date, social security number or any public information. Hackers have found a way to crack passwords with the aid of the many databases out there.

To create even more secure passwords, try using a password that is a full sentence, with random words. For example “I am a purple donkey” (with the spaces) will take a long time to crack, which means it’s more secure then even the examples above.

Keep malware off your system

Malware are malicious programs that have been crafted in such a way that they appear authentic and trustworthy. Be careful not to click on pop-ups and links that will redirect you to that place where your security walls are torn down. And do not open email attachments from anonymous users. Mechanisms are often embedded in these programs to gain control of your system.

Get professional help by installing security software from a trusted name in the industry. Build your defenses as early as possible. Remember the cliché – better to be be safe than sorry – and nowhere is this more true than in computer systems and web security.

Keep your passwords private

While this may seem to be a no-brainer, sadly, a lot of people still tend to share their passwords with their office mates or friends. If you’re one of them, then it’s high time that you change your habits and your password again. Think like James Bond -passwords are for your eyes only.

In the event that you need to give your password to a co-worker to get an important document or presentation, make sure that you change them as soon as possible. Never use the same combination again.

Change password regularly

It also helps if you schedule a regular password change. Within a period of 30 to 60 days, you should update passwords across multiple sites. Moreover, never use the same passwords for different websites. If you use the same passwords, you are putting all of your accounts at a high level risk. Hackers are relentless. Once is never enough for them and they can come back time after time.

It’s an unsafe online world out there. These online troublemakers will never be satisfied. So never let yourself or your organization fall prey to hackers such as these Ashley Madison passwords users have. Take note of these safety measures and strengthen your web security arsenal.

Windows 10 waves goodbye to passwords

164_Mic_BFor many people, passwords are the bane of online existence. Rely on one master password for all your logins and using the Internet can become a security threat. Use dozens of unique ones and it quickly becomes an annoyance.

Are you the type of person who uses one master password for all your web logins, or do you have dozens of individual ones named after your favorite sport teams or muscle cars? Whichever you are, either scenario comes with drawbacks. Have only one password and you’re left feeling anxious it might get stolen. Have several and you may constantly forget them and be unable to login. Wouldn’t it be great if all these passwords just went away! Well, they actually just might. Windows 10 is working on making it possible.

The problem with passwords

The problem with passwords is simple – they can be stolen. And from Facebook to iTunes to Flickr and thousands more, nearly every major website and thousands of niche ones require a password to use. And because we Internet users are logging onto dozens of these sites and services everyday, it’s virtually impossible for us to create a unique, complex password for each one. So people resort to using only a handful of passwords, or even just one master password, since it’s easier. But of course, this poses a security risk. So what’s an Internet user to do?

Microsoft Windows 10 is pioneering a new technology that is ready to flip this dated system on its head and eliminate the password problem for good.

Login to your devices with biometrics

Passwords can be stolen easily, but how easy is it to steal a person’s physicality? Microsoft’s new technology, named Hello, uses biometrics – such as your fingerprint, or face or iris scan – to log into your computer, laptop or other device. This ensures that no one can login to your device but you.

Well, what about using a photograph to login instead, you might ask? It won’t work. Using technology that takes a detailed map of your face in 3D, Hello is trained to reject the token photograph or selfie on login attempt. This makes it virtually impossible for anyone, besides you, to login to your device.

Use biometrics to login on the web

Logging into your computer with biometrics is great, but what most users really want is a more secure solution to login to websites while not having to remember a bazillion passwords. This is where Microsoft’s Passport comes in. Passport allows you to login into applications and online content without the need for a password. For example, instead of using your typical password to sign into your Microsoft Windows Account, you can now use Windows 10 facial recognition (or other biometrics) to log you in instead. That means you can access Skype, Xbox Live, Office 365 and more without a standard password. In addition to your Microsoft Windows Account, you’ll be able to use the biometric capabilities of Passport to access thousands of enterprise Azure Active Directory online services. Bear in mind, though, that it will be quite some time before you can use Passport to replace all your standard logins, since not every website has implemented this technology yet.

Want to hear more exciting Windows 10 news, or need assistance with your Windows device? Get in touch with one of our technology experts today to discuss saying goodbye to passwords!

This entry was posted in General Articles B, Microsoft Windows – News & Tips and tagged biometrics, hello, login, goodbye to passwords, Microsoft Windows 10, passport,password,  Technology. Bookmark the permalink. Both comments and trackbacks are currently closed.

What “Free Public WiFi” Is and Why You Should Avoid It

What “Free Public WiFi” Is and Why You Should Avoid It

 

11150297_966011103410534_4192549247291752680_n

Hang out in airports, coffee shops, or other laptop-friendly spots for a while, and you’ll find “Free Public WiFi.” It never gets you through to the actual web, because it’s actually a weird Windows XP quirk—one you shouldn’t connect to.

“Free Public WiFi” was never free, and never public, and not actually a Wi-Fi service. It likely started as a joke or prank, but then spread around the world because of a quirk in pre-SP 3 versions of Windows XP:

When a computer running an older version of XP can’t find any of its “favorite” wireless networks, it will automatically create an ad hoc network with the same name as the last one it connected to -– in this case, “Free Public WiFi.” Other computers within range of that new ad hoc network can see it, luring other users to connect. And who can resist the word “free?”

“Don’t do your online banking or anything sensitive on a public Wi-Fi network.” The advice is out there, but why can using a public Wi-Fi network actually be dangerous? And wouldn’t online banking be secure, as it’s encrypted?

There are a few big problems with using a public Wi-Fi network. The open nature of the network allows for snooping, the network could be full of compromised machines, or  — most worryingly — the hotspot itself could be malicious. Most of the time, you’re probably okay if you accidentally hit “Connect” on Free Public WiFi, as you’re just trying to connect to a computer that’s unwittingly rebroadcasting its own inability to connect. But there could be occasion for someone with evil deeds in their heart to allow the connection and grab logins or other data from your connection, so try and block your system from ever connecting to “Free Public WiFi” in your network settings. In most cases, the actually free Wi-Fi will come with a more legit-sounding name, like AT&T Wifi or something akin. But what are the risks from logging on to a free network, often in return for supplying your name and an email and ticking the box in the hope of not getting spammed from here to eternity in return for the joys of surfing for free? What can you realistically do to make your free WiFi experience as secure as possible?18ixrynkqu384png

Firstly, try and stick to browsing secure websites that have the “HTTPS” prefix only, and not just when you reach their payment pages. The benefit of doing so is that the pages you view are encrypted from any other users that could be on the network. The privacy and security implications from browsing on unencrypted sites mean that login and password information could be seen by anyone using the network for malicious purposes. This is the risk with public WiFi – can you be sure that the network you are using is truly legitimate? You could log on to what you think is a public network provided by a café, bar or municipal initiative thinking it comes courtesy of the London Underground when in fact it could be run by a criminal intent on monitoring users and acquiring log in and password data along with payment details as well. The majority of web based email providers and the larger social networks now use HTTPS connections, but it is worth making sure it is the genuine log in page that you have reached when using public WiFi and not a counterfeit designed to relieve you of your passwords.

Secondly, use a Virtual Private Network (VPN). These automatically encrypt all of your online traffic. They are often provided by employers to access office networks, but can also be obtained freely, such as by using Expat Shield. Thirdly, use two factor identification where it is available. This involves the entry of both a password and a unique code that is sent to you via text message or App to ensure your identity when you login. Fourthly, if you aren’t using your WiFi or Bluetooth, deactivate them as they are simply opening you up to more avenues of attack.

Fifthly, avoid downloading any Apps or providing your email address in return for free WiFi. Think about where your information is going. It can be worth having a email address that is used solely for travel and use of free WiFi and other promotions where an address is required rather than provide one that is of practical and commercial value to you.

The biggest risk remains the loss of your equipment. Never leave a smartphone, tablet or laptop unguarded for a second, as that is all it takes for a device to be snatched and all of your personal and potentially your business data to be lost.

The Risks of an Open Network

The same features that make free WiFi hotspots desirable for consumers make them desirable for hackers; namely, that it requires no authentication to establish a network connection. This creates an amazing opportunity for the hacker to get unfettered access to unsecured devices on the same network. The biggest threat to free WiFi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on.

While working in this setup, the hacker has access to every piece of information you’re sending out on the Internet: important emails, credit card information and even security credentials to your business network. Once the hacker has that information, he can — at his leisure — access your systems as if he were you. Hackers can also use an unsecured WiFi connection to distribute malware. If you allow file-sharing across a network, the hacker can easily plant infected software on your computer. Some ingenious hackers have even managed to hack the connection point itself, causing a pop-up window to appear during the connection process offering an upgrade to a piece of popular software. Clicking the window installs the malware.

As mobile WiFi becomes increasingly common, you can expect Internet security issues and public WiFi risks to grow over time. But this doesn’t mean you have to stay away from free WiFi and tether yourself to a desk again. The vast majority of hackers are simply going after easy targets, and taking a few precautions should keep your information safe.

Use a VPN

A virtual private network (VPN) connection is a must when connecting to your business through an unsecured connection, like a WiFi hotspot. Even if a hacker manages to position himself in the middle of your connection, the data here will be strongly encrypted. Since most hackers are after an easy target, they’ll likely discard stolen information rather than put it through a lengthy decryption process.

Use SSL Connections

You aren’t likely to have a VPN available for general Internet browsing, but you can still add a layer of encryption to your communication. Enable the “Always Use HTTPS” option on websites that you visit frequently, or that require you to enter some kind of credentials. Remember that hackers understand how people reuse passwords, so your username and password for some random forum may be the same as it is for your bank or corporate network, and sending these credentials in an unencrypted manner could open the door to a smart hacker. Most websites that require an account or credentials have the “HTTPS” option somewhere in their settings.

Turn Off Sharing

When connecting to the Internet at a public place, you’re unlikely to want to share anything. You can turn off sharing from the system preferences or Control Panel, depending on your OS, or let Windows turn it off for you by choosing the “Public” option the first time you connect to a new, unsecured network.

Keep WiFi Off When You Don’t Need It

Even if you haven’t actively connected to a network, the WiFi hardware in your computer is still transmitting data between any network within range. There are security measures in place to prevent this minor communication from compromising you, but not all wireless routers are the same, and hackers can be a pretty smart bunch. If you’re just using your computer to work on a Word or Excel document, keep your WiFi off. As a bonus, you’ll also experience a much longer battery life.

Stay Protected

Even individuals who take all the possible public WiFi security precautions are going to run across issues from time to time. It’s just a fact of life in this interconnected age. That’s why it’s imperative to keep a robust Internet security solution installed and running on your machine. These solutions can constantly run a malware scan on your files, and will always scan new files as they are downloaded. The top consumer security software will also offer business protection solutions, so you can protect yourself while you’re out and about, and your servers back at the office, all at the same time.

Throughout any business traveler’s life, there’s going to come a time when an unsecured, free, public WiFi hotspot is the only connection available, and your work simply has to get done right then. Understanding public WiFi risks will ensure your important business data doesn’t become just another hacking statistic.

Want more cyber safety tips or infomation about public WiFi networks? Are you ready to empower your staff with cloud computing to help them along? Let’s talk. Call us today.

How to protect your email account

Security_Apr1_CIf you think your email is fully protected from hackers, think again. A lack of sufficient email security measures can result in data theft, unauthorized access to sensitive information and the invasion of your computer by viruses and malware. Here are some tips to secure your email account from unwanted intruders and the many troubles that come with them.

Email is the most ubiquitous method of communication on the Internet – maybe even on the planet. It’s built into almost everything, from phones and tablets to traditional computers to gaming devices – heck, even connected home appliances and cars can do email. More importantly, being “on the Internet” means having an email address (or dozens of them); they’re our IDs, how we sign up for things, how we receive notices, and sometimes even communicate with each other. Email is the original “killer app.”

But email was not designed with any privacy or security in mind. There have been many efforts to make email more secure, but the recent shutdown of highly-touted secure email services like Lavabit (reportedly used by NSA leaker Edward Snowden) and Silent Circle in the wake of government surveillance programs highlight the difficulties. Lack of email security is also having some surprising collateral damage, like the announced shutdown of the respected software and law blog GrokLaw.

Is email security hopeless? Are we looking at the end of the Internet’s killer app?

Why isn’t email secure?

Email isn’t secure because it was never meant to be the center of our digital lives. It was developed when the Internet was a much smaller place to standardize simple store-and-forward messaging between people using different kinds of computers. Email was all transferred completely in the open – everything was readable by anyone who could watch network traffic or access accounts (originally not even passwords were encrypted). Amazingly, email sent using those wide-open methods still (mostly) works.

Today, there are four basic places where most people’s email can be compromised- on your device(s), on the networks, on the server(s) and on your recipient’s device(s)

The first and last places – devices – are easy to understand. If someone can sit at your computer, grab your phone, or swipe through your tablet, odds are that your email is sitting right there for them to read – You do use a lock screen or password on your devices, right? Same thing goes for your recipients’ devices. But even passwords and lock screens sometimes aren’t much help. While a few email programs encrypt the email messages they store on the device, most don’t. That means anyone (or any program) that can access the device’s internal storage can probably also read email and get to file attachments. Sound far-fetched? It doesn’t have to be a person; rifling through email is one of the most common things malware does.

Networks are a little tougher to understand, and covers three basic links:

– Your connection to your email provider (whether that be your ISP, Google, Outlook, Yahoo, Apple, or someone else).

– Any network connections between your email provider and your recipient.

– Your recipient’s networking connection to their email provider.

If you’re sending email to someone on the same service you use (say, Outlook.com), you have at least the first and third potential network vulnerabilities: your connection to Outlook.com and your recipient’s connection to Outlook.com. If your recipient’s email is elsewhere (say a company or school) then you have at least one more: the connection between Outlook.com and your recipient’s email provider. The reality of network topography means each of those connections involves a series of routers and switches (perhaps a dozen or more), probably owned and operated by different outfits. If one connection is secure, there’s no guaranteeing any other connection in the sequence is secure. And if you’re concerned about things like the NSA’s PRISM surveillance program, indications so far are that some of it happens at these interim network points.

Read more about why email isn’t secure at digital trends.

5 tips to secure your email

Use separate email accounts

Most people use a single email account for all their personal needs. As a result, information from websites, newsletters, shopping deals, and messages from work get sent to this one inbox. But what happens when someone breaks into it? There’s a good chance they would be able to gain access to everything else.

Having multiple email accounts will not only boost your security, but also increases your productivity. You can have a personal account to communicate with your friends and family, another solely for receiving emails from work, and one recreational account for various website registrations and getting newsletters. Wise email users never put all their eggs in one basket!

Set strong passwords

Too many email accounts have predictable passwords. You might be surprised to learn that email passwords like ‘123456’, ‘qwerty’, and ‘password’ itself are still the most common around. For the sake of security, be a little more selective with your passwords. Spending a few moments on coming up with a good password will be beneficial in the long run. Mix upper and lower case letters, numbers, and special characters to form a unique password that makes sense and is memorable to you, but no-one else. Also, never use the same password for all your email accounts. This way, if someone hacks one of your accounts, all of the others are still safe.

Beware of links and attachments

When you see a link in an email, don’t click on it unless you’re expecting the link from a known source, such as from your friend or a confirmation link for your game account registration. The truth is that you never know where those links might lead you. Sometimes they can be safe, but other times they can infest your computer with viruses and malware.

Similarly, if you’re expecting a file from your friend or family, then go ahead and open the attachment. It’s always good to know the person sending the file. But be wary of attachments in emails from strangers. Even if the file name looks like a JPEG image, you should never open it. File names can be spoofed, and innocent files may be a clever virus in disguise, ready to latch itself onto your computer the moment you click on it.

Beware of email phishing

Phishing is a type of online scam when malicious users send you an email, saying that they’re representatives from high-profile websites like eBay, Facebook or Amazon. They claim that there’s a problem with your account, and that you should send them your username and password for verification. The fact is that, even if there was a genuine issue with your account, these companies would never ask for your password. You should ignore these phishing emails and sweep them into your spam box.

Encryption to the rescue!

The best way to protect communications is to encrypt them: basically, scrambling the data with complex mathematical transformations so it’s only intelligible using the correct password or other credentials. A common form of encryption is public key cryptography, where people (or ISPs or companies) give away a public key that anyone can use to scramble data intended for them, but can only be decoded using a private key that the person (or ISP or company) keeps secret.

Public key cryptography is the basis of two primary ways to protect email- Encrypting messages and Encrypting network connections.

The idea behind encrypted messages is straightforward: instead of sending plain text anyone can read, you send scrambled gobbledegook only the intended recipient can read. Common tools for encrypting email include PGP (now a commercial product from Symantec) and numerous mainstream apps and tools that support the open source OpenGPG and S/MIME. Encrypting messages is a straightforward idea, but the approach has pros and cons. On the positive side, encrypted messages are protected across both networks and servers, even if they’re compromised or store messages as plain text. (The gobbledegook could make Gmail serve up some weird ads, though!) The message is probably also encrypted on your device and your recipient’s devices (until they decode it), which offers some additional protection.

Now the downsides. Encrypting individual messages is a pain. You have to have the public key of everyone you want to communicate with securely. For one or two people, that’s not bad, but most people have dozens (or hundreds) of contacts. Getting all of them up and running with public key cryptography won’t be easy. Further, everyone who wants to send you secure email needs your public key! You can send it to them via email … but that won’t be encrypted so it’s not secure. Same with a blog post or a Facebook page or keyserver services or any other insecure channel. The only really safe way to exchange public keys is face-to-face or some other way you can be truly sure you’re getting the right key from the right person. That can be wildly impractical. Some folks who send you sensitive email – like banks, credit card companies, hospitals, schools, or the local fertility clinic – probably won’t (or won’t know how) to use your public key even if they had it. Bottom line, not many of your email messages are going to be encrypted, so encrypting messages isn’t a general solution for secure email.

But wait! There are more downsides to encrypting messages. Only the message contents (and attachments, if any) are scrambled. The header information (including your address, the recipient’s address, subject, date, and more) are all still plain text anyone can read. That information might just be metadata, but over time it can paint a surprisingly detailed picture of your online activities. (Just ask the NSA or Australian Gov !!) .

It all comes down to common sense when you’re dealing with email security issues. If you’re looking to secure your business emails, give us a call today and see how we can help. We have a wide range of security solutions to suit different budgets and a variety of scope.

This entry was tagged email account, Email security, password, Phishing, Security.

Password management systems – 4 types

One of the more common security issues revolves around the passwords you use to access various Internet sites, your computer, and even your work systems. Chances are, you don’t use the same password for all these different systems and accounts. While this increases the chance of your private information and files remaining secure, it can be a pain to remember so many passwords. That’s why a password management system is helpful. The question is, which kind?

Below is a brief overview of the four types of password management system you can use.

1. Cloud or Internet-based
These systems are usually cloud based and accessed through an app or browser plugin. Apps ordinarily store your passwords, or generate one to use, and will automatically apply this when you visit a site that requires a password. These systems are great for breaking the one password habit, However, because they store all of your passwords in one place, they could become a target for hackers.

2. Cloud or Internet-based with two-factor authentication
The next step up from the cloud-based password management system is one that supports two-factor authentication. Your passwords are still stored in the cloud, but you will need to provide another piece of information before you can access sites.

The interesting thing is that many of the cloud based password systems actually offer this in their premium offerings. So, not only do you get better password protection, but it’s with the same system meaning you likely won’t have to switch.

The cloud based systems are a good idea if you use more than one system on a regular basis and if you work from outside of the office.

3. Computer-based
Computer-based password management systems are similar to the cloud versions, only the passwords are stored on your computer, and accessed using a master password. Because many hackers usually don’t go after individual hard drives – they have to get through your network and then find the program and try to break the password – the chances of your passwords being exposed are minimized.

The only problem with systems like these is that you normally have to log in for the service to work. If you forget to log out and someone walks by, they will be able to access everything. However, for the manager who wants a secure system, this is a better option than the cloud based versions.

4. USB-based 
There are a number of USB devices that have a smart card in them that can store passwords. When you plug in the USB to your computer, the software on the USB can input the stored passwords when needed. These devices are typically more expensive, with some costing as much as USD$100, but they offer the highest amount of security as your passwords are kept with you.

The main downside to these devices is that they aren’t the biggest and are usually about the size of a standard USB stick. This means that they are easier to lose, making getting your passwords back even tougher.

If you are looking for a better way to keep track of your passwords, please contact us today to see how we can help.

Ways to improve password security

Security_Apr28_CAs everyone knows, we use passwords to prevent anyone getting access to our personal accounts and gadgets. But, with ever-growing numbers of hackers determined to grab our data, people need to be extra vigilant. These cyber criminals are using sophisticated technology to steal information whenever there is a slight hint of opportunity. So don’t give them a chance. Your passwords are your first defence. Use these tips to stay safer online.

Observe proper web security
With the rapid advancements in technology comes sophistication of methodologies used by hackers to steal data and destroy web security. Cyber crime is continuously evolving as new programs are made to unlock accounts and combine numbers, letters and special characters to determine passwords. The big question for internet users is – how to choose a strong password that can drive hackers away?

Passwords should have at least eight characters. It is highly recommended that you use a combination of uppercase, lowercase and special characters. “P@s$w0Rd45%” is a thousand times better than “Password1”. Veer away from using passwords that are found in dictionaries. Furthermore, avoid using your name, a family member’s name, phone number, birth date, social security number or any public information. Hackers have found a way to crack passwords with the aid of the many databases out there.

To create even more secure passwords, try using a password that is a full sentence, with random words. For example “I am a purple donkey” (with the spaces) will take a long time to crack, which means it’s more secure then even the examples above.

Keep malware off your system
Malware are malicious programs that have been crafted in such a way that they appear authentic and trustworthy. Be careful not to click on pop-ups and links that will redirect you to that place where your security walls are torn down. And do not open email attachments from anonymous users. Mechanisms are often embedded in these programs to gain control of your system.

Get professional help by installing security software from a trusted name in the industry. Build your defences as early as possible. Remember the cliché – better to be be safe than sorry – and nowhere is this more true than in computer system and web security.

Keep your passwords private
While this may seem to be a no-brainer, sadly, a lot of people still tend to share their passwords with their office mates or friends. If you’re one of them, then it’s high time that you change your habits and your password again. Think like James Bond -passwords are for your eyes only.

In the event that you need to give your password to a co-worker to get an important document or presentation, make sure that you change them as soon as possible. Never use the same combination again.

Change password regularly
It also helps if you schedule a regular password change. Within a period of 30 to 60 days, you should update passwords across multiple sites. Moreover, never use the same passwords for different websites. If you use the same passwords, you are putting all of your accounts at a high level risk. Hackers are relentless. Once is never enough for them and they can come back time after time.

It’s an unsafe on-line world out there. These on-line troublemakers will never be satisfied. So never let yourself or your organization fall prey to hackers. Take note of these safety measures and strengthen your web security arsenal.

____ Your password may not be secure…

As the number of Internet users and systems we use rise, we continue to see a subsequent increase in security breaches and concerns. Many companies make an effort to minimize the chances of these risks by implementing antivirus scanners and more. The problem is, they are still at risk – the biggest being from weak passwords.

Many of the major security threats that harm a business have one factor in common – a hacker gaining access to systems by cracking a user’s password. The one reason hackers are able to get into systems again and again is largely because users often don’t pick strong enough passwords.

Even what we might perceive to be a strong password may not actually be as secure as we think. Sure, when you enter a new password many websites have a bar that indicates how strong your password is, but the issue is, these so called strong passwords are becoming easier to guess as more websites utilize the same requirements.

Think about the last time you changed your password. You were likely told to key in a password longer than 6-8 characters, with at least one capital letter, one number, and a special character like ‘!’ or ‘$’. Many major systems have these exact, or at least very similar, requirements for password setting. However, If this is the norm, and you use a password like this too often then your passwords likely aren’t as secure as you might believe them to be.

The reason for this is because of the way hackers usually capture passwords. The most common method adopted is brute force – getting a username then trying every password combination until the hacker finds one that works. There are programs you can download from the Internet that try thousands or more passwords a second, and many now include special characters, numbers, and capital letters, which makes finding passwords even easier.

How do I know if my password is secure?

In an effort to showcase how unsecure some passwords are, Microsoft’s Research (MSR) Center and an intern from Carnegie Mellon University developed a password guesser called Telepathwords.

The way it works is you enter the first few letters of your password and the system guesses the next. It uses common letters and combinations to help gauge the effectiveness of a password. For example, if your password begins with the letter ‘v’, it will tell you that ‘I’, ‘S’ and ‘A’ are the most common letters to follow. If the next letter of your password isn’t one of these three, there is a good chance it is more secure. If the second letter is one of these three, then your password is less secure. This may sound a little complicated, but you should check out the system here.

It is eerie at how accurate the next letters and characters often match, and this is a good tool to determine whether to create a more robust password. You don’t have to worry about testing your password out either as Microsoft has noted that they don’t track the keystrokes, so you password should remain secure.

How do I create a stronger password?

Ask 10 experts and you will likely get 10 different answers as to what makes a strong password. Here are three different ways to create secure passwords:

  1. Use an algorithm – The easiest way to do this is take the first letter of a saying and add a number before or after. You can also create a saying and take the first letter of each word, then add the first letter of the website, followed by the last, and then a number. This method is best for when you have a large number of websites you access on a regular basis, it can help you remember your passwords for each without you having to write these down.
  2. Use a sentence or saying – For systems that allow you to have spaces in your password, try using a random saying like, ‘Dogs like pudding cups’. Sayings like this are harder to crack. This is largely because they include the space and are longer than usual.
  3. Use an acronym – Come up with a saying that describes you e.g., ‘I’ve worked at a gas station for 20 years’, and take the first letter/number of each word to create: ‘Iwaagsf2y’. This gives you an easy to remember password that can be adapted for other sites.

Regardless of what type of password you develop, you should be aware that even strong passwords can still be cracked with enough persistence. So, you should be sure to change passwords on a regular basis and also not to use the same one twice. This will limit the chances of hackers being able to access your other accounts.

If you are looking for more ways to secure your systems, we can help, so get in touch with us today.