With October being Cybersecurity Awareness Month, I thought this would be the perfect time to do a refresher on some basic security practices that people often neglect; mainly PASSWORDS.
Many breaches leverage stolen or guessed credentials and the stolen data often also includes huge numbers of usernames and (hopefully hashed) passwords. Employing best practices with Passwords is one of the most important steps in improving your security.
Unfortunately, security policies that businesses put into place can often be counterproductive — such as making employees constantly change passwords and/or meet arcane password guidelines. This can lead to employees using the same password across multiple systems, easy to remember patterns, or simply adding a new number at the end each time it is updated; none of which are conducive to making it harder for sophisticated hackers to figure out. Rather than focus on continuously changing eight character passwords, I recommend using randomly generated 20 character passwords that won’t succumb to brute force hacking tactics (a form of trial and error guessing), and managing those passwords with a password manager application. Some good choices for password managers are 1Password and Dashlane.
You shouldn’t stop at just having a strong password, either: also make sure your answers to the “security questions” are not easy to guess.
Hackers often look to gain access to your accounts by finding the answers to your security questions and using them to reset your password. Having the most sophisticated password in the world means nothing if someone can go onto social media and figure out your dog’s name, or where you went to high school! Making up different fake answers to these questions for every website, and storing them along with your passwords in your password manager application is very effective at preventing this attack.
At Ntrepid we focus on keeping our customers safe by isolating them from online dangers with our secure browser, Passages. This goes hand-in-hand with secure passwords because if your endpoint is compromised, hackers can then gain access to your passwords and subsequently, all your accounts. Aside from using a secure browser, you should also employ two-factor authentication where possible, especially with the email address you use for password recovery. If this becomes compromised, attackers can reset all of your passwords and easily take control of your accounts. Two-factor authentication is a very powerful tool that makes it more difficult for an attacker to impersonate you and gain access to your accounts. Most email providers now support some form of two-factor authentication.
So during this Cybersecurity Awareness Month, don’t forget to focus on the basics. Within the Internet age we tend to get caught up in the latest and greatest innovations, but sometimes they can distract us from basic protection practices. Remember, it doesn’t matter how sophisticated your security solutions are, if you give the bad guys the keys to the kingdom they don’t mean a thing.