Elijah Digest – August 9, 2018

IN THE NEWS

Passwords – When was the last time you changed them?

Today’s topic talks about our passwords that we need to remember and need to change frequently. When we start a new job or create a new account, we are advised that our passwords will change every 90 days or a similar amount of time. Articles appear on the internet telling us the need to change our password. But, why is it so important?

One reason behind the practice is to defend the company data systems against being invaded because of some other website or company getting hit with a data breach. Most users will re-use passwords on multiple websites and for multiple purposes. That means that if Yahoo or Uber get breached – and both have in the last few years – and you used the same password for those sites and your work login; the attackers now have your work login too. By making you change your password regularly, your company is basically making it harder for attackers who have data from some other place use that information on your company’s network.

The second reason is to protect against possible attacks against your company itself. Keep in mind that for most of us; our usernames are either some combination of our first and last initials/names, or our email addresses. Both of those pieces of information are publicly available, meaning just about anyone who wants to attack your company will have access to one half of your login information. These attackers can then use multiple methods to try different combinations of potential passwords, along with your known username, to break into the company data systems. By having you regularly change passwords, this process becomes harder for the attackers to do successfully. It’s not a perfect system as the attacker can have up to 30-90 days to perform their attack, but it does make things harder on them. Since going after easier targets is always preferable to going after harder ones, the idea is that the attacker won’t feel like going after your company if there’s one that’s going to be easier for them to break into.

As you can see, requiring that passwords be changed on a regular basis isn’t just to protect against the chance that someone stole your password. It can defend the company against being attacked with passwords that were used on other sites which did get breached. It can also help derail attackers who are only looking to figure out one half of the total login. Either way, the minor inconvenience of changing your password once a month (or two or three) is nothing compared to the damage either of these situations could cause without that policy in place.

When you change your password every few months, it limits how long a stolen password is useful to a stealthy attacker—how long he/she has access to your account. If someone steals your password and you don’t know about it, the attacker could eavesdrop for an unlimited time and glean all sorts of information about you or do other damage.

You don’t need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you’ve shared a computer with, change them all.

Why can’t I use a variant of my old password?

If you have ever watched a detective show on TV, you know that people are compromised by their habits. Someone can observe your daily habits and predict what you will do next. The same is true for your password choices. You get into a habit of using a password and it becomes easy. Once someone learns your password, if you have used a variant of that password, it is not going to take much more than a few minutes for that person to guess your new password and break into your computer account. And then they can use your account to commit crimes in YOUR name!

Why must I use multiple character classes in my password?

This requirement was instituted to help you create a better, more secure password. There are only 26 letters in the English alphabet. However, adding the ten numbers and the twenty to twenty-five non-alphanumeric characters, you have over sixty characters to use in creating your password. Your password is also case sensitive, so you can use upper and lower case letters too. This increases the security of your password tenfold and decreases the possibility of someone guessing it.

Another method to decrease the opportunity of a hacker to access your password is to use Two-Factor Authentication. This is an extra layer of security that requires not only a password and user name, but also something that the user has – a piece of information that is known as a token. This token can be a unique word or set of numbers that is unique, or it could be biometric (i.e. fingerprint, voice print, or facial recognition). The simplest example of a two factor authentication is when you withdraw money from an ATM. The only correct combination of a bank card and a PIN allows for the transaction to be carried out, such as a deposit or withdrawal.

So, how do you remember all of your passwords? You can add them to an Excel worksheet and keep this on your computer in a file called Passwords. Bad idea. This is the first place a hacker will look. So, what can you do? Use a Password Management software that will require a unique password to enter the software. This way, you only have to remember one password.

The Password Keeper will store your data and have it accessible either from your computer or with your secure unique password to access from the internet. Is this a good idea? YES! There are several products in the marketplace. So, which one do I choose? PC Magazine online has ranked the top 10 paid password managers and the top 10 free password managers. The web links are shown below to access this information.

PC Magazine “The Best Password Managers of 2018”:

https://www.pcmag.com/article2/0,2817,2407168,00.asp

PC Magazine “The Best Free Password Managers of 2018”:

https://www.pcmag.com/article2/0,2817,2475964,00.asp

Please remember to change your passwords often and to this general guideline when choosing passwords. Make the password length between 8 and 16 characters in length; add Upper and lower case letters; add at least 2 numbers; add at least one special character (i.e. #, $, %, *, +, !, @, %). Don’t repeat the same password, adding a number to the end (i.e. funwith$and2). Use Two Factor Authentication whenever possible. Use a password keeper.

Reach out to your trusted IT Professional for assistance with password management. Being proactive to protect you and your business against possible security breaches, cyber-attacks, and computer infections starts with having a good password management program. Your IT Professional can provide Security Software, physical firewalls, and Cyber Security Vulnerability Scans to provide the proper protection for your business. This is the benefit of working with an IT Professional.


About Elijah

Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit http://www.elijaht.com or call 866-354-5240.


Elite Networking and Consulting is now part of ELIJAH. ELIJAH looks forward to continuing to deliver managed IT services with the same degree of care and high standards created by Elite. ELIJAH is also pleased to broaden our scope of expertise in providing digital forensic, cybersecurity and IT solutions.