Don't Be A Statistic: Be Smarter About Protecting Your Passwords

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://gizmodo.com/dont-be-a-statistic-be-smarter-about-protecting-your-p-1683332130

It's embarrassing and a bit terrifying, but it's time to admit an Internet
behavior that many are guilty of. Nobody is proud of it, but it's happening
in staggering numbers: password laziness. Chances are your password choice
is not enough to guard your most important financial information, your
clients' documents, or your most intimate email conversations.

The fact is that it's likely that even an amateur journalist could crack
your password, let alone a hacker with pretty stealth tools, but you're not
alone: 90% of user generated passwords are susceptible to being hacked. If
the U.S. Central Command can get their social media channels messed with,
then it's highly likely that you or your business needs to step up its
digital security game. Before you start preparing your cyber bunker, there
are some simple steps to take so that your company's private information
won't be exposed.

Elevate Your Password Game

The once-clever combination of numbers, letters, and symbols that you used
for your passwords is not strong enough to deter hackers anymore. When, in
2013, a major software company had 152 million accounts hacked, it was
shocking to see how obvious so many people's passwords were. 345,843
accounts actually used the word "password" and 2,000,000 used numbers
"123456." Do not be that guy. If passwords use numbers and words that are
memorable to you, they're very easy to figure out. A lot of software
hacking programs claim to make 350 billion guesses a second, so you'll need
to make your passwords at least 13-20 characters long and don't use common
words or phrases (yes, that means your lover's name is out and so is that
of your beloved corgi).

Down with Password Roulette

75% of people only change a letter or character in each of their passwords
to create a "unique" one for each of their accounts. That's great to
prevent hackers from daisy chaining their way through all of your private
information, but it can be a real pain to remember them all. This can be
especially annoying if you have a personal and professional account for an
app or site. , is an online tool that brings all your sign-on processes
into one space. provides instant access to over 1800 apps, like Dropbox,
Google Apps, Hubspot, WordPress, Zendesk, Salesforce, Asana, Trello,
Evernote, JIRA, and Rackspace. Teams can simplify sharing access to apps
like Twitter without ever sharing passwords, onboard new team members in
minutes and disable access to any services in an instant if necessary. We
can all relate to the frustration of being locked out of an account and
jumping through hoops to request a password reset, or digging through a
pile of papers to find a password you wrote down days or months ago.
Password managers like can reduce these annoyances and make sure you can
get right to work instead of wasting valuable time trying to keep track of
all of your passwords. It can also help you have encourage better password
hygiene — with , you can have a long, complex passwords across every
service sure to foil hackers, but you don't have to deal with the pains of
remembering it, which will help to protect your sensitive information.

Cryptic Coding is King

Hackers, especially brilliant ones, strike fear into the heart of any
business owner who uses the internet to do business or store data. But
really, hackers usually use the same methods over and over to get what they
want, and there are ways to use their laziness to your advantage. Server
hacking — when hackers target servers that put their passwords in plain
text — is pretty popular. This was the case when a large entertainment
company left personal data of millions totally unprotected. They had
basically put private information in an obviously titled text document. It
should go without saying but...don't do that.

Ignorance is Not Bliss

In the biggest retail hack in U.S. history, in which hackers commandeered
every credit card used at a big box retailer's 1,797 stores, the biggest
problem wasn't the stealth maneuvers of the the criminals took to get into
the system, but the fact that the company had ignored all the warning
signs. The $1.6 million malware detection tool (which, it should be noted,
is the same one used by the Pentagon) that the company installed had
detected the malware early, but the retailer didn't do a thing about it.
While these huge companies weathered the storm, smaller businesses are more
susceptible for cybercrime because hackers know their network security is
probably pretty weak. Password-managers like Meldium can encourage good
password practices amongst teams and businesses — which protects both
individual and company-wide security. In the case of the entertainment
company's major security blunder, hackers obtained data from every aspect
of their business, from private emails between actors and producers to
salaries. Once the hackers got into the network, it was easy to troll
around. Make sure to compartmentalized and encrypt all your businesses data.

Until all our messages and some key personal data are actually ephemeral, a
la something like Snapchat for all our emails and most private information,
keep all your digital data on lockdown.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!