Anyone recall the 60's Game Show "Password"? Contestants would offer clues in the hopes their partner would successfully guess the password so they could win big. 50 years later, hackers around the world try to hit the jackpot and infiltrate computers decoding our poorly crafted Passwords. Tarilon can help you ward off these attacks with a few painless steps to beef up your password security.
I recently heard from a customer who watched a sophisticated phishing attack play out within their Outlook Inbox. Phishing is a form of fraud where the attacker tries to learn individual login or account information by masquerading as a reputable company or person in email, instant messaging or other communication channels. This client sought our opinion on improving his password security and we recommended a few steps to craft impenetrable Passwords and a plan for a company wide password protocol.
Top 3 password considerations that clients should implement:
1) Use robust passwords that are at least 10 characters long with upper, lower and at least a digit. Mine is 15 characters long. An example: Cake16Drive (weren’t we all anxious to eat our Cake & Drive at age 16?)
2) Stop re-using passwords across multiple sites and accounts. Yahoo just revealed they were hit several years ago and 500,000,000 of their customers data was exposed. If you use the same password at Yahoo as any other site you are now seriously at risk. Integrating a tool like "1Password" to your arsenal is the answer to not re-using passwords. https://1password.com/ It will securely store all your passwords, PIN codes, credit cards and more. It will alert you to change weak or duplicate passwords to improve your online security and saves time by signing into accounts with a single click.
3) The ultimate defense against phishing attacks is two factor authentication. With “two factor”, or some services call it “two step verification” you have to enter your password, but you also have to have another device, like a phone, that sends you a one time use code. There is some ongoing overhead to logging in by this extra step, but it is very very unlikely that it will be cracked by a malicious imposter.
Frequency of password changes isn’t as important, in my book, if the above are in place. That said, 1Password will do a mini-audit and show you how old your passwords are. It will also show you duplicates and weak passwords. There is, of course, no harm in changing passwords at regular intervals as long as they are recorded securely with a tool like 1Password.
I think our biggest exposure for criminals is using passwords which are too short, easily guessed and often reused.