Passwords

Checkup #3: Passwords

Using Secure Passwords

Create strong passwords

Passwords are the first line of defense against break-ins to your online accounts and computer, tablet, or phone. Poorly chosen passwords can render your information vulnerable to criminals, so it is important to make your passwords strong.

To help you create strong passwords, follow these guidelines:

▪ Strong passwords are phrases (or sentences) at least eight characters long—longer is better—that include at least three of the following: uppercase and lowercase letters, numerals, punctuation marks, and symbols.

▪ Give passwords the thought they deserve, and make them memorable. One way is to base them on the title of a favorite song or book, or a familiar slogan or other phrase. (Don’t use the examples below!)

Example phrases: I love my new Xbox One

Example passwords: Ilove!mynewxbox1

▪ Don’t share passwords with others or store them on the device they’re designed to protect.(See next section)

Avoid common password pitfalls

Cybercriminals use sophisticated tools to rapidly crack passwords, but you can help foil their attempts.

DO NOT USE:

▪ Personal identity information that could be guessed or easily discovered, like pet names, nicknames, birth date, address, or driver’s license number.

▪ Dictionary words in any language (including the word password—the most common password in the English language!).

▪ Words spelled backwards, abbreviations, and common misspellings (accommodate, remember).

▪ Common letter-to-symbol conversions, such as changing “o” to “0” or “i” to “1” or “!”.

▪ Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (such as qwerty).

Protect your passwords

Secure your passwords

▪ Don’t share your passwords with anyone, and don’t store them on the device they’re designed to protect. Never send a password in email or instant messages because they’re not reliably secure.

▪ Use a unique password for each website. If someone steals a password that you use on many different sites, all the information it protects is at risk. Keep track of your passwords on a sheet of paper stored in a secret place.

▪ Change your passwords regularly, particularly those that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data.

▪ Whenever possible, change passwords immediately on accounts you suspect may have been compromised.

Tip: When you’re asked to give answers to security questions, give an unrelated answer. For instance, if the question is “Where were you born?,” you might answer “Green.” Answers like these can’t be found by trolling Twitter or Facebook. (Just be sure they make sense to you, so you’ll remember them.)

Don’t be tricked into revealing your passwords

Criminals can try to break your password, but sometimes it’s easier to exploit human nature and trick you into revealing it.

You may get an email message pretending to be from an online store (like eBay or Amazon) or a phone call from your “bank,” that tries to convince you of the “legitimate” need for your password (or other sensitive information). It could be a phishing scam. (You may have heard these con games referred to as social engineering.)

You are most vulnerable to scams that look genuine.

▪ In general, be wary of the sender, even someone you know or a company you trust. (For example, a crook may have hijacked a friend’s account and sent email to everyone in the friend’s address book.) Treat all unsolicited requests for sensitive information with caution.

▪ Never share your password in response to an email or phone request—for example, to verify your identity—even if it appears to be from a trusted company or person.

Where the danger lies – Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover a forgotten password. In penetration testing, it is used to check the security of an application. In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower. Programmers have developed many password cracking tools, and unfortunately, the majority are free and easily found using any search engine. (One password cracking website designed for hacking Facebook sites claims it can run 8 million password combinations a minute.)

Setting Up Two-Step Verification

Two Step Verification is offered by Apple, Microsoft & Google and adds an very important level of security to your accounts. While your password is used to verify you, the 2nd step in using Two Step Verification requires that you verify your device. This is done by texting you a PIN Number whenever there is an attempt to access one of your accounts from a different computer/device than is registered to you. Thus, if someone does have your Email or Cloud password, they still could not hack your account without having your mobile phone to receive the PIN Number. You can easily set up Two Step Verification by going to the following websites and following the instructions at the site:

For iPhone/iPad and Mac Computers:

http://support.apple.com/en-us/HT204152

For Any Devices Running a Windows Operating System:

http://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification

For Devices with Google Accounts:

https://www.google.com/landing/2step/

Back to Menu Page                                   Checkup #4

Screen Shot 2015-01-28 at 12.55.14 PM