Passwords are the first line of defense against unwanted access to your computer or accounts. The stronger a password, the better protected your computer or accounts will be from hackers or malicious software. A study by BitDefender showed that 75 percent of people use their e-mail password for Facebook, as well. If that's also your TradeMe or PayPal password and it's discovered, say good-bye to some funds, if not friends.
BitDefender warned social media users to be careful when setting up passwords for social networking platforms and email. The researchers managed to verify the leaked email accounts and found that 75 percent of users had one common password for social networking and accessing their email. Additionally, the study revealed that 87 percent of email IDs, user names, and passwords gathered from various sources were still active.
You have probably heard this a number of time before, but there are two important tips when it comes to passwords:
While it may seem obvious to use a password that is nigh on impossible for others to guess, it is more than just refraining from using pets’ names or birthdays and anniversaries.
A strong password:
When creating a strong password, you should use a string of text that mixes numbers, letters that are both lowercase and uppercase, and symbols. It should be eight characters, preferably many more. A lot more. The characters should be random, and not follow from words, alphabetically, or from your keyboard layout.
So how do you make such a password?
You don't have to go for the obvious and use "0" for "o," or "@" for "a," or "3" for "e," either. As long as your replacement makes sense to you, that's all that matters. A "^" for an "n" makes sense to me.
If the password can be found in the dictionary, it isn’t a strong enough password. Likewise using numbers or letters as they appear on your keyboard (“1234” or “qwerty”) is a no-no. Even if you decide to go with your pets name, your birthday, anniversary or your car number plate and add a couple of numbers to follow your password, these are all things that hackers try first.
They write programs to check these kinds of passwords first, in fact.
Other terms to avoid: “letmein”, “money”, "god", "love", and if you even think about using the good old “password” as your password, just leave the Internet now.
Once you have chosen your password, and it looks as though someone stomped on your keyboard, it’s a good idea to vary these across different accounts and systems. Companies like banks are more unlikely to fall victim to a hacker attack, but if you are using the same password for your bank as you do other sites, your bank account will only be as safe as the weakest protection on any of those other sites.
Websites store your password in encrypted form, meaning it has been encoded by a one-way process to an unreadable string of characters.
To authenticate your login, they simply encode your submitted password by the same process and compare the result with your stored, coded password – a process far easier than decoding your original password from the encrypted form. Depending on how stringent the website’s encryption is, the decoding task can vary from “really hard” to “nearly impossible” – but no system is perfect.
If a web server is hacked, the encoded password file can be downloaded. Widely available password-cracking tools exist to help attackers decode stolen password lists. They start with huge databases of commonly-used passwords (“Password123” isn’t as clever as it used to be…) and add:
What’s more, the cracking tools will automatically try combinations and variations – capitals/lowercase, plurals, adding numbers or symbols before and after the words, etc. It can do this because modern computer hardware can test billions of combinations per second against a stolen list of encrypted accounts.
Do NOT keep a written list of your passwords at home or at work. That’s about as smart as writing your PIN on the back of your credit card. It’s not a bad idea to keep a list of sites on which you maintain accounts, so that when it comes time to change passwords, you won’t overlook any. And it’s definitely worth taking a few minutes or so out of each year to go through and update them.
It’s a good idea to establish a written password policy for your business. You can find templates for this online and adapt it to suit the needs of your company, communicate the policy to your team and make it part of your induction process for all new staff.
Microsoft is creating a dynamic list of stupid passwords that you're forbidden to use with your online accounts, in an effort to protect people from their own laziness.
Making simple rules which force people to create stronger passwords often only encourages lazy people to come up with a slightly longer dumb password, such as switching from "password" to the supposedly much more secure "password1".
Microsoft's latest solution is to study these lists of stolen passwords and automatically ban the most common, even if technically they pass its requirements in terms of length and complexity.
Pretty soon if you try to use a dumb password with your OneDrive or other Microsoft account you'll politely be told: "Choose a password that's harder for people to guess". Read more on this on Stuff.co.nz.
This infographic goes over the two-factor authentication for added protection. Make sure you take a look.
Don’t get hooked with fraudulent emails - part 3
30 September 2019
Don’t get hooked with fraudulent emails - part 2
29 August 2019
Don’t get hooked with fraudulent emails - part 1
07 August 2019
How to protect yourself from cyber-attacks
31 May 2019
Exosoft Tip: Invoicing via JIBE
18 March 2019
Exosoft Tip: Markups in JIBE
14 March 2019