Passwords – June Newsletter

Dear Reader, This month we have decided to cover another security related issue, the infamous PASWORD…!

Hacking attacks and data breaches have become all too common in recent years, as the world and our society goes online, becomes more digital (as the singularity approaches! :-0 – see link for more… ) As our lives and the web become increasingly intertwined, the need for caution, best practice and management of our digital lives increases, and for good reason. Criminal gangs are actively targeting companies to steal their user’s data and passwords, it is becoming more and more important for us to better protect ourselves.

Below are a few more recent examples of data breaches suffered by companies, potentially putting their users at risk.

List of high-profile data breaches

MySpace (May 2016 ) 360 Million potential compromised accounts : Link

TalkTalk (October 2015) around 157,000 personal records compromised : Link

British Gas (October 2015) 2,200 customer accounts compromised : Link

Potential data breaches have also been reported in the last few years at M&S, Twitter, LinkedIn and Spotify, though in some cases it is unclear if systems were hacked or if passwords were harvested from infected computers.

There was also an incident back in 2014 where systematic attacks on celebrity iCloud accounts lead to nude photographs being shared online. This was put down to weak passwords and publically available and guessable security information such as birth towns, first school, mother’s maiden name etc. Link https://www.theguardian.com/technology/2014/sep/02/gang-hackers-naked-celebrity-photos-routinely-attacked-icloud

Why should I care?

These days, like it or not, you likely have an account and accompanying password for pretty much every online or household service you can think of, from e-mail to Facebook, loyalty cards, online shopping, utilities and banking they all require a password in one form or another. The need to remember multiple passwords has become a fact of life for all of us, and at times can be an infuriating, frustrating and laborious task, especially when we can’t access the information we want when we want.

Over time most of us have found ways to cope with this and for a great many of us, we may be putting ourselves at risk. One of the most common ways is to use the same password across multiple accounts or perhaps slight variations of the same one, but chances are the same one is repeated on at least a few accounts. I know I am as guilty of this as the next person.  At the last count, I had around 220 different online accounts with passwords! and a recent security alert from Spotify showed me I had repeated passwords on far more that I realised, I spent an age changing passwords and deleting old accounts, frustrating as it might be it had to be done. Anyway you will realise, as I, that this is a very bad idea and that ‘digital hygiene’ is something we all need to start thinking about more seriously.

Below we will briefly talk about a five of the best ways you can start to improve your online passwords and manage your security more effectively.

Advice

1: Change your email account password.

In my opinion, the most important online service after banking is your primary email account, the one you use most and the one that is most often linked to other online services. If you’re going to go to the effort of changing any password and having a good strong unique password, you should probably start here. (In item 3 we talk about ways to choose a good password.)

It is likely that a great may more of your online accounts and services use this email account as a recovery method, and if it is compromised it could lead to other accounts being accessed as well.

2: Enable two-factor authentication

Many of the big technology companies such as Apple, Google, Microsoft and Facebook support some form of two-factor authentication. This, in its most basic form, usually means registering a mobile phone number with the company, so you can receive text messages containing a single use, unique code to verify that it is really you trying to access your account. Most often, this form of identification will be used when changing important details in your account or perhaps when logging in from a new device for the first time or at an unusual geographical location. It is meant to prevent unauthorised access in the event that your password has been compromised.

3: Use Better passwords

In an ideal world, your password should be a long string of random letters, numbers and symbols, containing no real words or common number sequences, though for most of us mortals it would be too difficult to remember.  That is why talk in the IT word these days has moved away from pass – ‘words’ and instead to pass – ‘phrases.’ This emphasises the fact that, the longer a password is, the harder to crack it will be. Having a passphrase will help in the difficult task of remembering a long unique password that is hard to be broken. For example, if your password is ‘Rex’ you can easily increase the length to ‘mybestfriendrex’ and to follow the best practice you can substitute some of the letters for symbols and numbers to make it extra strong. Such as “Myb3stfr!3ndR3x”There are tools online that measure the strength of a password to help give you and idea how to make a good one. Try entering the examples I gave above to see the difference it can make.  Follow this link for the tool. https://password.kaspersky.com/

4: Don’t reuse passwords

This is easier said than done, I think we are all probably guilty of this to some extent. Though the next item below can help greatly in dealing with all this password and account related stress and frustration.

5: Use a password manager

As I mentioned above in article 3 the best password is a unique random one, combined with never reusing it on any other services, and granted this would be impossible for a human to achieve. That is why ‘Password Managers’ are increasingly recommended by security experts.

The basics of how they work are as follows.

The manager will generate and store strong and unique passwords for your online accounts, the stored passwords are protected by encryption making them impossible to extract without the ‘Master Password’ This master password is your key to unlocking the password manager and access your stored passwords. Meaning; you only have to remember one password that you can make strong. Using a manager for example you would go to your Facebook account and rather that typing in your username and password for Facebook, the manager would pop-up and automatically fill out both, but only after you have entered your ‘Master Password’

Here is a recent review of the best Password Managers out there to help you choose if you want to give it a go. LINK  Most come with some sort of free trial, but do be careful if you fully commit to using one as most will tell you that if you lose your ‘Master Password / Key’ it will be impossible to get back the stored account information.

There are various opinions on how best to keep safe online so don’t just take my word for it have a closer look at what others say. Here are some links on the subject.

Kaspersky – Microsoft – Techradar – Guardian

If you are worried about online security or want some help getting to grips with a password manager or even just want some help using windows 10. We are now offering 45min training sessions here in the shop. Prices are £29.99 for 45min: give us a call on 01442 800126 or fill out this ‘contact us form’ for availability and bookings.

Thanks for reading

Andrew