Strengthening Your Password


Seven Steps to Help You

Today, the usual way to access the information stored on our computers, e-mails, and any other online services is using credentials: usually username and password. There are many users who use critical company systems and online services endangering safety, ignoring the danger involved or simply not devoting time to maintain the security of their own passwords and exposing their own information, whether professional or personal.

In recent days, as we have seen by massive internet outage, was an attack of default passwords on IoT devices. Apparently, many of the devices involved during this attack allow users to change the default usernames and passwords on a Web-Base administration panel that ships with the products, however, administrators did not take the precautions necessary and change the default passwords.

Furthermore, Mark Zuckerberg, founder of social network Facebook, has also experienced firsthand how your social media account could be hacked by using the same weak password that was already used on other social media account. The problem comes when users use the same weak password in different accounts or the password does not contain at least capital letters, numbers and special characters.

These facts bring awareness which is an important point for a critical issue as protect our own security and integrity.

It’s never too late to start building your password strength

Here are seven tips to keep in mind to maintain the security of your passwords forever:

  1. Create a strong and solid password: your password must meet certain characteristics such as:
  • A minimum length of 10 characters.
  • Including minimum one uppercase letters, one lowercase letters, one special character and/or one number.
  • Not be related to get easy personal dates; e.g.: birth dates.

Remember that a secure password is one that cannot be memorized. It is therefore desirable to use a password administrator. (More on this in point #6)

2. Never use the same password for different services: the use of a single password for all services makes your data be threatened once someone gets your password. You must create different passwords for different services.

3. Change passwords every so often: establish a habit of changing passwords periodically. This will make it more complicated than someone could catch your password. In addition, at the enterprise level, companies should have in their security policies change passwords regularly.

4. Do not use personal data: when creating or updating passwords, avoid using personal information such as birth dates, names, last names, etc.

5. Random password generator: if you could use a random key generator program, the password will be much better protected. A password generator can be part of a password manager program.

6. Use a password manager program: a password manager could free up your brain power for doing productive things rather than remembering a long list of passwords. It makes easy to have a custom, complex password for each service you use while only having to memorize one and use it on all your accounts. These types of programs generate lengthy passwords for you and audit your password to root out weak ones. If you create a new account, your password manager offers to generate a secure random password for you and storages your ID or email address with your password so you do not need to remember, your ID or email associated with your service and password.

7. Two factor or multi-factor authentication: an additional security measure, complimentary username, and password, is the use of two-factor authentication such as:

  • Physical object: token, bank card or a key.
  • Knowledge factor: PIN, secret word and secret question.
  • Biometrics systems: fingerprint, facial patterns (eye iris), voice and typing speed.

Also, an example of two-factor authentication is the use of a mobile application that provides a unique password that changes every few seconds. Remember, the more you adopt security measures less expose your confidential information would be.

The safest solution at the moment is using a combination of a password manager program and two-factor authentication, however, sometimes this makes signing in to anything inconvenient and time-consuming.



Previous Article
Hacking POS Systems
Hacking POS Systems

TASK Talk Congratulations to our team at Security Compass for being accepted to present at TASK (Toronto Ar...

Next Article
Debunking the Pretext
Debunking the Pretext

Answering the excuses that execs make when implementing security training The Training team, at Security Co...