Tonight I was watching the Nightly News and a story was aired about cyber security, specifically toward accounting firms. A CPA’s office is a hacker’s dream, I am actually surprised it is not mandated by law to have a minimum level of security on a CPA’s internet infrastructure. I was interested in that but another thought came to my mind, passwords. We all have that “go-to” password that is easy to remember like “password1234” or “Bluecar1993” and we use it, everywhere. My go-to password was “Welcome1” or “Welcome1!”. These are clearly bad passwords but you may say “It has a character!”, the way hackers or “phishers” get your information is using common strings of character (words) with number and symbols. Most brute force hacking literally involves using the the dictionary as a reference for the text string, then just adds characters and/or number to each string. Once they have the password, they try similar account usernames at various sites, eventually to something like a bank account or credit card.
Now, most companies do a really good job of making you pick complex passwords and alerting you of any activity that is suspicious but it only takes the one that isn’t secure to flush out the rest of your password arsenal (most people just switch capitalization or numbers and characters). There are two main things I am trying to convey here:
- Your password should be complex.
- Your password should be different for EVERY site you use it on.
Compare these two passwords:
Welcome1956!
:9T(n3!GpASS6!c@
The first password is a word followed by numbers and a symbol as well as having a capital letter. The second is a completely random string of, well, everything. How does kaspersky rate these passwords?
Welcome1956! – Rating = “Your password will be brute forced with an average home computer in approximately 13 DAYS”
:9T(n3!GpASS6!c@ – Rating = “Your password will be brute forced with an average home computer in approximately 4774 CENTURIES”
Pretty clear that common strings can be easily cracked, 13 days seems like a while but who changes their password every 13 days?
Try your password here! (Not your real password, something similar):
https://password.kaspersky.com/
Now, you are saying how the heck am I going to remember that password? Well, there are a few options:
- Write it down – This is actually pretty secure as it is not digitally accessible, but it not easily recoverable.
- Put it in Notepad – Terrible idea, it’s probably on your desktop saved as “passwords” or “Apple Pie Recipe” and is not secure.
- Password Protected Excel or Word Document – This is a better idea, but I can get a password protected file open in a few minutes (hiding them in a macro won’t stop a quick excel password hack either).
- Online or Installed Password “Lockers” – A better idea but they are linked to the company (possibly stored on their server) that created it and you will need to log into the program to retrieve, but a very good option compared to the last 3.
- Open Source, Encrypted Password Storage – The best option available. There is still a digital trail, but it is encrypted and not stored on someone else’s server and typically require either a single password, biometric access or two factor authentication.
I receive no kick-backs from the company I am about to recommend, just that it has been very useful to me, https://www.enpass.io/.
Enpass, You install the program on your computer or mobile device, select the location to store your encrypted password file (Locally!, Google Drive, OneDrive, etc) and start adding your credentials. There is even a password generator to create strong, complex passwords. You can even copy the saved passwords so they can be pasted in a password field when entering credentials. You can even export the list into a .txt file, FOR PRINTING, DELETE AFTER, so you can have a hard copy in a safe or filing cabinet if something goes awry with your digital devices.
I use Enpass every single day (other programs that are similar are fine too!) and it is a saving grace to keep my 50+ password safe and secure as well as allowing me to make sure there are very strong by being able to generate them quickly.
The internet is more and more accessible and easily hacked, make sure you are protecting your online life with strong passwords.
Contact us at info@b3enterprise.com for more information or if you have any questions or would like some pointers!