Hacker's Favorite Movie Quote
"Do you feel lucky? Do you punk?" This Clint Eastwood 1971 movie quote could be the mantra of all 21st-century hackers. If you feel lucky, gamble on using short passwords. Include your birthday or your pet's name. Use the same password across all of your accounts and NEVER change it. Write your passwords on sticky notes and stick them to your computer. And for heaven's sake--don't use two-factor authentication or a password manager!
SolarWind's "Lucky" Intern
A SolarWinds intern felt lucky. He posted the simple password "solarwinds123" on a private account in 2017. The password did not change until a researcher discovered it on the public internet in 2019. In the meantime, hackers hid malicious code in software updates that SolarWinds pushed to 18,000 customers, including federal agencies. This brought the company to it's knees in front of a joint hearing of the House Oversight and Homeland Security committees in February 2021.
The Wake-up Call
Because so many people across our planet "feel lucky," the first Thursday of May is designated as World Password Day. Ignoring this yearly clarion call to be a password vigilante may not land you in Washington D.C. being reamed by lawmakers, but you could wake up to an empty bank account or unexpected charges on your credit cards. You could find yourself without a job because you were the conduit to hackers exploiting your company's data.
Take the Pledge
Yes. This is serious stuff. So let's start with the #WorldPasswordDay pledge:
--change an old password to a long, strong one
--turn on two-factor authentication for your important accounts
--password protect your wireless router
--don't store passwords on your computer or phone
--log off when you're done with a program
--periodically remove temporary internet file
Layer Up!
Your password is your first layer of defense--but alas, it isn't enough. The pledge includes "two-factor authentication for your important accounts." Here are a few ways you can accomplish that:
--A two-factor authentication app There are a variety of apps that provide two-factor authentication, including Amazon, Google, and Microsoft. Two-factor authentication (2FA) enables you to verify yourself in two ways: with a password and with a second "factor." After you enter your password, the 2FA app on your phone generates a one-time code you add to your login to access your account.
--Single-Use Code (via text message or email) After you enter your password, the second factor arrives by SMS or email. You receive a code of numbers to add to your login. Unlike a PIN code for a debit card, a 2FA code is used only once and constantly changes. BUT, be aware that receiving codes via SMS is not as secure as using an authentication app.
--Face Recognition Biometrics recognizes you by your fingerprint, face, a scan of your retina, or by your voice. This method can provide strong protection for your data.
What Can Make Password Management Easier?
You can make your password life easier by using a password manager. Adept Solutions uses LastPass internally, and we have partnered with them to offer our clients best practices in using a password vault.
An article on the LastPass blog encourages readers on this World Password Day to "take cybersecurity into your own hands and let LastPass help you strengthen and secure your digital life by:
--Creating strong personal and business passwords
--Generating unique passwords, so you never use the same password twice
--Securely sharing passwords with friends, family, and coworkers
--Protecting yourself from breaches with Dark Web Monitoring
--mplementing multi-factor authentication
--Setting up Emergency Access"
Only One Password to Remember
The beauty of a password manager is you only have one password to remember--the one to your password manager. All others are safely tucked away in the vault and will autofill your logins when you need them. But that means that one password needs to be a super rock star passphrase that you change frequently such as: mydogfido'sbirthdayisnovember19. Read more about the strong master password on the LastPass blog.
But What if the Password Manager Gets Hacked?
The majority of cyber-security specialists agree that password managers are the most secure way to protect your passwords, as this article from online Cybernews reports.
You can also hedge your bet by using a method called "peppering." This simply means when a password from your vault auto-populates a login site for you, you then manually "pepper" it with extra characters.
A Tech Advisor article explains, "you could have a system where your passwords end in !Pwd, but you don't include that part when you store the password in your password manager. Then, even if in the very unlikely event that someone managed to hack your encrypted password vault, none of the passwords would allow them to log into any website or app."
Contact Us to Learn More
Cybersecurity is a priority at Adept Solutions. Let us help you navigate our complex digital world. Contact us to learn more about password management at 530-751-5100.
Let World Password Day be the wake-up call you need to keep all those guardian crypto keys safe and secure.