Technology plays an increasing role in our lives- that is a fact. With technologies like WIFI, Bluetooth, Online shopping, email, social media and (especially) online banking, there is an ever increasing need for security. With so much inter-connectivity, we might be unaware of the bad guys getting another step closer to hi-jacking our lives. It almost sounds far-fetched, but as long as your online security is weak, they may find a way in.
We know that stolen identities are big business. Criminals can use them to assist in theft and fraud acts at all levels. The sad truth is that most people aren’t even aware that there are new security threats discovered every day; Let’s be honest, we all have much better things to do than worrying about changing a password or auditing our security settings.
“Your online identity is important”- Understatement of the Century!
There are countless ways your identity can be exploited if it were to fall into the hands of the wrong person. So how do you protect your identity? Well, you can start with a STRONGER password. But, remember this is only the first step in securing your online identity. I will cover other methods in more detail later.
Passwords are often incredibly easy to “guess”. Passwords using the names of family members, pet names or your birthday make a hackers job really easy… Especially now that social media is available to everybody. (See Case Study #1 below)
Here is a list of the top 25 most commonly used passwords in 2013.
If your password is any of these, I recommend that you change it now, because everybody knows your password.
Response to this in the late 90’s was to substitute numbers for letters, but guess what? This technique is now so old that approach is flawed. So if your password is “p4assw0rd” or “m0nk3y” or “sh4d0w” then you’re still in danger of losing your online identity!
The danger of easy passwords doesn’t end there. With so many passwords to remember, and the increasing complexity required, users have adapted by using password “themes”.
Themed passwords are the next most dangerous thing on the list. For example, if your domain was “www.mathscoach.com.au” then passwords you would avoid would be: maths, mathematics, algebra, trigonometry, trig, coach, coaching, number, numbers, calculus, numb3rs, m4thsc0ach etc. Avoid themed passwords as much as you can.
Simply adding numbers or special characters will not prevent a hack! The next trick that a hacker is going to try is known password formats.
What is a password format? As passwords have evolved, they have in the most part become stronger. Not because users wanted stronger passwords, but because providers and administrators forced them to become “harder to guess”. Forcing users to strengthen their passwords has left a legacy of password formats.
These can be easily guessed – For example :
So, what techniques are left to strengthen passwords?
1. Make your password completely randomly generated if you can.
2. Mix your passwords up with UPPER and lower case.
3. Make your passwords all different. If a website you’re subscribed to gets hacked, you’ll be safer.
4. Make your password longer – 9 characters length is more secure than 8 and so on.
5. Change your passwords more often than you already do.
6. Never, ever write your password down or leave it where it can be found.
7. Don’t let your computer save your password.
8. Avoid using the same password for all of your email accounts.
Case Study # 1
Can you remember when you set up your Hotmail account back in 2000? 15 years was a LONG time ago! But guess what? Hotmail (and many other free email services) asked you to set a “security question” that only you could guess. That was for when you forgot your own password and needed to get your email back.
In hindsight, back in 2000 there were a few things that people didn’t have access to, things that people kept secret.
In 2015, with social media, these are no longer secrets! With a bit of digging, it would be easy to discover your mother’s maiden name, the street that you grew up on and even your dog’s name, “Woofy”. With this information, an attacker could easily hi-jack your email account and take control. A few minutes later, they have changed the password on you and even the security questions. Goodbye Hotmail account!
Case Study #2
A small/medium business has 50 email accounts (users) with their IT provider. All of their PC’s are secured by individual logins. One morning, a part time employee clicks on a link inside an email. Shortly afterwards, a virus / trojan / keylogger has infected this solitary PC. But nobody, not even the antivirus software knows this has happened.
In turn, this allows that password to be revealed in plain text to the attacker. Because of that password being “guessed” to be the same as the CEO, the attacker then manages to access the email account of the CEO! The bad news for this company is that the CEO has an email in their inbox with a list of all of their financial accounts and sensitive corporate information (including other more secure passwords)
Suddenly that one insecure PC has led to that company being taken offline by a hacker, resulting in a financial loss and potentially even legal action from suppliers or investors who were affected in the process. Danger, Danger. All of this could have been prevented by the CEO having a unique (and secure) password in the first place.
How can Fireworks Websites help you to keep your passwords safe?
Here at fireworks, our cPanel webservers enforce a minimum strength on passwords which is a great start. (If you would like some assistance, please call our support department for a quick tutorial: (07) 3481 8800) If you wish to make full use of this feature, you can use your cPanel to generate an extremely secure random password like this:
Log in to your cPanel, go to Mail -> Email Accounts. Then select your email account and then use the “Change Password&” option. If you’re unsure of this, we can also set this for you on request.
Even more security to safeguard against attacks.
At Fireworks Websites, our servers also use firewall security to restrict attacks that might be someone trying to “guess” your password. This is another way that we can help to protect your email accounts. After a certain number of incorrect guesses, our servers will “black list” the attacker from any further attacks for a certain period of time. If your hosting provider doesn’t offer this type of “Firewalling” you are left open to Brute Force password guessing attacks.
If you are unsure about your password safety, please feel free to call us to arrange an audit of your own passwords. We will be happy to assist.