Cyber Security: Beyond The Password

“You’re only as strong as your weakest link.”

This old proverb might be cliché at this point, but it’s also the key to your organization’s cyber security.

As more and more employees are working remotely, carrying company-issued smartphones and laptops, and thus walking around with company and client information at their fingertips, this statement is truer than ever.

If the passwords protecting these devices aren’t strong enough, then your own employees will be the biggest cyber security risk you’ll face.

Worried about information getting into the wrong hands?

Finding your employees writing down passwords on scraps of paper, not changing them regularly or making them too easy to guess?

If so, there are steps you can take to improve your company’s cyber security and protect your clients from a data breach.

Read on for some solutions to common cyber-security related problems.

How To Choose A Good Password

Uppercase letter, lowercase letter, number, “special symbol”, and at least 8 characters long.

These are the types of requirements often used for setting a password.

But not everyone understands why.

One of the traditional methods of password cracking is called “brute force” cracking – it’s essentially the process of using an automated tool to try a large number of randomized passwords over and over again until you get the right one.

Your standard QWERTY keyboard is capable of producing 96 characters using normal keystrokes, so if your password is one character long, there are 96 possible passwords you have. A password cracker can break into this in the blink of an eye.

Add another character, and it’s 96×96 possible passwords – 9,216.

Three characters, and it’s 884,736 possible passwords. And so on.

Most password crackers can attempt millions of passwords per second, so while 884,736 possible passwords may seem like a lot, software tools can make short work of them.

But the more characters you add to a password, the harder it becomes to crack, and exponentially so.

Nine character passwords have just over seven trillion possible combinations – that can be cracked in less than a week.

But a ten character password has 66 quintillion possible combinations, which will take several months.

Add two more characters, and you’re looking at 613 sextillion possible combinations, which will take nearly 200 years to crack.

The first step in ensuring your employees have a strong password is setting a password policy, such as the one listed above.

Have your IT staff ensure passwords on company systems must meet the minimum requirements.

However, these sorts of requirements can result in passwords so complicated that employees feel compelled to write them down, thus defeating the purpose.

We talked about this in a previous article about the Hawaii missile warning earlier this year, where it was revealed that the people in charge of Hawaii’s Emergency Management Agency had left the passwords to their accounts on a post-it note on their computer monitor, which then ended up on television.

So offer them some tips to combat this behavior.

Making passwords easy for the user to remember but hard for anyone else to doesn’t have to be rocket science.

One technique is to use an “inside joke” or special memory. Remove the spaces and trade out some of the letters for numbers (try using “3” for “E”, “6” for “G”, and “$” for “S” in order to substitute special characters).

This will make it easy to remember, but hard for someone else to guess.

How To Manage Your Passwords

Some organizations have chosen to take back control over passwords, by using password managers or password vaults.

These are programs which assist in generating and storing complex passwords in an encrypted database.

These types of applications require the user to create and remember one “master” password to gain access to the information stored in the encrypted database.

Using a password manager can prevent employees from using the same log-in and password across multiple devices and accounts – so long as they can remember the password for the manager itself.

Using 2-Factor Authentication

When it comes to protecting very sensitive information, a single password alone may not be enough.

Two-factor authentication can make it much harder for a hacker to gain access to a system.

Even if a hacker is able to determine a user’s password to log-in to the system, two-factor authentication adds an extra step, or “authentication factor” which needs to be used before access to the system is granted.

The 3 types of authentication factors are knowledge, possession and inherence (also called biometrics).

Knowledge factors are based on something the user knows (such as the password or PIN).

We’ve already talked about passwords above.

Possession factors use something the user has, such as an ID card, smartphone or security token.

For example, this might involve having a special code sent to the user’s smartphone which must be entered before access to a system can be gained.

Or the user carrying a smart card or key fob that must be presented or swiped in addition to the password.

Inherence (or biometric) factors have to do with something the user IS.

This could be a fingerprint swipe, face or voice recognition, or as often seen in the movies, an eyeball scan.

Two-factor authentication requires using two different types of authentication.

Requiring a user have a password and then enter a pin code would only count as one, as this only uses knowledge authentication.

Requiring a user have a password, but also use a fingerprint swipe to unlock a device is two-factor authentication as it uses both knowledge and inherence factors.

Contact 1st Secure IT

Worried about data breaches?

Need help setting up a two-factor authentication tool so your company’s information stays safe and secure?

Or maybe you’re looking for employee awareness training, on the importance of strong passwords.

1st Secure IT can help.

Contact us today to discuss your options for keeping your company secure in an uncertain digital climate.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

Cyber Security For Small Businesses On A Tight Bud...
Do You Need Cyber Security Insurance?


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, 16 October 2019

If you need help getting started... Contact Us!