After reviewing the Verizon Data Breach Report, it is apparent that passwords are still a problem. Specifically, users are choosing passwords that are easily guess-able or worse, do not change the default passwords of networking devices.
Here are three tips to improve passwords:
According to an article published by CBS (http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/), in 2013 the top 3 passwords used were “123456“, “password” and “12345678.” Unbelievable!
It should be no big secret, the longer the passwords, the more difficult it is for anyone to guess it (or crack it). Add in some numbers, combination of upper and lower case and a symbol (if possible), will increase your protection 10-fold.
If we take the example that were used earlier for passwords and we made a few tweaks here and there, you would have a more secure password. Let’s explore:
There are a couple of things wrong with this password. You should never have more than 2 sequential numbers (i.e. 1,2,3) in a row. The password contains no letters or special characters. It would take a script kitty all but 10 minutes to break this password.
We can improve this password by amending it to: K23*l6iM
The first thing I wanted to accomplish was to make sure that I have at least 8 characters in this password. The password length is important. The more characters you have, the harder the password is (traditionally). I also took the liberty to remove the numbers 1,4 and 5 and replace them with special characters and upper case and lowercase letters. In the process, I spelled milk backwards. Clever.
Let’s try one more example.
So this one does things right and wrong. The good is that it is 8 characters long. The bad is I can find this word in the dictionary. There are programs in the wild that will allow you to crack a password by going through every word in the dictionary in a matter of seconds. Ordinarily, I would say, change it up by converting it to P@$$WorD or p@$Sw*rd, but these are more common than the word it self (kinda).
The best defense if this is your password is to just change it all together. Make the password at least 8 or 9 characters minimum. Avoid using any words or phrases that you are fond of or that can be found in a dictionary.
Password managers are starting to gain some steam in world where data breach runs rampant. Password managers will allow you to use a program to generate random passwords or store custom passwords in a secure program. Before settling on a password manager program, YouTube or read reviews by others to determine if the product is right for you. Be sure that your master password that you use to sign into the service is complex since this is your first line of defense.
And no more non-encrypted excel spreadsheets. You have been warned.
Change Default Passwords
When I saw the top passwords used in the report mentioned earlier, I asked myself, how is it possible for so many people to be using the same exact password. If I would have to take a guess, I would say these were all default passwords. If you take anything from this post, it should be to CHANGE THE DEFAULT PASSWORD and increase the number of characters in your password.
It should go without saying that the first step when setting up any network device or program is CHANGE THE DEFAULT PASSWORD. I will give you a little secret; the default password is available to everyone on the Internet including my Oma. Leaving the password unchanged is like leaving your car running while you are inside dreaming of sheep jumping fences.
Although this was not meant to be an all encompassing guide to password use, I am hoping this will help generate ideas on securing yourself or your network. We live in an age where data breaches and password dumps are common place. There is no full proof way to keep people from accessing places they shouldn’t, but together we can make it a lot harder.