Posts Tagged ‘strong passwords’

Time to Change Your Password …or Is It?

Posted on: July 28th, 2017 by jiml | No Comments

The National Institute for Standards in Technology (NIST) released new guidelines for strong passwords. Past recommendations included having long passwords that mix in upper and lower-case characters, special characters and changing that password on a regular basis. This was a difficult proposition for many users who did not user any type of password manager. A person in today’s digital world needs to have so many passwords that it is nearly impossible to keep up strong passwords. The emergence of password management software like LastPass and KeePass helped alleviate some of those problems.

Not all passwords need to be created equally. For example, which account would be preferred a strong password on – your bank account or your Shutterfly account? Your email account or your magazine subscription account? For certain accounts, a strong password is imperative. There is just too much at risk if your account is compromised. Strong passwords are those that can help protect your account from the myriad of programs that hackers use to try and break into your account. Consider using a password checker to verify the password strength. Click here for one from LastPass.

Another example where passwords do not need to be created equally are accounts that you need to log into regularly vs. accounts you do not. As an example, Colden Company creates passwords for encryption keys for our customers for backup accounts. We use a program to randomly generate a 48-character password. An example might be “#$DfhlutyST^54*^&##Jllos)1^CHJuek*7SL,ko&^d5SKkw”. How would you like to have to type that in every day? It would not be feasible. But it is feasible for an account that is setup, used for backup but rarely needed to type in. It is very strong and long for protecting vital data.

Strong passwords are important to prevent hacking of your account, but equally important is to have a system of creating unique, strong password for your various accounts. The strongest password in the world is no help when Yahoo is hacked and your password is stolen. What many people fail to consider is that they may be using that same password for different services. As an example, you may not be that concerned if your Yahoo account is hacked but what if you are using those same credentials at your bank? Now is that a concern? The difficulty in maintaining and changing strong passwords so frequently presents a problem leading many people to reuse the same username/password combination at various sites. When one of those is compromised, they are all at risk.

This leads us back to the NIST password recommendations. In this year’s publication, NIST is loosening the complexity and duration standards. In other words, they don’t feel it is necessary to change your password every 90 days any more. It is more important to have a strong password with adequate length. The password length is an area where they have strengthened the recommendations. An example of long password is “Owl Eagle Horse Cow”. Here we have a twenty-character password (including spaces) that is easy to remember, lacks the complexity of special characters and has adequate length to protect against randomly generated password checkers. Now, in our opinion, it won’t be long before hackers adjust their practices as they always do, so we, at Colden, still recommend mixing in a special character or two for added protection.

Finally, there is the option for multi-factor authentication. Colden uses two-factor authentication (2FA) for any customer information. This means that a simple username and password combination does not get access to the information. A secondary and different authentication must be used, in our case a random number generator that is generated from Google Authenticator that changes every 30 seconds. These are tied to our accounts so we are notified of access attempts and means that even if our login and password credentials are stolen, hackers will not be able to access any customer information. Businesses should consider deploying this type of security for critical applications.

Is your business keeping up with changing guidelines? Give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.

Security Mistakes Businesses Make

Posted on: September 27th, 2016 by jiml | No Comments

Many of our blog postings have something to do with data security in one form or another. The reason is because today’s world is different than the world was five years ago. If you have not changed the way you are securing your critical data and systems over that time, your measures are likely no longer sufficient. Threats like ransomware present significant risks to businesses today. Did you know your business could get fined by the FTC if your business becomes the victim of ransomware? Here are some of the top mistakes we see being made in regards to security:

  • Using the same passwords for different uses
    We are still seeing the repercussions from the LinkedIn hack a few years ago. If you were notified about the hack and just changed your LinkedIn password, you may not have done enough. The hackers had a list of emails and passwords from the hack and then tried those same credentials at different sites. “Let’s see if those credentials work on Facebook…..or Chase bank perhaps.” If you are using the same password for multiple applications you are at risk if one of those sites is compromised.
  •  Not keeping employees up-to-date on security threats
    As we mentioned in the introduction, the world is changing and new security threats are out there such as ransomware, scareware and social engineering scams. Are your employees or coworkers up to speed on the threats they might face? Do they know how to react if they encounter one? Awareness training is a key component to a comprehensive security plan.
  • Not using web browsing controls
    Web browsing controls, sometimes called content filtering, used to be considered an optional item for businesses. In today’s environment, we consider it a necessity. A good content filter will block known bad sites to prevent users from accidentally (or purposefully) going to site that can infect their business computer. There are many forms of malware that attack through web browsers. You should have the mindset that when you are using a web browser, you are in the danger zone. Web browsing involves connecting to other computers that your organization does not control and must trust.
  • Failing to review security policy and protective measures regularly
    This is how businesses fall behind the curve with security. Systems are put in place and the security of those systems are never regularly reviewed to see if they are keeping up with the evolving security threats they might face. Who is responsible for this in your organization?

These are just a few of the mistakes we see businesses making. The result is that your business is put at risk. Are you making any of these mistakes? Contact us at Colden Company and see how we can help remediate these issues for you and protect your critical data and systems. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.