Joseph Assaf Turner
Protect Your Privacy (and passwords)
Earlier this month (May 3, 2018) Twitter announced that user passwords were stored as plain text in a log file rather than hashed. As a result, twitter asked its users to change their passwords which is good practice.
If you’re serious about protecting your privacy, the first thing you need to do is to keep your password safe and away from attackers’ hands.
Here’s how you can protect your privacy:
1. Create a Good Password
Sure, everyone knows that “123456” is NOT a good password. But what makes a good password?
Contrary to common belief, using a long string of letters can be better than the old complex-uppercase-lowercase-special character password. Why?
a. Using a complex password that makes no sense to a human is hard for an attacker to guess but also hard for the user to remember and so more vulnerable to exposure by keeping your password written on a yellow sticky note under your keyboard, forgetting the password and the going through resetting it – a process which may be exposed to attackers etc.
b. Long passwords are easier to remember and can be actually harder to crack. For example: the complex password “2!Qz@$pl” which meets Microsoft’s best practices requirement will take only 9 hours to crack on a home computer, while the long password “twotimesfouriseight” (two times four is eight) will take 607 million years to crack on that same computer.
A lot easier to remember and much safer.
* According to howsecureismypassword.net
2. Use Two Factor Authentication
Two Factor Authentication or 2FA means that the system you’re trying to access will ask for a password and then use an additional method of authentication, like sending a text message to your phone.
It’s no longer just something you know but now also something you have. An attacker will now have to compromise 2 systems instead of one which boosts your security level.
When available, use 2FA to increases the level of authentication on any system and / or website you’re logging in to.
3. Don’t Recycle
Imagine making all locks open with one key – your car, your front door, office doors, bank deposit box, mailbox etc. The thought may have gone through your mind thinking how easy it would be to carry just one key all the time but then you probably realized that once a burglar got ahold of this key, they would have access to all of your possessions. It’s the same thing with passwords i.e. Password Recycling.
Password recycling refers to using the same password for multiple accounts and systems. The upside – You don’t have to remember too many passwords. The downside – Once an account is compromised, every other account with the same password is exposed.
With data breaches more common and with greater numbers of records breached with every attack – avoid password recycling as much as possible.
4. Change Passwords Often
Attackers may gain your password form several sources, some of which may be for sale for weeks or months before an attacker decides to buy and use them. Changing your passwords often can increase the chance that by the time the attacker bought your password and decided to use it – you would have changed the password and successfully blocked that attack attempt.
5. Separate Password from File
When sending sensitive documents to colleagues or other business partners you may want to protect those documents with a password so that they’re the only ones who can open those files and access the content you sent them.
When sending the password to the intended people, instead of sending it on the same email message, use a different media. E.g. if you emailed the password-protected files, use a text message or voice call to send the password. This way, if an attacker got hold of the document, they’d still be unable to access the information on that file.
6. Use a Password Manager
With all the tech around us – there is really no need to remember your passwords. There are quite a few applications which would safely do it for you. LastPass is one of those applications.
To ensure your privacy, use password managers so that you can create multiple long passwords and change them often without having to remember any of them.
7. Assume the Worst
Remember that hackers are extremely resourceful and there is yet to be found the silver bullet security measure attackers can't bypass or exploit for long. With this in view, stay alert, check messages, use multiple security measures and know that anything that's on an information system has some probability of being hacked and leaked.
And as always – if suspicion arises – visit us. We're be happy to help.