It seems that every day a company is being hacked.
Homeland Security. Check
I wanted to get the word on how to protect passwords of everyday entrepreneurs such as yourselves.
I turned to the only guy I know who knows more about cyber security.
Christopher Wright is the head hacker at Citadel Systems. This is a guest post he has written for the grafixCat den. Thanks Chris!
How many websites or online services do you use? Tens? Hundreds? As we move more and more to an interconnected world, we get more and more passwords to remember.
But, why can’t we just have one password for everything? We can’t agree on a single way to do anything on this planet, why should passwords be any different?
Even if we could agree, this single authentication system would become the most attacked system on the planet. Who would you entrust to protect your entire digital life? Microsoft? The US Government? The United Nations?
You may have (inadvertently) tried to come up with your own single password system by creating all your online accounts with the same password.
That’s a very bad idea.
Cyber security professionals call this practice ‘password reuse’. Let’s say you use Yahoo! for your email service and decide that your password of ‘Awe$ome1’ is the best thing since sliced cheese. It’s not, by the way, and you should change it immediately. But, for our purposes here, you ignore me and do it anyway.
As you change the password for all your online accounts to ‘Awe$ome1’, you also notice that your username for these sites is your Yahoo! email address. So now you have the same username and password for most of your online accounts.
Now let’s say that Yahoo! was hacked (yes, it happened) and the hacker captured your username and password. He or she now has access to all the other accounts where you used the same username and password.
It’s trivial to create an automated program to test these credentials against a laundry list of popular sites. Now your bank, social media, online shopping, and other accounts are all compromised.
The hacker will probably also post his loot online as a trophy of his hack or even sell credentials to make money from it. Now more people will have easy access to your accounts!
Even if you knew about the hack very early, you would have to scramble to check all your accounts and change your passwords. Do you even remember all the accounts?
This probably won’t matter since you likely won’t hear about the hack until months or even years later. The damage will already be done.
There are a few ways to protect yourself, though.
First and foremost, do not reuse passwords.
Create a unique password for each service you use. This can be difficult since we have so many accounts. But don’t fear, Password Managers are here!
These programs store usernames and passwords securely and usually integrate into your web browser so you can login with a few mouse clicks. Some will also create strong passwords for you, synchronize your passwords among devices, automate password changes, and integrate two-factor authentication.
Some options include LassPass (https://lastpass.com), Dashlane (https://www.dashlane.com), KeePassX (https://www.keepassx.org/), True Key (https://www.truekey.com/), and Keeper (https://keepersecurity.com/).
If these don’t meet your needs, there are still others out there.
Chris Wright is the owner of Citadel Systems, Cyber Security and Systems Engineering Consulting in Central Arkansas focused on Small and Mid-Sized Businesses
Visit his website for more information about Cyber Security Consulting