By Carl Mazzanti, eMazzanti Technologies President
It has been said that the longest journey begins with a single step — and the same principle holds true for an effective Cyber Security plan: it begins with a secure password. It is a simple concept but one that must be executed properly.
Passwords are a first line of defense. They help ensure that only authorized individuals can access a business’ cyber accounts and the data they contain. Managed IT services providers know that to be effective, passwords should be unique — which excludes easily guessed combinations like ABC or 123.
And it also rules out passwords based on the creator’s personal information: family names or birthdays may be easy to remember, but attackers can easily crack them. As a workaround, business owners often use a four-digit Personal Identification Number (PIN) made up of a combination of the month, day, or year of their birthday; or their address or phone number. But that kind of information is easily available on the Dark Web or from other sources.
Another common approach is to base a password on a random word that can be found in a dictionary. But hackers can get around that with so-called “dictionary attacks,” using sophisticated software that deploys many pre-selected words and phrases in a bid to guess passwords based on common words or phrases. Some people think that intentionally misspelling a word (like daye instead of day) can help, but hackers are prepared for that too.
Instead, a more effective approach is to utilize a series of words linked together by memory techniques or mnemonics. For example, instead of the password softball, use IlTpsB for “[I] [l]ike [T]o [p]lay [s]oft[B]all.” Interspersing lowercase and capital letters adds another layer of protection: modifying that example with Il!2pSb, gives you a password that can’t be found in any dictionary.
According to Cyber Security managed services professionals, best practices require using the longest password or passphrase permissible (generally from 8 to 64 characters). For example, Pattern2baseball#4mYmiemale! would be a good one because it has 28 characters and includes upper and lowercase letters, numbers, and special characters.
Once a strong password has been developed, it can be tempting to reuse it. But doing that can put a company’s accounts at risk. If the attackers were to guess the password, they would now have access to every account that uses the same password. So, each account should have its unique password.
Of course, adhering to that policy can bring its own headaches since many people have a tough time remembering unique, complex passwords for each account. FOGLO (Fear of Getting Locked Out) over too many failed sign-in attempts are a valid concern, but a password manager can help here.
A password manager is a software application — like ITGlue, or Passportal’s N‑able — that can store and manage online credentials and generate passwords that are stored in an encrypted database, which is locked behind a master password. The authorized user only must remember a single (effective) password. Entering it unlocks a password digital vault and from there, a user can retrieve whatever specific password is needed.
Now, whenever a new account is created, a password manager will ask if the user wants to use an auto-generated password. These auto-passwords tend to be long, alphanumeric, randomly generated, and highly resistant to hacker guesses. Still, while a powerful password is a good first line of defense, it should be reinforced by multifactor authentication (MFA), another vital Cyber Security tool.
MFA adds a layer of protection to the sign-in process by sending a user additional identity verification, such as scanning a fingerprint or entering a code received by a mobile phone or another device. The concept is like wearing a seat belt and a shoulder belt. Either one is good but using both is better.
Today’s digital environment offers many benefits, but plenty of bad actors are trying to take advantage of it. However, strategies like strong passwords, password managers, and MFA can help create a digital moat that keeps hackers and others at a distance.
