Does news about Russian hackers make you feel less safe? Some expert rules to safeguard your password security.
The March 15 DOJ indictment of Russian hackers shows that computer users are not taking routine precautions regarding their password security. That is to say people targeted by the hackers had such poor password security habits that the hackers had little challenge getting through. So if even the top level practices poor password security, what hope is there for those of us not in the cross-hairs of these international spy hackers?
Of course if you fail to take routine precautions to safeguard your email account and you have information of interest to the Russian government, then you will be exploited. But why wait? Why not find out the precautions the government officials and powerful executives should have taken and didn’t. An article published, 16 March 2017, offers some suggestions.
Rule 1 – Diversity
It seems reasonable if not absolutely obvious that if you have the same password on all your accounts you are more vulnerable than if you have a separate password for each account. My personal experience makes me aware just how difficult that is to do. But here’s a suggestion that will make it easier.
Instead of using the same exact password for multiple accounts, extend the idea across your accounts. Let’s say that you have Gmail, Hotmail and Outlook email accounts. Your basic password is mountainBike2017. That’s good. Upper/lower case letters and numbers. But let’s use a symbol to extend that basic idea.
- For Gmail you might put- mountainBike2017-GM
- For Hotmail you might put- Hot-mountainBike2017
- For Outlook you might put- mountainBike2017-out
Just that little bit of diversification is a long step against the same password at all accounts and improves your password security measurably.
Rule 2 – Manage
Managing passwords is quite a task. The average person (says this 2014 article) has 19 passwords – but 1 in 3 don’t make
them strong enough. You could make a long list of your passwords. One password for each of the multiple online accounts from mail site to bank site to news site to blog site to work sites to purchase sites. All those many places where they want you to create an account. But a written list is not a good idea should it get lost or destroyed. A digital list is not a whole lot better. The Russian hackers searched for keywords like “passwords” to find such lists! Any common key word can become a road map leading directly to that special list of information that would open all doors.
Better would be a password-manager service. LastPass and DashLane keep track of multiple complex passwords. Google Chrome has a built-in password manager, as does Apple’s Safari. Some variation of this particular management rule will doubtless grow in use and complexity resolving the password security access issue globally. One number will be the “Open Sesame” to all your Jewels. Your job is simplified!
Rule 3 – Complexity
Speaking in 2004, Bill Gates claimed the password could not meet the challenge of keeping information secure, and predicted its demise. Move forward more than a decade and the password is still alive. In spite of Microsoft outlawing such passwords as “12345” or “password” or “Qwerty”. But you’re not using anything like that, right? Not using your dog’s name or you son’s or grandson’s birthday? Not your anniversary? Hopefully, you see how all personal information is a direct line to you and are not as secure as you might like it to be.
But there is the “Secure Password Generator,” which will produce a random password from a random generator. Note that the site itself is said to be secure to preclude the scary thought of hackers secretly providing the passwords! I went to the linked site, made some selections as to password length and what to include (symbols, numbers, lowercase and uppercase). When I clicked “Generate Password,” this is what I got: ^H6vm&TMECcCgRK@
You may exclaim in great pain, “But, isn’t that difficult to remember?” Not really. You can give a personal meaning to each element. The site generator provides this descriptive memory device along with the complex password: “^ HULU 6 visa music & TOKYO MUFFIN EGG COFFEE creamer COFFEE golf ROPE KOREAN @.” But you can substitute your own meaning and alter some of the characters: “^Teal’s 6 visual nuances – TOO MANY ESSENTIAL COLORS can COLOR @ gentle RECORD KRAFT” would be the secure 16 character password ^T6vn-TMECcC@gRK . There are many sites offering the random password generator service: Norton, LastPass, DashLane, and Gibson Research, to name a few.
No more excuses!
Rule 4 – Ingenuity
I’m sure you realize that the ingenuity necessary is not for you to produce! At least not for this next rule. This rule takes us to the addition of some kind of bio-metric authentication. Bio-metrics would be: finger, face, voice & iris recognition, eye prints, finger veins and heart beats. You’ve probably heard of many of these. Maybe you even use a device that gets you into the gym by reading your finger print.
The problem is that finger prints can be stolen. Whole fingers can be stolen. So there is a need for a living bio-metric. Something someone else cannot steal or use without your permission. How about a computer that reads your lips while you say your pass phrase? Now that has ingenuity!
An article from Futurism.com points to such a lip reading computer:
“A team of scientists led by Cheung Yiu-ming from the Hong Kong Baptist University (HKBU) has presented a brilliant and novel solution to this problem.
“It’s the first technology of its kind in the world, and it could spell the end of typed passwords.
“Their idea is a lip-reading software that has you speak directly to your device. All you need to do is say or mouth your password to the camera of your laptop or smartphone. The recognition software will grant you access once it reads your lips. “This system verifies a person’s identity by simultaneously matching the password content with the underlying behavioral characteristics of lip movement,” according to a write-up on HKBU’s website.“
Extra Resources
Two resources if you’d like more information on the password security and bio-metrics issues:
- Webinar – A five member panel discusses The Future State of Identity.
- Whitepaper – A survey uncovering the truth about: Challenge of Password Management; How User Experience Is Suffering; The Rise of Next-Generation Authentication (bio-metrics).
Password security is a front-line defense against hackers. With a little help and a little effort you can make your password more secure. Secure passwords keep out hackers!