Posts

Creating Passwords that are Bulletproof

/0 Comments/in , /by

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And once the bad guy finds his way in, especially logging into your email, it is game over. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

All it takes is a cracker to find this password, and now every account you have is compromised. And finding that password is even easier. Some studies show as many as 40 million records were compromised in 2021. Many of those records are passwords. At ProtectNowLLC.com, we have a tool that has access to over 12 billion compromised records where you can search your username aka your email address to find out if your username and associated password have been compromised on a variety of breached accounts.

Thankfully, there is an easy solution: use a password manager. I’ve had a password manager in place since 2004. At this point I probably have close to 700 different online accounts. And I might know the password for maybe five of them. The rest, only my password manager knows the password which I can easily look up. But I’ve never committed them to memory. Most people say “what if the password manager gets hacked” while this might be a valid concern, it’s not a concern of mine.

The low hanging fruit isn’t a password manager getting hacked, it’s people reusing the same passcode across multiple accounts and those credentials being available on the dark web. But, if you don’t want to use a password manager because you’re afraid the password manager is going to get hacked, you can also do the following:

Creating a Unique Password

Research shows that the best passwords are 14 characters long. Those that are shorter than that are easier to figure out. If a site doesn’t let you create a password that is 14 characters, it is possible to adapt it. Password managers do a very good job of creating/generating long strong unique complicated passcodes.

First, make a list of all of the sites you have a username and password for, and then put those sites into categories. For example, all of your sites for social media would be in a category, all of your email sites together, all of your banking sites together, and all of your shopping sites together.

Then you want to create a password that is eight characters. This will serve as the first part of any other password that you create. For example, the first eight characters might look like this:

CM&@t*yZ

Next, remember your categories? You will create a three-character password that is significant to those. For instance:

  • Social media sites – SM#
  • Email sites – &eM
  • Shopping sites – $h0
  • Banking sites – 8aN

So, this gives you 11 characters of the recommended 14-character password that you want to use. Now, you need three more characters, and that would be specific to the site.  So, let’s say you are creating a password for your bank. This is made up like the following:

Eight-character + three-character password (category) + three-character (site)

So, for your bank, it would look like this:

CM&@t*yZ8aNp$X

This is a very difficult password to guess, and for many people, easier to remember. But it’s not easy for everyone to remember. There is a solution, but first, keep this in mind. When you have to change your password, you can keep the final six characters and just change the first eight.

Now, how can you remember the first part of the password? One way to do this is to simply write it down and store it in a safe place. However, don’t keep it near your computer. Another thing you can do is to create a phrase that will help you remember.

Here’s an example. Let’s say our phrase is “My brother asked me for bread and salt.” If you take the first letter for all of the words, it would be this:

MBAMFBAS

This could be your eight-character first part…and you can make it more secure by making some swaps:

M3@MFBA$

This still makes the password very difficult for a hacker to guess but makes it easier for you to remember. You can use the same method, of course, for the smaller parts of the password.

Honestly, if you’ve got even this far in this article, congratulations to you. You must be some weird math savant with an elephants memory. Frankly, the above gives me a headache. Like I said in the first three paragraphs, it’s best to just use a password manager and forget all of this work, but if you don’t want to, this method works pretty well.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Protecting Yourself from Cyber Extortion

/0 Comments/in , /by

You might not think that you could ever be a victim of cybercrimes, but you would be incorrect. You are just as much of a possible victim than anyone else, and you have to know how to protect yourself.

passwordOne of the easiest ways that hackers can get victims is to trick people into clicking links in emails or opening attachments. Something as simple as this can easily lead to viruses and other security issues, like ransomware, and no one is ready to deal with this.

Cyber extortion is on the rise, and it involves infecting a computer with ransomware, which means the victim will not be able to access their files unless they pay money via bitcoin to the attacker. This software is installed when the victims click on links in emails.

Many of these emails ask for information that is sensitive. If you get one of these emails, you should have alarm sounding off. If you don’t, you could, blindly, give the hacker information about you, such as your passwords, account numbers, or worse.

Extortion Prevention

Here are some things that you can do to prevent yourself from cyber extortion:

  • Install a password manager software
  • Don’t use the following in your passwords: words or names that are obviously yours, any keyword sequence (ZXCVB), any password under eight characters, or anything easy to guess.
  • Make sure every account has a unique password.
  • If an account offers it, enable two-factor authentication. Each time you try to log in, you cannot gain access to the account unless you insert a one time code, which is delivered to your phone via text. If someone contacts you and asks for a code like this, you should hear alarm bells in your head.
  • Create passwords with a mix of letters, symbols, and numbers. Randomly choose these like a toddler would if they were typing and add them to your password manager.
  • Don’t ever click on any link that comes to you via email unless you confirm its legitimacy with the sender. A single click might download a virus, or you might be directed to a site that can lure you into typing your username, password, and other information. A red flag that you might be at risk of doing this is if you get an email that says, “Your Account Was Suspended.”
  • Often, these emails seem like they come from a source you trust like PayPal, a bank, the IRS, or your employer.
  • You also might see a sense of urgency in these emails, such as “Act within 24 hours” or “You must…”
  • Don’t open any attachments including those from a person or company that claims they want to offer you a job.
  • Do not post any sensitive personal information on your social media accounts. Hackers can use this information to figure out login information.
  • Have a business email account and a personal one.
  • Don’t connect to public Wi-Fi and do anything like shopping or banking. If you don’t have a choice, you can browse by using a VPN, virtual private network.

Some of this might sound like a pain, or even inconvenient, but believe it or not, you are a target for hackers, and they are just waiting for you to take the bait.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Prevent Bitcoin Fraud by Securing Your Identity

/0 Comments/in /by

Are you thinking about jumping onto the Bitcoin train? If so, you might be worried about security. The truth is, Bitcoin is definitely secure, but as with anything, there are bad guys out there who are ruining it for many. Bitcoin identity theft is when a criminal steals your identity and poses as you by phishing your passwords or hacking your computer. Here are some common cryptocurrency scams that can be prevented and some tips to protect yourself:

Bitcoin Private Security Keys:

What are they? A Bitcoin private key is a number only you should know, a secret number which allows bitcoins to be used in commerce, traded, exchanged etc. Bitcoin wallets contains the private keys and are mathematically related to all Bitcoin addresses generated for the wallet.

How do they work?

When a private key is entered in a wallets “transaction” window meant to move your funds from one wallet to another, the transaction is broadcast and sends the balance to a new address in another wallet. Simply, they are for spending and sending your bitcoins to anyone and anywhere.

How to get one?

This secret, alphanumeric password/number that is designed to spend and send your bitcoins to another Bitcoin address. Is a 256-bit long number which is picked randomly as soon as you make a wallet.

Protect Your Security Keys

The private key “ticket” allowing its owner spend bitcoins and like cash, they must kept secure. Private keys are usually stored on computers, and can be printed on paper.

Again, it’s so important that you protect your private security key. Remember, if someone gets this key, they can spend your currency.

Backup All Security Keys

If you are using private keys for your cyber currency, make sure that they are backed up on a offline

You Give Up Your Private Key

Another mistake that people often make is to give up your private key. Again, cyber criminals can get this information through your email or maybe over the phone. They also can hack into your computer and access your key if you have it stored there.

Preventing It

Keep your devices as secure as possible using security software and keeping your operating system updated. Maybe always store your private key off of your computer. You can write it on paper or store it on a USB drive. Make sure to keep this information locked up somewhere, like a safe or safety deposit box.

Cyber Thieves Steal Passwords

Many people use services to store their currency. However, to access these, you must have a password, and cyber thieves know this. So, they break into your email, ask your chose storage service to reset the password, and this gives them access to your currency.

Preventing It

To prevent this, make sure to use two-factor authentication for both your email account and your cyber currency storage account.  And don’t use the same password (password re-use) for any critical accounts.

The Bad Guys Start Impersonating

You also must make sure that you don’t get scammed by a bad guy impersonating a cyber currency employee. They might, for instance, contact you over the phone of via email about initial coin offerings. They ask you to send Bitcoins to them for fundraising purposes, but then promise that you will get that back with a return on that investment. Wrong. They just steal it.

Preventing It

Always confirm that you are investing in legitimate companies. Contact them directly

Keeping Your Bitcoins Safe

There are other things that you can do to keep your cyber currency safe, too:

Use a VPN for Your Transactions

When trading cryptocurrency, make sure to use a virtual private network, or VPN. These networks scramble your data so hackers, even if they access it, can’t read it.

Keep Separate Wallets

Instead of using a single wallet for all of your currency, it’s best to have at least two; a “hot” wallet, which is used for your various day to day transactions, and a “cold” wallet, which is where you store your currency. Think of it like a checking account (hot) and savings account (cold.)

Additional Security Tips

Finally, here are some additional security tips to keep all of your accounts safe:

Password Tips

  • Make sure every online account you have has a long, strong password. This should be a combination of letters, numbers, and symbols. Also, make sure that you have a unique password for every account.
  • All passwords should be 8 to 12 characters. Use both upper-case and lower-case letters, and make sure that you aren’t making it easy to guess. For instance, “hwR7os$9*” is a much better password than “IL0veD0gz.”
  • Use two-factor authentication on all of your accounts. This way, even if someone gets your password, they can’t get into your accounts unless they also have access to your cell phone.

Antivirus Tips

  • Antivirus software is required, but it’s not going to keep your devices completely safe. Yes, this software will keep the vast majority of viruses and bugs out of your system, but not all of them.
  • Make the investment and buy your antivirus software instead of using a free one. The paid versions come with other services like firewalls and antispyware. This helps to keep your information even safer.

Updates to Your System

Finally, make sure that you are always updating your computers, tablets, and smart phones. Yes, those pop-ups are annoying, but try to resist clicking the “remind me later” option. Many times, these updates contain important security updates that protect your device and data from becoming vulnerable. It’s also a good idea to set up automatic installation of these, so you never have to worry about it.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Protect Your Identity From Thieves

/0 Comments/in /by

There are tried and true ways to protect yourself from identity theft—ways that you may not have even considered.

Evaluate your passwords. Does every online account have a different password or are you using the same one for multiple accounts? Fix this problem immediately by investing in a password manager software. Avoid using actual words or names, or keyboard sequences. Password managers facilitate the password creation process.

Never post anything personal on social media.This includes your pet’s name, name of your kids’ school or teacher, where you’re going on vacation, the town your parents live in, etc.

Ignore e-mails whose senders you don’t know. Never click links in e-mails or open attachments you’re not expecting.

Set your phone up with a password. If it’s lost or stolen, you’ll have no worries.

Shred everything. All your credit card offers, medical records and other personal information before tossing.

Never give it out your Social Security number unless it’s absolutely mandatory like a credit application. However, just because someone says they can’t process your request without your SSN doesn’t mean you must hand it over. The objective is to minimize how much your SSN is “out there.”

Request your free credit report every year from the three major credit reporting bureaus. Refute unauthorized accounts immediately.

Inspect your statements such as credit card and banking statements every month for suspicious activity.

Use a locking mailbox or have your mail delivered to the post office and pick up.

Stop mail delivery when taking long trips.

Get a credit freeze. This is a no brainer to protect you from new account fraud.

Invest in identity theft protection. There is no cure for identity theft. But with a protection plan in place, the restoration component will fix most of what goes wrong.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program and the home security expert for Porch.com

Are Password Managers as Safe as You Think They Are?

/0 Comments/in , /by

You have probably heard of password managers, and you probably think they are pretty safe, right? Well, there is new research out there that may might make you think twice, especially if you use password managers like KeePass, 1Password, Lastpass, or Dashlane. Frankly, I’m not worried about it, but read on.

Specifically, this study looked at the instances of passwords leaking from a host compute or focused on if these password managers were accidently leaving passwords in the computer’s memory.

What was found was that all of the password managers that were looked at did a good job at keeping these passwords secure when in a state where it was “not running.” This means that a hacker would not be able to force the program into giving away the user’s passwords. However, it was also noted that though each password manager that was tested attempted to scrub these passwords from the memory of the computer, it wasn’t always successful…meaning, your passwords could still be in the memory.

Some of these programs, like 1Password, seemed to have left the master password, but also the secret key for the program. This could possibly allow a hacker to access the info in this program. But, it’s important to note that these programs are trying to remove this information, but due to various situational issues, it’s not always possible.

Another program, LastPass, was also examined, and it, too, caused some concern amongst researchers. Basically, the program scrambles the passwords when the user is typing them in, but they are decrypted into the computer’s memory. Additionally, even when the software is locked, the passwords are still sitting in the memory just waiting for someone to extract it.

KeePass, which is yet another password manager, was also looked at here. In this case, it removes the master password from the computer’s memory, and it is not able to be recovered. However, other credentials that were stored in KeePass were able to be accessed, which is also problematic.

Should you be worried about this? Well, it depends on your personal thought process. Some people probably won’t care too much, and others won’t be affected because they don’t use password managers that have these issues. Since the researchers pointed out these issues each password manager has done their own updates and corrected any issues. The real vulnerability isn’t the security of the password managers but the security of the devices, their users and if the users are deploying the same password across multiple accounts.  Using the same password over and over is the risk here. So get a password manager so you can have a different password everywhere.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Create Bulletproof Passwords

/0 Comments/in , /by

It is a hassle to keep track of all of your passwords. So, many people use the same username and password combination for all of their accounts. This, however, is a big mistake. All it takes is one hacker getting ahold of one of your accounts, and the rest of your accounts are now compromised. Thankfully, there is a pretty easy way around this…One way is a password manager and for those who don’t trust them, try below.

Creating Passwords that are Unique

The best passwords are 14 characters. Passwords that are shorter are statistically much easier to guess. If a site doesn’t allow a password that is 14 characters, you can adapt the following to fit:

Make a list of all websites you have a username and password for, and then make lists categorizing them. For instance, put all of your social media sites together, your email sites, your shopping sites, and banking sites.

Next, create an eight-character password. This will be used as the first part of every password that you create. For instance, it might look like this:

H76&2j9@

Next, look at your categories. Create a three-character password for those. So, you might do this:

  • Social media sites – SM$
  • Email sites – @eM
  • Shopping sites – $ho
  • Banking sites – BaN

Finally, the last three characters of the 14-character password will be specific to the website.

Let’s say you are creating a password for your Facebook account:

Eight-character + three-character (category) + three-character (unique to site)

So, your password for Facebook would be:

H76&2j9@SMSg5P

This is now a very strong password ad for some of you that is much easier to remember. But not me, above doesn’t work for me. More in a minute…When you have to change your password in the future, you can keep the final six characters and just change the first eight.

So, how do you remember the first part of the password? One way is to just write it down in a secure location. Don’t keep in near the computer, though. Another thing that you can do is to create a passphrase, which makes it easy to remember a password.

Let’s use this phrase

“My sister asked me for milk and butter.” If you take the first letter of all of those words, you would have this:

MSAMFMAB

This could be used as your eight-character common denominator.

You can even go further and make it more secure by swapping out some of the letters with numbers or symbols:

M3AM4MA8

Now, the common part of the password is even more difficult to guess, yet still fairly easy to remember. You can also use this method for the shorter part of the password, or even come up with your own methods for password success.

Oh and that “in a minute” comment…just use a password manager and forget the above madness. My password manager created this: *zWo5j!wUxCVWV and it means nothing and I’ll never remember it because my password manager serves as my memory now.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

5 Digital Security Tips That You Should Always Beware Of

/0 Comments/in /by

Hackers are out there, and they have their eyes on YOU! So, you are the first line of defense against them. Do you know how to make your smart phone or computer more difficult for hackers to access? Here’s five tips to help:

Password Information

  • You would think that these days, everyone would know how to create and use a strong password, but people don’t. Every online account you have should have a strong, long password made of a combination of symbols, letters, and numbers. You should also use a different password for each account.
  • A good, strong password is at least 8-12 characters in length. It is also made up of both upper case and lower-case letters, symbols and numbers. Make sure it doesn’t spell anything, either. Example: “yi&H3bL*f#2S” However a phrase will do to. Such as iLike1ceCream!
  • Activate two-factor authentication on every account you can. This way, even if your password gets into the wrong hands, the hacker can’t get in unless they also have access to your smartphone.

Understand the Cloud

  • Yes, the cloud is pretty cool, but it is still vulnerable. The cloud, essentially is just internet connected servers that sit in climate controlled secure facilities. These are generally secure. However, if your device doesn’t have the best security, the data in the cloud becomes vulnerable through your device. Example: your bank which is cloud based, is unlikely to get hacked, but your PC is. If you don’t use security software, or if you don’t update your software, cloud security doesn’t matter much.
  • Since the cloud is a huge source of data, a lot can go wrong. So, should you rely on the cloud to protect you or should you protect yourself? Feel good that in general whatever cloud serve you are using is secure. But if you are downloading pirated content and shady software, then cloud security will not protect you.

New Devices Don’t Mean Safe Devices

  • Many believe that if they have a new device that it is perfectly safe. This isn’t true. Androids and Macs need antivirus just like PCs need antivirus. And right out of the box, all devices operating systems, browsers and software should be updated.

Antivirus Software is Great, But Not Perfect

  • Yes, it’s awesome to have good antivirus software, but it’s not the only thing you have to do to keep your device safe. Think of your antivirus software as an exterminator. Like a pest control expert in your home, they get out the vast majority of insects when you call them. However, they can’t 100% eradicate every single egg, larvae, and bug. Free antivirus software is the same. It does a great job for the most part, but it won’t get everything. Free antivirus doesn’t come with a firewall, antispyware, antiphishing or other fundamental security tools. A paid service will generally accomplish this.
  • Ask yourself this: would you want your bank using free antivirus software? Then why do you?

Updating Your System

 It can get annoying when your system alerts you with a pop-up to update your software, but don’t hit “remind me later.” In most cases, this update contains important security patches that you need to install to be safe. It’s best to allow automatic updates on every device.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Use a Password Manager Or You WILL Get Hacked

/0 Comments/in , /by

Do you ever use the same password over and over again for different accounts? If so, you are not alone. However, this is quite dangerous. It’s best to use a different, unique password for each account, and to make it easier, you should use a password manager.

According to surveys, people understand that they should use unique passwords, and more than half of people get stressed out due to passwords. Furthermore, about 2/3rds of people said that they had forgotten a password or that a password issue had cause problems at work.

However, a password manager can easily solve the issues associated with passwords. A password manager is a type of software that can store login info for any and all websites that you use. Then, when you go to those websites, the password manager logs you in. These are safe, too. The information is stored on a secure database, which is controlled by a master password.

Using a Password Manager

Most people have more than one online account, and again, it’s so important to have a different password for each account. However, it’s very difficult to remember every password for every account. So, it’s not surprising that people use the same one for all of their accounts. But, if using a password manager, you can make it a lot easier.

  • When using a password manager, you can create a password that is safe and secure, and all of your passwords are protected by your master password.
  • This master password allows you to access all websites you have accounts on by using that master password.
  • When you use a password manager, and you update a password on a site, that password automatically is updated on all the computers that use your password manager.

Password Managers Can Ease Your Stress

When you first start using a password manager, it’s likely that you’ll notice you have fewer worries about your internet accounts. There are other things you will notice, too, including the following:

  • When you first visit a website, you won’t put your password in. Instead, you can open the password manager, and then there, you can put your master password.
  • The password manager you use fills in your username and password, which then allows you to log into the website with no worries.

Things to Keep in Mind Before You Use a Password Manager

Password managers available on the internet from many reputable security companies. However, before you pay for them, there are some things that you should keep in mind:

  • All of the major internet browsers have a password manager. However, they just can’t compete with the independent software that is out there. For instance, a browser-based password manager can store your info on your personal computer, but it may not be encrypted. So, a hacker can might that information anyway.
  • Internet browser-based password managers do not generate custom passwords. They also might not sync from platform to platform.
  • Software based password managers work across most browsers such as Chrome, Internet Explorer, Edge, Firefox and Safari.

Password Managers are Easy to Use

If you are thinking about using a password manager, the first step is to create your master password.

  • The master password has to be extremely strong, but easy to remember. This is the password you will use to access all of your accounts.
  • You should go to all of your accounts and change your passwords using the password manager as an assistant. This ensures that they are as strong as possible, too.
  • The strongest passwords contain a combination of numbers, uppercase and lowercase letters, and symbols. Password managers often create passwords using this formula.

Managing your accounts online is really important, especially when you are dealing with passwords. Yes, it’s easy to use the same password for every account, but this also makes it easy for hackers to access those accounts.

Don’t Reuse Your Passwords

You might think it would be easy to reuse your passwords, but this could be dangerous:

  • If your password is leaked, hackers can get access to all of your sensitive information like passwords, names, and email addresses, which means they have enough information to access other sites.
  • When a website is hacked, and all of your passwords and usernames are discovered, the scammer can then plug in those passwords and usernames into all of your accounts to see what works. These could even give them access to your bank account or websites like PayPal.

Ensuring Your Passwords are Secure and Strong

There are a number of ways to ensure your passwords are secure and strong. Here are some more ways to create the best passwords:

  • Make your passwords a minimum of eight characters long.
  • Mix up letters, numbers, and symbols in the password, making sure they don’t spell out any words.
  • Have a different password for every account that you have. This is extra important for accounts containing financial information, like bank accounts.
  • Consider changing your password often. This ensures your safety and security.

If you have a weak password, you are much more susceptible to hacks and scams. So, protect your online existence, and start utilizing these tips.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Remember This: Hackers Like Strong Passwords, Too

/in , /by

In late 2016, a huge data breach occurred. More than 412 million accounts were affected when hackers got into FriendFinder Networks.

5DAccording to sources, approximately a million of those accounts had the password ‘123456,’ and approximately 100,000 has the password that was simply, ‘password.’ This, of course, is despite the efforts from pros about password management and the importance of a strong password.

Complex Passwords are Inconvenient

This data breach is just one of many, and it shows that using passwords alone are risky and have consequences. Additionally, complex passwords are inconvenient, and this means that people often avoid using them, or they write them down, or use them across multiple accounts, meaning there is a great chance that they can be stolen.

Keeping in mind, still, that passwords are flawed. This is not because they are often so easy to guess and easy to hack, it’s because they are quite expensive to maintain. Approximately 20 to 50 percent of calls to the help desk are due to password resets because people forget them.

All of this means that things have only gotten worse when it comes to the usability of passwords over the past few years. So, to keep the control that is necessary to ensure the data is safe in an organization, the IT team must use tools that will address these major security concerns. When you consider all of this, it is truly shocking that so many people are still using passwords such as ‘password’ and ‘123456.’

If you look at all of the data-breaches that have occurred in 2016 and consider the millions of people who have been caught up in these breaches, it’s absurd that people are picking passwords that are so easy to guess.

However, you also should keep in mind that it doesn’t matter what your password is, security experts and IT professionals keep hammering in the importance of changing passwords. Even if you are choosing passwords that are a bit more advanced than ‘123456,’ you should still change your password, often.

You also must consider this: it doesn’t matter how good your password is and how complex you make it; passwords are still vulnerable. What we need is a change in our thoughts about security and a revision of our concept of what a password is and does.

In some form or another, passwords have existed as a way to secure information for centuries. For most of this time, they have worked well. However, with technology changing the world, this old form of security needs to be refreshed to meet the needs of the time.

More Security is Necessary

To overcome all of the issues that are associated with passwords, companies should take time to look at different forms of security. All you are doing now is wasting time and money by changing passwords and making them stronger. On top of this, when your business experiences a data breach, you could be facing a fine and of course, embarrassing questions. Instead, it’s time to drop this concept of using passwords as the only means of security.

We need an approach that eliminates passwords altogether. Using, for instance, two factor or multi factor authentication or better, un-hackable security tokens is one way to ensure that no passwords are stored, created, or transmitted. This will help us all to remain safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Celebrate World Password Day in 2016 With These Tips

/in , /by

Each year, researchers in security take the time to rate some of the worst passwords found on the Internet. While popular pop culture events have caused waves with the list of the worst passwords of 2015 – think “solo,” “starwars,” and “princess” – the worst passwords of last year were still the usual suspects, “password,” “123456,” and “qwerty.”

5DIt shouldn’t be a surprise to anyone that researchers estimate as many as 90 percent of all user-generated passwords are subject to hacking. However, it might surprise you to know that even passwords that you believe to be secure will give little protection if it gets leaked.

On May 5th, the 4th World Password Day will commence, and Intel Security is, for the first time, departing from its usual stance of asking users to change their passwords to something stronger. Instead, they are asking users to add multi-factor authentication, or MFA.

MFA is an extremely powerful security feature that is available on most major websites for free, and this helps to stop any unauthorized person from accessing the account, even if this person knows your password. This feature combines the login with other identification factors such as face recognition, fingerprints or a code that you can use, which is delivered by text message.

Even the President is getting into the password game. That’s how important it is to have a strong password. President Obama recently suggested that Americans should start to protect themselves online by turning on this multi-factor authentication. Additionally, when you supplement passwords with MFA, you will greatly decrease the chance that you become a victim of fraud or identity theft.

Here are some of the best ways to protect and strengthen your password:

  • Create passwords that are strong by using symbols and a mixture of upper and lower case letters
  • Use a different password for every account you have
  • Utilize a password manager to keep track of all of your passwords
  • Turn on the multi-factor authentication feature when possible.

You can find out how well your passwords stack up by testing them online at Passwordday.org, by taking a pledge to add MFA, or even watch some videos about computer security.

You can also join in on a Twitter chat on May 5 at 3 pm Eastern/Noon Pacific. Stop.Think.Connect is hosting the chat and will be joined by @Telesign, @IntelSecurity and @StaySafeOnline. When you pledge to turn on MFA, which is free on most web services, you will be entered in a drawing to win a prize. Make the pledge today to turn on the MFA feature on May 5th, which is World Password Day.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.