Passwords

shutterstock_414545476.jpg

Protecting your sensitive information from the wrong people is a major concern in the information age. That almost always, at some level, involves passwords.

You’ve seen those aggravating password policies that require certain characters, or length, or expiring every so often. Here, let’s reverse engineer what makes a good password, and determine how you can create consistently good passwords.

Ways to “hack” a password

To state the obvious, a password works if you know it. There may be additional authentication factors in a given system that verify one’s identity, but as we’re just looking at passwords, a system doesn’t care who enters the password: anyone who knows the password can authenticate with it. There are several ways the wrong people may come to know a password they shouldn’t.

Phishing

This often originates via a fraudulent email, with the end goal of having the user type their actual password somewhere that allows the attacker to see or copy the password and use it themselves. They are hoping the user is either not aware of such scams or not paying attention to the warning signs (email sender, browser domain name, typos...) In my own experience, this is the most common cause of “getting hacked.”

Guess

This would be the Sherlock Holmes style of password cracking. The person trying to access the information would, usually through social engineering, learn details about their target (pet’s name, anniversary date, etc.) and try those. They are hoping their target chose something short and easy to remember. Or wrote it on a sticky note underneath their keyboard.

Lists

These lists can come from the data breaches that make headlines, or from smaller ones you never hear about, but the result is the same: actual passwords are obtained and shared. Responsibly organizations will force a password reset and notify their users as soon as they become aware of a breach, but attackers hope the victims use that same password on multiple systems and try it elsewhere.

Brute-force

This one lets computers do all the work. A fairly simple script cycles through either a dictionary of common passwords or every possible combination of characters until it finds one that works. The hope here is that the password is short enough that a computer can crack it in a reasonable amount of time, and they’re getting faster every day.

Bad passwords

So to mitigate all those methods, we don’t want a password to be:

  • guessable

  • reused

  • short

But it does need to be easy to remember...

Practical passwords

Personally, I have passwords to ~300 websites. That doesn’t include all the passwords I use as an IT admin. Out of those, I could only tell you what two of them are: the one for my bank, and the one for my password manager.

Password manager

Password managers remember all your passwords for you, so you don’t have to write them down. Decent ones store your passwords in a cryptographically secure way that only you can access, essentially making them “breach proof.” Good ones will work on all your devices, and can also generate long, random passwords for you, so you have no reason to reuse a password you used elsewhere. Great ones will even track all those breaches for you, so you can change any compromised passwords as soon as possible.

At Envision Design, we use and recommend 1Password for personal and business use. You can read more about this popular and secure password manager and contact us for a quote for your team.

Passphrase

When you do need a password you can remember, like for your password manager: use a passphrase. Pick a favorite verse from a song, or quote, or line from a book... you already have a lot of phrases memorized, so use that! For example, the passphrase:

Welcome 2 the Jungle — we’ve got fun & games!

is long, I’m the only one who knows how I chose to spell, punctuate and capitalize it, and is super easy for me to remember. (I put passphrases after password managers because many sites don’t allow for lengthy passwords with all the symbols, so you’ll still need those randomly generated strings.)

Still have questions about how to protect your personal or business information online? We offer a full array of cyber security services and products, so reach out to us to set up a quick meeting or consultation!

New Years Resolutions - 1 month down, how are we doing?

January draws to a close this week, and we are super-excited about 2019, right? At least that’s what we said a month ago; so now it’s time for a progress report. Vector check. Monthly review. Self-assessment. Call it what you want, but reviewing status is a no-brainer, especially when it comes to business goals.

Over the past month I have had many conversations with clients and interested parties regarding Envision Design’s security, data protection, backup, and recovery processes. Surprisingly, some business owners still seem to treat these aspects of protecting their businesses with a casual, “Hey, it’s good enough. I’m pretty sure there’s nothing that can go wrong, and I am fairly certain I can recover what’s needed so I can stay up and running.”

Well, maybe that’s a bit overstated - they haven’t really been THAT casual. But some responses have indicated a bigger lack of awareness. Some even seem to be the proverbial ostrich with its head in the sand. So what happened? Think of the New Years Resolution of “I am going to be serious in 2019, look into vulnerabilities and weaknesses my business has, and mitigate or even eliminate the chance of going bankrupt this year.”

Tom Sands, here - your friendly Client Relations Manager at Envision Design. Maybe it’s just the career Army guy in me, but protection is ALWAYS critical. From an outpost of 1 Soldier doing daytime duty at the front gate of “Camp Swampy,” USA, to a Corps of over 60,000 people deployed for months (or years) of combat operations - and all points in between - it always starts with security. We protect ourselves first, make sure we can communicate second, and then take care of myriad priorities of work from there.

I have found the business world to be no different. If money or information is exchanging hands, external forces seem to be ready to pounce. They want to catch a free ride; and they are looking for an easy chance to intercept some, all, or even MORE than just the transactional amount. Treasure troves have been released by simple, small vulnerabilities. Look at the Target breach of millions of customers’ data - it occurred largely because the Heating Ventilation Air Conditioning (HVAC) log-in was simple, AND it was on the same network as the financial data. I’ll bet the Target leadership did NOT have the New Years Resolution to ensure they had heightened security in 2013. That said, after the November incident, we can all be assured that their 2014 resolution included a healthy dose of security upgrades.

Heading into February, our Envision Design newsletter will hit the streets in a week. Along with it is the monthly free report, “The 7 Most Critical IT Security Protections Every Business Must Have In Place NOW To Protect Themselves From Cybercrime, Data Breaches And Hacker Attacks.” Truth be told, none of our clients are the size of Target; but we treat each one with the same level (or an even HIGHER level) of respect in terms of securing, monitoring, protecting, backing up, taking actions against threats, and preparing to recover their data. At the beginning of the 2d month of 2019 would be a perfect time to review the 7 Protections checklist. Reflect. Assess. Take action.

Our clients went into business to help people, to follow their passions, and to make money in the process. We aim to have them ALL on board when we roll into 2020, so we work hard during the day to stay ahead of threats - learning, studying, training, monitoring, watching for anomalies or intrusion - and we sleep well at night, assured that the systems are in place to make all of that happen 24-7. It’s like being in the Army, again - we are on duty all the time.

Contact us any time - email help@envisiondesign.net or or call 832-442-8588.

Ever Vigilant -  as a modification of the National Security Agency’s motto,  Envision Design is “Defending Our  Clients , Securing The Future.”   See where your business stands.  Fill out a basic 20-question checklist;   take our survey, and let us help you    bring your vision for your business    into focus.   Click the image above to visit our internal page. We will contact you to review your results.

Ever Vigilant - as a modification of the National Security Agency’s motto, Envision Design is “Defending Our Clients, Securing The Future.”

See where your business stands. Fill out a basic 20-question checklist; take our survey, and let us help you bring your vision for your business into focus.

Click the image above to visit our internal page. We will contact you to review your results.

Tech Applied - January Newsletter is available for download

TechApplied 01.2019

TechApplied 01.2019

This month’s newsletter has everything from a book recommendation for “Good to Great” by Jim Collins, to business lessons from Shark Tank’s Robert Herjavec, to a quick lesson about 5 sneaky tricks cybercriminals use to hack your network.

Click on the image to download your free copy. You can also contact us via our website and let us know if you would like to have a printed copy sent to you each month.

If you have questions about any of the IT issues discussed in the newsletter, or ANY IT issues for your business, please don’t hesitate to call or email.

Envision Design is the only certified member of the Apple Consultants Network that has been helping Houston businesses manage, monitor, and secure their technology systems for over 25 years. Whether you

…need to comply with industry mandated security requirements like HIPAA

… you want to implement a backup and disaster recover plan

… or you simply want to improve the productivity and profitability of your team,

Envision will manage all your IT needs so you can get on with the great work YOU want to do. With no long term contracts, we retain clients by providing outstanding customer service. Fluent in both Apple and Microsoft solutions, we ensure your critical data has been backed up and is protected with a disaster recovery plan in hurricane prone Houston.

Call us today today at 832.422.8588 or toll free at 1.866.966.9406 to schedule a free consultation meeting.

Introducing "Tech Applied" - Envision's new monthly print newsletter

Envision is proud to announce that we have begun delivering a monthly PRINT newsletter. Yes, you read that correctly, a digital tech company is delivering a print newsletter!

We plan to cover a variety of topics we think our business clients will find interesting and helpful. We will cover security, productivity, book recommendations, as well as tips and tricks and a bit of humor.

We are excited to be able to offer this content for free each month. If you are interested in receiving a PRINT copy, please go HERE and sign up. We will also deliver this digitally via our Envision News email list. Click HERE to sign up for the digital version.

As always, please contact us if you have questions, need IT services, or just want to chat. We would love to hear from you.

Dec. 2018

click on the image to download a free copy