Kennards Storage October eKourier Edition

FEATURE

WHY GOOD PASSWORDS STILL MATTER... FOR NOW T here is growing consensus that passwords alone, as a means to identify yourself is becoming a

• CONTAIN PII (Personally Identifiable Information) – The name of your pets, children and the date of your anniversary are way too easily discoverable. • Use COMMON SUBSTITUTIONS - Don’t use common substitutions like 1 for l and 0 for O. Hackers do this program- matically now and it doesn’t slow them down at all.

hack into systems by bombarding them with as many password combinations as possible, in a process called brute force attacks. Should you be worried? Yes, you should. You would think with so many password breaches occurring daily, we would have improved our password selection practices. Unfortunately, over the last five years, little has changed:

bit old school. Pairing a password with another means of identification, plainly speaking, offers a far more robust defence against bad intentions. Multi factor authentication as it is known, is best described as something you know, something you have or something you are. Examples of these are: codes generated by smartphone apps, tokens, fingerprints, codes sent to an email address and facial recognition to name some. A lot of you are probably already using these in addition to a password in your everyday lives. It won’t be long before this is the norm and the only reason it isn’t already is because a lot of technologies are behind the eight ball, big players like Apple, Google and Microsoft notwith- standing. The other complication is, at least in corporate environments, interoperability across multiple systems – a challenge we face too, but one we are already unravelling, and ultimately where we are heading. For now though, good passwords still matter. Passwords have been used for many years as a means of identifying ourselves to others and in more recent times, to computers. It's a simple concept – a shared piece of informa- tion, kept secret between individuals and used to 'prove' identity. They're now used for everything from the PIN we enter at an ATM, to logging in to our computers and various web sites. Until relatively recently, a good password might have been a word or phrase of as little as six to eight charac- ters. But we now have minimum length guidelines. This is because of 'entropy'. When talking about passwords, entropy is the measure of predictability. The maths behind this isn't complex, the point here is passwords are ridicu- lously easy to guess using computing techniques. A computer can guess more than 100,000,000,000 passwords per second. By leveraging this computing power, cyber criminals can

• INCREMENT the number for a password change. Don’t just change the 1 to a 2! Examples of good passwords (Don’t use these – make up your own!): • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question - from Shakespeare) • 2HeadsR>than1 (Two heads are better than one) • 4Score&7yrsAgo (Four score and seven years ago - from the Gettysburg Address) • 14A&A41dumaS (one for all and all for 1 - from The Three Musketeers, by Dumas) • Dressed2the999s:) (Dressed to the nines ) “Amateurs hack systems, professionals hack people.” - Bruce Schneier

SO, WHAT MAKES A GOOD PASSWORD? A good password is:

• LONG. Every extra character in a password makes it exponentially more difficult to crack. We encourage the use of 'passphrases' rather than passwords. • MEMORABLE. If you have to record it somewhere, you’re already creating a security exposure. Recorded passwords are easily discovered if they’re not kept somewhere secure like a Password Manager. • UNIQUE. Never re-use passwords on multiple systems. You don’t want a hacker that cracks your iTunes password to immediately have access to your PayPal account, do you? • HIGH ENTROPY. This means that it uses more than just alpha charac- ters. Add numbers (and not just 1). Add symbols (and not just the exclamation mark!). Add smiley faces 8) :S :P :D. A good password does not:

Sean Bradley ICT Manager

15 Kennards Kourier Oct 2020