October is National Cyber Security Awareness Month. and for week 3 of 6 we are going over the ins and outs of ransomware.
Hackers are out there every day trying to get into your email, your online bank accounts, social media profiles and everything in between. By always using strong passwords, you can slow or often defeat the various attack methods that exist today.
According to Microsoft, short and simple passwords are relatively easy for attackers to determine. Some common methods that attackers use for discovering a victim’s password include:
The attacker attempts to log on using the user’s account by repeatedly guessing likely words and phrases such as their children’s names, their city of birth, and local sports teams.
ONLINE DICTIONARY ATTACK
The attacker uses an automated program that includes a text file of words. The program repeatedly attempts to log on to the target system using a different word from the text file on each try.
OFFLINE DICTIONARY ATTACK
Similar to the online dictionary attack, the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and passwords are stored and uses an automated program to determine what the password is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the password file.
OFFLINE BRUTE FORCE ATTACK
This is a variation of the dictionary attacks, but it is designed to determine passwords that may not be included in the text file used in those attacks. Although a brute force attack can be attempted online, due to network bandwidth and latency they are usually undertaken offline using a copy of the target system’s password file. In a brute force attack, the attacker uses an automated program that generates hashes or encrypted values for all possible passwords and compares them to the values in the password file.
BAD VS. GOOD PASSWORDS
Let’s dive into some examples of great passwords for you to use… and some examples of not-so-great ones!
EXAMPLES: BAD PASSWORDS
Please don’t use common words, favorite movie characters, your name, or even extremely difficult for you to remember word/character combinations. And don’t ever us the word “password.” Ever.
EXAMPLES: GREAT PASSWORDS
Some ideas for creating the perfect password include using algorithms, deliberate misspellings, invented words or use a password management system like KeePass, 1Password, OnePass, or Password Wallet. Password Management Systems are inexpensive and effective tools for safely keeping all of your online passwords as well as other sensitive data, such as credit card information. They will also generate strong passwords for you and save them so you never have to remember them. You will be able to keep all of your passwords securely by just remembering one password that you setup.
Think of a sentence, then use the first letter of each word or substitute numbers and punctuation appropriately. “The five-and-ten is at Main and Ash Streets” becomes the password T5&10i@M&ASt.s.
RULES TO FOLLOW
- Passwords ARE case-sensitive so be mindful of what you capatalize
- Make sure your password does not contain your user name
- Is your password at least six characters long
- Try and use characters from three of the following four groups (lowercase letters, uppercase letters, numbers and symbols). Some websites may require you to use more, so always have options based on their regulations
- Never give out your passwords
- Always log out properly
- Change your password regularly
- Store your password securely