Archive for May 9th, 2012

I Know Your Password: CUNA Guest Post

I Know Your Password: CUNA Guest Post

I Know Your Password
by Jim Stickley

When my son was three years old he liked to play a game with me that he called “What’s the password?” This game consisted of him standing in a doorway with his arms stretched out to block access. He then asked me for the password and if I guessed correctly, I was allowed to pass. I am, of course, expected to want to go through this same door dozens of times in a row, each time being forced to answer the challenge. Strangely, there was only one correct response that he would accept to open the gate. That word was “Password.”

At first I found this funny and played along. However, it went on for a couple of months and quite honestly, I started to get concerned. What if my son ends up to be one of those kinds of people–you know, the people who use “qwerty,” “asdfgh,” and “password” as their password. What if instead of creating strong passwords, his password is simply his name backwards, or “admin” for the admin account, or his name for his online account?

Over the past several years I have run across these passwords, or others just as bad, at customer sites. Sometimes I discovered them by taking a stab in the dark, even without a password-cracking tool. And now it seemed my son was on this same destructive path. You can tell your kids not to smoke or do drugs. But how do you tell your three-year-old son he’s on the verge of becoming a password degenerate?

Fortunately my son was young and I had many years left to twist his mind into the paranoid realm I embrace with warm affection. For others, it might be too late. Passwords have always been the strong and weak point of security for both business and personal accounts. Strong passwords generally indicate stronger security, while weak passwords lead to compromise. So why do passwords fail to protect so many users and organizations? To answer that, you have to look at a much bigger picture.

Poorly Designed Passwords

When a password is created without the help of an automated tool, most people choose easy-to-remember passwords. Sometimes it’s the first letter of several words. Or, people use anniversary or birth dates. Although these can be used to create a strong password, more times than not they are done wrong. A person’s name with a date at the end, like Jim1970, will be found by most password crackers. January1970 is equally bad. Sometimes people get creative and change letters such as ‘O’ with the number zero, or letter ‘I’ with the number 1. Although minor changes add a little extra security, they are not recommended and still considered weak.

Strong passwords require a minimum of eight characters, with both upper and lower case letters, at least one or more numbers and, most importantly, at least one unique character such as ! or @. If you follow these simple guidelines, you can be certain your password will be secure. However, just because it’s easy to create a unique strong password doesn’t mean it will be easy to remember. Even worse, if you have several online accounts such as Facebook, Twitter, or Pinterest, each account should have its own unique password. Now you’re stuck trying to remember all these crazy characters for all these different passwords assigned to all these different accounts. Like everyone else, you come up with one good password and use that for every account. Although it’s easier, it puts all your accounts at risk. Let’s say that a hacker discovers the password for one of your accounts. Since most people use the same password for all accounts, the hacker takes the login credentials stolen from the first account and tries them at every other online account he can think of. If your password is the same everywhere, each one of your accounts will be hacked in short order.

Simple Solution

Here’s a trick to create a strong unique password for each online account without having to be a Mensa member to remember them. First, come up with your base password, consisting of seven characters that are both upper and lower case, numbers, and at least one unique character. Ours will be: Jw75T!z. Next go to one of your online accounts—let’s say www.facebook.com. To make your password unique and still be able to remember it, take a portion of the website domain name and add it to your password. For example, take the first three letters of facebook.com and add them to the end of your password. So your password becomes “Jw75T!zfac”. We could also put the domain letters at the beginning of the password: “fac Jw75T!z”. To make it even more unique, reverse those first three letters so “fac” would become “caf” and add those to the end of our password: “Jw75T!zcaf”. Of course you don’t have to use my specific example of the first three characters; you might choose to use the last two or maybe the first and last letter of the domain. Whatever you come up with, use that same criteria for each online account.

Security doesn’t have to be difficult. By following this simple tip, you can ensure that your base password is strong, and you’ll have unique passwords for each online account. Just as important, you can rest easy knowing you’re one of the few who escaped the label of password degenerate.

_________________________________

Jim Stickley is the CTO and Vice President of Strategy & Solutions for TraceSecurity Inc. and is a cyber-security expert with more than 20 years in the industry.. He has been featured in magazines and newspapers including Time magazine, Business Week, Fortune magazine, New York Times and hundreds of other publications. He has also been showcased on numerous television shows including NBC’s Nightly News, CNN’s NewsNight, and is a frequent guest on NBC’s Today Show. He is the author of The Truth about Identity Theft and a co-author of Beautiful Security.

DSEF & CBBB: Warning! Stay Away from Work-At-Home Scams

DSEF & CBBB: Warning! Stay Away from Work-At-Home Scams

Warning! Stay Away from Work-At-Home Scams – Search Profit System & Money Mastery

By America Monge

The BBB cautions consumers to be wary of work at home scams and their too good to be true deals, according to Puget Sound Business Journal.

Two companies in question, Search Profit System and Money Mastery are bad news. Money Mastery promises to pay customers $186 a day, working from home. The other company, Search Profit System claims you can make money using search engines like Google, Yahoo, MSN and Bing. What really happens is that once you sign up, consumers are charged almost $50 in monthly membership fees and canceling the service is very difficult.

DSEF and Council on Better Business Bureaus (CBBB) fosters honest and responsive relationships between businesses and consumers—instilling consumer confidence and advancing a trustworthy marketplace for all.

About the Better Business Bureaus
As the leader in advancing marketplace trust, Better Business Bureau is an unbiased non-profit organization that sets and upholds high standards for fair and honest business behavior. Every year, more than 87 million consumers rely on BBB Business Reviews® and BBB Wise Giving Reports® to help them find trustworthy businesses and charities across North America. Visitwww.bbb.org/us for more information.

Free e-book “Business Owner’s Road Map to Success.” It has over 50 pages of techniques for everything a small business owner needs to master, from business planning and ethical selling to a success mindset. It’s all there and it’s free for you. To get it, just “Like” our Facebook Page here: http://on.fb.me/KsIN6P Pass it on!