5 steps to Peace of MindWith the most recent password breach at Yahoo barely a month since the LinkedIn password leak, it seems a regular occurrence now – is there anyone left who has NOT had a username/password breach?
The risk is that we start becoming calloused and maybe even comfortable with this, especially if you or someone you care about hasn’t had a direct consequence such as identity theft occur after a major security breach.
Our reaction should be the opposite. It should move us to action. These simple steps will make your account less vulnerable to being impersonated; your bank account less likely to get hacked and overall you will enjoy more peace of mind.
It’s important to note that these mass password breaches are not the most common way your credentials are hacked. The large breaches tend to covered by the media, but the topic of security of your credentials is a much broader topic.
Below are 5 easy steps to dramatically better security:

  1. Have a unique and strong password for each service. This way, if (or when) one of your favourite services has a password breach, you don’t need to be concerned about that password making you vulnerable in other accounts.
  2. Use a password manager like LastPass (with a strong password).
  3. Use OpenDNS to protect yourself from Phishing attacks. The goal of online criminals most commonly is to impersonate you and somehow profit from you. There are many different threats, including blended threats. OpenDNS protects from many of these.
  4. Use only up-to-date computers that are fully patched with latest updates and security protection. Many threats that succeed in compromising computers will use known weaknesses in order to compromise computers.
  5. Ask your bank for 2-factor authentication options. The jackpot for an online thief is to access your bank account. By requiring 2-factor authentication, it makes it significantly more difficult for anyone to break into your account. Some banks will send you an SMS to your mobile phone to confirm each online access or transaction. Others use number tumblers. We hope some banks will soon start offering One-Time Password (OTP) such as the Yubikey.

If any of this sounds too complicated, too techy, and you just want to get it done, never hesitate to ask us. We’re happy to help.

Comments

  1. Philipp L Hahn says:

    I wonder whether there any pass words that can be improved by making them time sensitive? I have in mind a password such as “peanuts” plus some letter or number that change every hour, day or week. Thus for a Monday add the number 1 (or the letters mo). The password would become “peanuts1” (or “peanutsmo”), On Tuesday “peanuts2” (or “peanutstu”). Of course frequent travellers to the antipodes would have to guess what day of the week it is back home. Not too difficult I imagine.
    If time-sensitive passwords were feasible, then one could invent all sorts of simple mnemonic devices producing new but easily remembered passwords, that could change as frequently as desired.

  2. Phillipp, the concept of a non-standard password certainly is a good one, just not sure about the time sensitivity since it would require a change on how the authentication server handles it. However, it reminds me of Steve Gibson’s Password Haystack – check it out here: https://www.grc.com/haystack.htm

Comments are closed.