Contact Us Today!   314.394.3001   |   info@andersontech.com

Posts

Password Safety Cyber Security

Change Your Passwords: Follow the Best New Policies

/in , /by

Everything you know about creating passwords is about to change.

The National Institute of Standards and Technology (NIST) recently released their new Digital Identity Guidelines, which explains how many of the security measures in place for passwords simply don’t work. According to the NIST, “Humans … have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.”

In other words, it’s hard to remember “1S6u5^Q%,” so most users go with something simple like “cakeboss.” Previous guidelines indicated complexity would make passwords more secure, but when restrictions require a capital letter, number, and special character, users are more likely to adapt an easy password to match, turning “cakeboss” into “Cakeb0ss!” Furthermore, when required to change passwords every 90 days, users often make small changes (i.e., “Cakeb0ss!1”) rather than creating entirely new passwords. These minimal alterations are predictable and increase the risk of a security breach significantly.

The New Guidelines

Thanks to the NIST, the new guidelines focus on usability as a factor of password security. If someone can’t remember a password or must write it down because it is constantly changing, then it’s not secure. Because using numbers and special characters is so predictable, complexity is not as important as length and memorability.

For this reason, the NIST suggests that numbers and special characters not be required of users. Spaces should also be allowed so users can create strong password phrases. Simple phrases that the user can remember easily, even when lowercase and using normal words, are more secure than passwords like “1S6u5^Q%.”

The guidelines still indicate a minimum password length of 8 characters but propose allowing up to 64 so users can create strong password phrases. The NIST considers length a “primary factor in characterizing password strength.” A strong password is a combination of four or five words that the user can recall but cannot easily be guessed by a hacker or malicious software (i.e., “Milky Orange Clock Wolf”).  Note that many sites currently do not allow spaces between words so you may need to remove them, but this will change as people adopt these new standards.

The NIST also puts more of the onus on the service rather than the user. They suggest that passwords be compared to “blacklists” of known compromised passwords before acceptance.  Accounts should also limit the number of times a user can enter a wrong password before locking access for some length of time. This way users can create simpler passwords while service providers increase password security.

So, let go of notepads full of passwords too strange to be remembered. For sites that quickly adopt the NIST’s new guidelines, create strong password phrases only you’ll recall.  Otherwise, we’ll have to wait for the rest of internet to catch up. Until then, password managers such as LastPass or Dashlane can keep track of those complex passwords far more securely than writing them down.

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cyber security experts a call at 314.394.3001 or email info@andersontech.com.

Successful Business Owners Take Password Security Seriously

/in , /by

UPDATE: New guidelines from the NIST released August 2017 changed the way we all should look at passwords.  Read our blog post regarding updated password recommendations by clicking here

Password security is a fundamental element of cyber security. Defending your business from cyber attacks is one of the most important safeguards needed to ensure your company’s ongoing success. In addition to protecting sensitive company information, private client data must also be secured. A recent article published in InfoWorld reported that the underground market for compromised servers may be much larger and more active than anticipated. The publication cites websites selling login information for over 170,000 hacked servers.

One way to safeguard your business is by adopting a clear password policy to increase security and provide a roadmap for avoiding common password mistakes. Here are six guidelines Anderson Technologies provides its clients to better guard against hackers and strengthen cyber security.

Six Guidelines for Increasing Password Security

  1. Include a mix of upper and lower case letters, numbers, and symbols

A good suggestion for creating an easy-to-remember yet secure password is to start with a favorite phrase or quote such as “Keep calm and carry on.” Take the first letter of each word in the phrase, a numerical sequence such as 5-9, and two random symbols to create a very complex password. A password resulting from our example above would be K5c6a7c8o9&%.

  1. Use a minimum of eight characters

The longer the password, the more secure it is. There are 12 characters in the example above. When using this formula, find phrases containing at least four words. This results in passwords of at least ten characters.

  1. Avoid using the same password for multiple websites or logins

It’s worth investing the extra effort to generate unique passwords for your important accounts. Doing so greatly reduces your exposure if a particular account is compromised.

  1. Change your passwords on a regular basis

This is another task commonly neglected. However, it is critical to keeping accounts secure.

  1. Do not allow web browsers (such as Chrome, Firefox, or Internet Explorer) to remember passwords

While many browsers offer this convenience for their users, it’s also an open door to the hacker who gains access to your computer.

  1. Implement a robust password management system

Having a good password management system will safeguard and organize your passwords. Many also help you generate strong passwords. For redundancy, ensure at least two people know the login credentials to the management system in case the principal user is unavailable.

Password Management Systems Provide Security and Peace of Mind

While all of the guidelines in this article help avoid common mistakes, consistent implementation is an ever-increasing challenge as the number of passwords we manage grows. This is where password management systems provide the most benefit.

Anderson Technologies offers guidance to clients for advanced password management systems that provide built-in security and peace of mind. Here are several major cyber security benefits of a password management system:

  • Passwords are secured through encryption and two-factor authentication
  • Passwords are safely stored and organized — no more forgotten passwords (or passwords written on scraps of paper) and the time lost to reset them
  • Employees can focus on their work instead of password security
  • Master passwords are designated to principals or other individuals who can access them in case of emergency

If you would like help ensuring your systems are protected and your passwords secure, please give Anderson Technologies’ cyber security experts a call at 314.394.3001.