This month, Harbor is releasing several blog posts related specifically to cyber security. Security is everyone’s responsibility! At Harbor, security is a huge part of our business, we take loads of precautions on the back end that you will never see, but there are always precautions that you, the user, should take to ensure that your organization’s safety is tip top! Personal responsibility is a big part of our security philosophy.
Last week we wrote to you about Google Chrome’s newest version, and the new security measures released with it. Continuing with this series, we would like to give you some ways in which you can improve your password practices.
So Many Passwords!
You are in charge of security. Now that things are moving to the cloud. It isn’t your computer, your permissions, your firewall that is is going to protect you. It is your identity. Your identity is your user name and your password. Systems now also know what time of day you normally login, where you are, which computer you normally use, a picture, a pin and all-together this means that some day, in the not-so-distant future, passwords will become a thing of the past. They are too difficult to remember, unless you make them too easy to hack and you need to remember too many of them. Technology is rapidly changing but for now passwords are a part of our every-day lives, and we must manage them to the best of our abilities.
How many passwords do you have? The average user types 8 passwords a day, and has a total of 191 passwords for all of their accounts. You have passwords for business, and you have passwords for personal accounts. You have passwords for shopping, banking, informational sites, social media, and more! So, how do you manage all those passwords? It can be maddening! We understand how intimidating it can be to keep track of all these passwords, while making sure each one is unique and secure.
Good news! Harbor Computer Services has some great suggestions for you; and if you follow them, you will greatly decrease your chances of falling victim to a security breach. Here are several ways in which you can improve your password security today:
Set up Windows Hello
Microsoft’s answer to the password conundrum. This will be your No More Password solution. You’ll still run into things that require passwords but more and more Hello is replacing them. With Windows 10, Microsoft introduced Windows Hello. Windows Hello allows a user to sign in using a pin number, or if your computer has built in functions for it, you can sign in with facial recognition or fingerprint recognition.
But, how is a pin number better than a password? Seems counter-intuitive, right? Well, it’s how the pin is stored that makes the Windows Hello pin a much safer option than a traditional password. Traditional password systems for business store your password on a physical server, and your computer and server must talk to each other and agree that the password that you’ve entered on the computer matches what’s stored in the server. While these are highly encrypted, they are vulnerable to outside attacks. Windows Hello pin, however, is stored specifically to the device you are using and nowhere else. A hacker would have to have your physical devise in order to hack into your account!
Set up Multi-Factor Authentication (MFA) whenever possible
Any opportunity that you have to set up MFA with an account, use it! Using one means that someone has to know your password AND have your PIN or CODE from a second device to log into your account. MFA allows you to use a secondary method to verify who you are. When you set up an account using MFA, you will give secondary information that will be used when signing in. The most common secondary method is your cell phone; Once you have MFA set up, you will sign in using a password in the application, then be prompted to enter a verification code that is set to your phone via text. Other variations include receiving a phone call and pressing a specific number or symbol, or receiving an email, usually with a code or a link to click or using the Authenticator App on your phone. The app let’s you just accept the prompt without having to type anything else in.
More and more applications use MFA, especially when updating a password. We suggest using the MFA option whenever it’s offered because of the added level of security that it provides.
Use a Unique Password for EVERY account
Like we said before, we can’t get rid of passwords all together, just yet. Using a repeated password over several accounts greatly increases your chances of your accounts being compromised. Hackers know that people will use the same password for multiple accounts for convenience. If they can compromise one account, they will go to all the popular websites and try those credentials to get in as many places as possible. Imagine if they were to hack into a social media account, then use the same email address and password on all the popular banking sites, shopping sites, and more. Would they be able to get in? What kinds of information can they get about you? Would they be able to have enough of your personal information to open a line of credit in your name? Make major purchases in your name? The answer is most likely, yes.
But, this creates some new challenges: How do you come up with a unique password every time? And how do you memorize them all? Keep reading, as we have some great tips for you!
Use Strong Passwords
The most common password is “Password123”, or some variation. Think of it this way, if it’s easy to memorize, it’s easy to hack! Never use birthdates, anniversary dates, addresses or other commonly known numbers in your passwords. Same with words, never use common words or names. If your son’s name is Kyle, and you live at 1444 Main street, don’t use “Kyle1444” as your password.
A strong password will have:
• At least 12 characters
• Will contain at least one lower case letter
• Will contain at least one capital letter
• Will contain at least one number
• Will contain at least one special character. (!@#$%^&*(), etc.)
Use a Password Generator
Last week, we mentioned that with Google Chrome’s latest version, you can now right click any password field, and Google will create a random strong password for you right in your browser. There are several other tools and apps that can help you with this as well. Most Password Managers (in our next topic) will have built-in password generators for you.
Use a Password Manager
A password manager is an application that will store all your passwords for you. Most password managers have added features such as browser add-ons to make it easy to access, password generators that automatically use strong passwords, and more. When using a password manager, you will have to memorize your global password, meaning the password that you use for your password manager, but the rest of your passwords will be stored and easily accessed for you. Harbor recommends using RoboForm as your password manager.
Roboform offers several account types, including a free, but limited personal account, and RoboForm for business, which allows you to group your business passwords and share them amongst your employees, based on security groups. If an employee leaves, you won’t be stuck high and dry without their account passwords! RoboForm has add-ons for all the major browsers, random password generator, strong passwords, and more.
Should your business like to purchase RoboForm, Harbor can get you a quote below retail price! We can also help you with the set up process, and provide training.
In today’s world with security breaches in the news almost weekly, it’s very important that you manage your data in a way that keeps it out of the hands of hackers. Secure passwords are your first defense against an attack! Someday, passwords will become a thing of the past, but until then follow these steadfast rules to keep you and your organization safe from attack.
-Sarah Brown, Technical Trainer
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business