Monday, October 24, 2022

CYBER SECURITY – Password Managers

Multifactor authentication (MFA) adds an additional security layer to your online accounts to ensure that unauthorized people do not access your account. MFA tries to make up for weaknesses in the ID/password model of access that have developed over the years. Those weaknesses include simple, easy passwords to guess or break (like using the word “password,” or “password1234”) or using the same password to access several online accounts.

But, even with the spread of the use of MFA, we still rely on ID and password as an entry into our accounts. There are organizations that seek to eliminate passwords (https://fidoalliance.org/), but, until industry adopts another authentication standard, we will be relying on ID and passwords in whole or in part.

An ID and password represent something we know. But if someone else also knows that ID and password, by stealing it in a hack of a major database or purchasing it in the dark web, they can access your accounts and copy your personal information to use in frauds, or, if it is a bank account, move money from your account to their own account.

Cyber criminals can also guess your password, especially if it is easy to guess like password1234, or it is short. In a brute force attack, cyber criminals use a computer program that guesses passwords. For passwords under 10 characters a successful guess can be instant or just a few seconds or minutes, even if you use numbers, upper- and lower-case letters and symbols. For passwords 12 characters or over a successful guess can take several years to several lifetimes for a successful guess. This is why cybersecurity professionals now recommend passwords be 12 characters or longer and contain a random assortment of numbers, upper- and lower-case letters and symbols.

But this approach causes a problem. Our human brains cannot remember such complicated passwords. We might be able to memorize one password that meets this standard, but not several different passwords. And it is easy for an individual to need passwords for tens if not hundreds of accounts.

A way around this might be to have a “universal” password. A password 12 or more characters long, with numbers, letters, and symbols that you memorize and use for all of your accounts. The problem with that is that if a hacker discovers your password in one account, they can access any account that you own. And cyber criminals will try your password on other accounts that you own. This is why cybersecurity professionals recommend using a different password for each account.

So, you need s separate password for each of your accounts that you own that you cannot remember. What to do?

Use a password manager. Password managers are apps that store your passwords for each of your accounts. They can reside on your smartphone, laptop, and desktop so that you can have access to your passwords just about anywhere. The information in a password manager is encrypted so that no one other than you can access it.

Password managers often offer other features that make it easier to use passwords. They can generate new passwords when you need a password for a new account or when you change passwords. They can fill in your password when you sign into your account. They also can synchronize passwords among several of your devices.

There are several password managers on the market. Some you pay for and others that are free. Check the “PC Magazine” links below for resources that evaluate the password managers that are on the market.

With a good password manager and MFA on your accounts, you improve the security of your personal information. You make it difficult for a cyber criminal to gain access to your accounts. And if someone does learn your password, they cannot access your account with MFA.

 

 

South Snohomish County Crime Watch:

 https://ssnoccrimewatch.blogspot.com/2022/10/cyber-security-multifactor.html.

 

Norton:

https://us.norton.com/blog/emerging-threats/password-attack#

 

KFMB CBS8, San Diego:

https://www.cbs8.com/article/news/verify/people-with-shorter-passwords-should-change-them-immediately/509-1e4a5b50-3692-4bb8-b17b-ff77a2e63826

 

 

National Cybersecurity Alliance:

https://staysafeonline.org/online-safety-privacy-basics/what-about-password-manager-risks/

 

Ask Leo:

https://askleo.com/are_password_managers_safe/

https://askleo.com/responses-to-your-three-common-password-manager-objections/

 

PC Magazine:

https://www.pcmag.com/picks/the-best-password-managers

https://www.pcmag.com/picks/the-best-free-password-managers

 

No comments:

Post a Comment