I can’t begin to tell you how many times I ask someone what their password is so I can assist them with their problems, and I get a response along the lines of “I don’t know, Qwerty or something like that.” Does this sound like someone you know ~ Maybe you?
Then my favorite of all is: “Can’t you just give me my password?”
Online banking, Google, Twitter, Facebook, and the vast array of other online sites that you register and subscribe to all require you to create a password. As it turns out, however, most people don’t care, or at least don’t take it seriously. Are you one of them?
A security consulting firm, Stricture Consulting Group, released a list of the most frequently used passwords, in the recent October 2013 breach at Adobe, shows that 123456, 12345678, and password are among the most common passwords used. Yes, really.
In general, people don’t take personal responsibility, don’t create strong passwords, instead making up one weak password and use it on every site they login to, then they are outraged when they fall victim to a hacker.
When security experts like myself and other colleagues try to warn people, we are constantly criticized for fear mongering, people say we do nothing but beat the drums of doom.
Well, yes. We do this to try and make people realize this doesn’t just happen to other people. There is no such thing as a 100% secure computer, if a hacker wants to get in, they will, it just depends how long it will take them. There are a few things you CAN do to slow hackers down, but the vast majority it people are just too complacent, and won’t implement the few simple measures to protect themselves.
It just gets worse. Many businesses and websites people give their critical information to also are terribly lax, and businesses just aren’t listening about security. Just recently, for example, the well publicized incident at Target, and everyone is talking about abysmal security at Adobe. Most recently SnapChat was warned by GibsonSec to beef up their security, which wasn’t done, and the breach event happened. Of course all the details can be read about in other articles ad nausea in the media. Now all 4.6 Million Snapchat users information is available at www.snapchatdb.info. Do you recognize your info in there?
If businesses are incapable of protecting your data, and they have the IT resources and infrastructure to do it right if they really wanted to, what chance does the average person have?
Let’s do something together to actually turn things around and make a difference. Let’s identify what the core critical problems are, and then what we can do about them.
Poor passwords & Malware / Keyloggers
We have already discussed the simplistic generic passwords that many people depend on, and usually, when major security incidents like those mentioned above occur, the general advice is just change your password and go on your merry way. This isn’t the answer either, as I will explain next.
Now let’s look at how hackers actually get your password directly from you in the first place.
Basically, you type your username and password out for the hacker, handing it out for them to see.
As I wrote in my last column, between 1-9 new pieces of Malware are created every second. Malware usually slips something called a keylogger into your system, literally logging every single keystroke you type, and hackers are watching you.
Unfortunately, most antivirus software is woefully inadequate at stopping malware and blocking keyloggers.
This is why even when you change your password, if you still have a keylogger on your computer that your antivirus software isn’t detecting, you are typing out your new password for the hacker to immediately access, so what has been accomplished here?
Something specifically engineered to fight keyloggers is necessary.
Block keyloggers: This can be done with methods like Strikeforce Technologies have developed Guarded ID, which effectively blocks keyloggers by encrypting every keystroke at the point of typing the keys, and rerouting those encrypted keystrokes directly to your Internet Explorer browser through its own unique path.
Make Strong Passwords: At the very core, make strong passwords as a foundation of defense.
Webroot also has a good guide for creating strong passwords.
After you create your password masterpiece, it’s time to test your password strength. There are several methods to see how your password fares. See if your password has enough muscle in it!
I hope you find this information interesting. If I can help prevent even just one of you from suffering the fate of being hacked, them my mission is accomplished.
Happy New Year!