How to Give Your Online Passwords an IT Security Check-Up
There's an adage that you should treat your password like your toothbrush: Change it every six months and never let anyone borrow it. Honestly few people adhere to these fundamentals of IT security
and, actually, it's far worse than it appears. Here's the run down on what's wrong and what to fix:
- “You can look it up.” Do you use a password that can be found in a dictionary? If you do, then a hacker can simply bang on your log-on with a simple dictionary program until he has access to your account. Fix: Consider one of two options most professionals in IT security recommend. Either create a password that contains odd characters interspersed with random letters and numbers or use a pass phrase instead of a password.
- “Be a snowflake.” You need to use a different password for each different site. You do this, right? Oh... Even if you do come up with a strong password, IT security professionals report most people use only one or two passwords for all their log-ons and, of course, that means someone only needs to crack your single password to access all your sites.
- “Don't leave a paper trail.” You'd be amazed how many people write down their passwords on a Post-It and stick it onto their monitor or, if they're really cagey, underneath their keyboard or lap drawer. IT security best practices recommend you never, ever do this.
- “Cover your tracks.” IT security professionals also recommend that, whenever possible, you use a secure connection when you log on. What's a secure connection and how to you make it? Take a look at your address bar. If the address starts off “http://...etc.” then the connection is not secure and an evil doer might be snooping on your session. Try a very simple, single change by using an “s” so that the address looks like this: “https://...etc.” And this encrypts the connection between your browser and the website and thereby making it more difficult for evil doers to do evil.
- “Loose lips sink ships.” One of the most notorious hackers in modern history, Kevin Mitnick preferred “social engineering” to technology techniques. In other words, what he did most of the time was call people up, pose as a system administrator and simply ask users for their passwords. One famous study in England discovered most people would give up their password for a candy bar.
- “We have the technology...” There is a new generation of software utilities that help you manage passwords. For example, a utility called LastPass is a browser extension that connects a heavily encrypted password vault to your browser. Once installed you only have to remember one, highly-secure password and then LastPass can automatically fill in all the others. Even better, LastPass can generate super random, secure passwords whenever you open up a new account on a website or change your password on a site where you already have an account. And finally, perhaps best of all, you can install LastPass on the browser you use at work and the browser you use at home and any other browser you use. This way, you will enjoy convenient security wherever you are.
IT professionals have to do a lot more than install, administer and repair technology systems. Sometimes they have to be educators and help their users better understand the rules of the road for the information highway. Fortunately, the best rules are the simple ones and effective password security is a simple proposition. Teach your users what to do and you'll end up with less to do.