Password Management

Started on August 17, 2019

Overview

A large majority of us carry out much of our lives online, ranging from work through to shopping, and so, we use many different websites that require us to register. When you consider how many websites you have used in your lifetime, would you be able to provide an exact number as to how many you have actually registered with?

Passwords are the most versatile and effective way to protect your data, but most people break these simple rules. Using a weak or ineffective password strategy in an always-connected world means that your money, data, and identity are at risk.

Recommendations

A password manager could be likened to that of a huge vault, that has many locks, bolts, chains and key codes. It is the place where you store all of your passwords but this password manager also needs a password and that should be long, complicated and very difficult to crack. Once you have created your password, you can then securely store your Usernames and Passwords for every single website you use.

One great feature that comes with many of the top password managers is that you can install a browser plugin as a result this then means that your login details for every website you visit when using browsers will be stored. Therefore, the next time you go to log in to your favourite shopping website your Username and Password will be there. In contrast to this, if the details are not there, then you can log in to your password manager and retrieve the relevant details from there.

Essentially, all you need to do is remember your master password in order to gain access to your entire online world.

keepass

lastpass

dashlane

Password Commandments

Thou shalt follow these commandments in order to create and maintain a secure password strategy

This will enable you to generate strong password, use multiple password for each account and providing your password anatomy with upper/lower case letters, numbers and special character.

Rules to follow:

  • Hard to Guess, Easy to Remember
  • Avoid words and names that might appear in a cracking dictionary
  • Longer is more secure than complex
  • Get creative with text icon substitution
  • Make it hard to crack by breaking up words or misspelling words, and make sure your password starts with a letter toward the middle of the alphabet

It takes just a few seconds to enter your password, but the damage someone can do with your account could cost you money, reputation, or income.

If you stay signed in, and someone gains access to your browser session, they ARE YOU.

If a website presents you with check box that says “keep me signed in”, don’t use it!

Do not stay signed in.

Virtually everything you do online ties back to your e-mail.

i – Thou Shalt Use a Unique Password for E-mail

ii – Thou Shalt Use a Strong Password for E-mail

iii – Thou Shalt use a Secure E-mail Platform

iv – Thou Shalt Not Use Your ISP for E-mail

v – Thou Shalt Change Your E-mail Password (often)

vi – Thou Shalt Not Stay Signed In To E-mail

vii – Thou Shalt Maintain a Working Password Recovery E-mail and Phone Number

A determined and persistent attacker could build a database of your personal information by carefully mining password recovery questions.

Always LIE LIE LIE, but make sure you either write it down, or have a scheme for the answers.

Don’t write it down. Ever. Either it will be so easy to find that you might as well not use any password at all, or you’ll forget where you put it and somebody else will find it and use it to access your system.

Biometrics sounds really cool and high-tech, but the reality is that every single biometric authentication system in existence today, and every single biometric authentication system that will ever be invented can easily be hacked.

Biometrics are not secure.  Every biometric security measure in existence today, or that will ever be devised, can be easily bypassed.

In reality, they work based on reducing your biometrics to a numerical data point, so it was only a matter of time.

Use a unique username + password pair for each website that has access to your money – banks, credit cards, stock trading, paypal, etc.

Use multifactor authentication, such as PhoneFactor, if your bank offers it.

Also, Thou Shalt use a separate bank account for direct debit, so that a computer error doesn’t take all of your money and overdraft your bank account.

If an attacker knows that you use the same user name or your real e-mail address for every website, then half of their work is done!

Always use a unique username.  Keep a list of user names and websites in an encrypted file.

Consider using a service such as SneakEmail or temp-mail for disposable e-mail addresses.

Your Smart Phone is incredibly personal, and has ready access to all of your online accounts.

Make sure you use a PIN or password to secure your phone, use Guest Mode if your phone supports it and configure a screen lock timeout.

If your device supports it, go online and configure “find my phone”, remote wipe, and / or remote device deactivation, so that if your phone is lost or stolen, no one can access your stuff.

Your password is more than just a key – it’s also a lock that protects something. If something is important or sensitive, make sure your password is strong enough to protect it.

When you create a password, make sure the LOCK that your password represents, is strong enough to protect against the worst thing that could happen to you, if someone who hates you gains access to what the lock protects.

CYBER SECURITY SKILLS

Dont stop now! Keep it up.

You are in control. Knowledge is power. Use these tool to fight for your privacy and increase your Cyber-security skills.