The importance of robust passwords

 

Robust password is computationally impossible to crack using automated password cracking tools. To create one, user must use a variety of symbols that include both lowercase and capital letters, numbers and special characters. In addition to that a password must be at least 12 characters long – the shorter it is the faster it is to crack. It is recommended to create a unique password for each service and use a password manager that could store all the unique passwords. When logging in it is advisable to enable the “Show password” feature as it would help prevent entering incorrect password and having to reset it thus creating a vulnerability. It would also prevent the user being locked out of the account as many companies that follow NIST cybersecurity guidelines lock out the user after several unsuccessful login attempts. Wherever possible multi-factor authentication should be enabled when creating a password to complement a password with a code sent to your phone or another method. Password resets should be made after a security incident or once a year. More frequent password changes may encourage users to introduce only minor changes to the password, which compromises security as hackers are aware of this tendency and exploit it. On the administrator side, it is recommended to store user passwords as hashes in the database. It is also advisable that the passwords are salted before hashing, which involves adding extra characters to the password prior to it being hashed.  

 

To give an example of a robust password I generated the following password using LastPass service 

 

Z'n4--ye9w1( 

 

I chose it because it has a combination of lowercase and capital letters, numbers and special characters and is 12 characters long.  

 

I have tested this password on the Security.org website and the service estimated that it would take a computer about 400 000 years to crack. 

 

 

When data is stored or sent in plain text it could be easily read by or intercepted by threat actors. To ensure data confidentiality encryption at rest and in motion is used. This is especially important for authentication procedures when passwords are being sent over the network and for personally identifiable information or personal health information being stored in a database. Email communications should also be encrypted, an example of an email client that uses end-to-end encryption is ProtonMail. 

Below is the screenshot of the ProtonMail mobile application. 

 

 


Comments

Post a Comment

Popular posts from this blog

Data breaches and their consequences

  Data breach is a security incident associated with sensitive information about individuals or businesses being accessed by unauthorised third part y or parties . Data breaches are usually caused by a threat actor action but not they are not necessar ily caused by threat actors . Data breaches might also be the result of an employee sending an email to a wrong email address, accidentally publishing personal identifiable information or posting a picture on social media with a password written on the sticky note in the background. Whether it  was a result of a cyber attack or accidental data exposure, there are negative consequences that could follow the breach . For companies and government agencies who allowed it to occur the se include fines, reputational damage, loss of customers , legal costs , imprisonment of responsible employees , costs associated with notifying affected parties , expenses to hir e a forensics team to investigate and contain the ...
Read more

Data breach mitigation

GDPR, short for General Data Protection Regulation, mandates that data breaches be reported within 72 hours after they have been discovered. Therefore, an organisation requires a plan of an incident response before an incident actually happens. To mitigate damage after the breach has occurred, the first step is containing the breach. In order to do that, network security staff must learn exactly how the incident happened. This is to be able to take necessary action and prevent any future damage. Often that means disconnecting the company systems from the Internet but it is not always the case. After the incident has been contained, the next step is to assess the risks. This stage includes investigating the type of data breached, the level of data sensitivity, how many individuals were affected, which categories of people were affected, if any financial or other high-risk data was involved, if the data was encrypted and if the data was backed up. Depending on the scope of...
Read more

Biometric authentication methods

  Among the types of biometrics used for authentication are finger, vein, combined fingerprint and vein, iris, facial, hand geometry, voice, retina scanning and gait recognition. The advantages of fingerprint identification are the speed of recognition, increasing accuracy and relatively low cost. Disadvantages are the fact that fingers might be dirty or there might be injuries on them as well as the need to clean sensors frequently. The major advantage of vein scanning is the fact it is very difficult to forge as vein pattern is set pre-birth and never changes. The drawback of this technology is the fact that the readers are rather expensive. Combined fingerprint and vein recognition approach provides increased security and flexibility if fingers are damaged with the cost being a disadvantage. The advantages of iris recognition are the fact that it has a very low percentage of those who cannot enrol, high accuracy and security. The cons include the cost and the fear o...
Read more