Blog 3: Password Management

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

In my effort to increase security awareness and obtain a cultural acceptance, I wanted to bring a focus on the importance of password management. Passwords are the keys to the doors to accessing the majority of our data that resides within. This data can be exceptionally important and should always be protected. Therefore, it is essential to learn effective password management techniques to keep you and your data a bit safer.

Since most of us have several accounts spread out over the Internet that hold various amounts of information, such as financial, healthcare, and educational data, we should have more than one associated password. If you utilize the exact password for several accounts, you are at more risk if an account were breached. Therefore, ensure you utilize a different password for each account you log into to offset the opportunity for password guessing attempts.

Speaking of password guessing, you should NEVER use something related to yourself, such as a pet or child's name, favorite sports team, hobby, etc. in your passwords. By doing so provides a means for a malicious individual to profile you to allow a better opportunity at a password guessing attempt. Further, your password should be a minimum of 8 characters, including upper/lower case with at least one number and character. This will make it more difficult for a brute force attempt if a malicious user is utilizing software as a tool.

So, I bet you cannot wait to change all of your 100 plus passwords you have to begin your quest for effective password management, right?  Ouch! I believe I just heard the most sarcastic sigh EVER from my readers (is that even possible?)!  Well, lucky for us, this is where I bring up a couple of options that could potentially make your quest much easier.  Allow me to introduce you to the world of password management tools.

The two services that come to mind are Dashlane and LastPass, although many more exist. Both of these services can provide you with access to all of the "doors" that hold your data. They provide extensive security features, including two-factor authentication and high level encryption.  Instead of remember hundreds of passwords, you need to only remember your "master" password, which you DO NOT want to forget or share. Even more, these services have the capability to create secure passwords for you. Both of these can assist you on your quest to secure and effective password management efforts. Best of all, you can give them a try for free!!

Thank you for reading!  Until next time, remember that you don't have to become a victim of a threat to become aware of a threat!  

Blog 2: Shoulder Surfing the Mobile Device

Image courtesy of jesadaphorn at FreeDigitalPhotos.net

In my effort to increase security awareness and obtain a cultural acceptance, I started a little game for myself.  This game was to see how many phone security pin numbers I could harvest, within 2 months, by simply shoulder surfing.  Everywhere I went, I would watch for those about to look at their phones and make an effort to harvest.  It was like my eyes were a farming combine and the people were my corn crops!

Of course, I would never attempt anything malicious with this information, as I do not actually have the phone in my possession anyways, but it proves how easy it is to obtain.  In fact, at my son's parent teacher conference in November, I was able to secure 3 more to my list, two teachers and one parent, hitting number 23 (Go Michael Jordan!!) over that two month period.

The point of this is, be aware of who is around you when utilizing your pass code.  Here are a few suggestions to consider prior to entering your "secret" code:

• Re-position your body prior to entering your code.
• Create a shield with your spare hand when entering your code.
• Use both thumbs and hit the left and right side, by crossing your thumbs across the phone prior to entering the number, for pattern confusion.
• Enter one of the numbers and turn your body prior to entering the next.
• Change your code at times.

To completely hide the pattern of your code, and you have the option available, utilize the fingerprint reader.  It is exceptionally difficult to discover a pattern over the shoulder when a pattern isn't even presented.  

A word of caution though with the fingerprint reader.  If you fall asleep with your phone nearby, be careful of your kiddo picking it up and pressing it, ever so lightly, against your finger to unlock it for some fun game playing!  Unfortunately, I am speaking from experience on this one!

Thank you for reading!  Until next time, remember that you don't have to become a victim of a threat to become aware of a threat!