Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

Did you know that tomorrow is World Password Day, 2023? As the result of a campaign to spread awareness of the importance of sufficiently secure passwords, it has become an annual reminder of how critical sufficient passwords are to proper cybersecurity…despite passwords not being sufficient protection on their own. In light of tomorrow’s observance, let’s take some time to review why passwords are important to get right, and what else you need to have in place.

Multi-factor authentication is great when it works, but when it doesn’t, it can leave you in a pretty difficult situation. After all, what happens when all of a sudden, you cannot access your secondary authentication methods? We’re here to help you bypass this particularly challenging and frustrating scenario.

Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.

Nobody wants to spend their weekend doing paperwork. Nobody wants to spend several evenings in a row sitting over a laptop and slowly digging through every online account they have, resetting every password and carefully documenting everything in a secure password manager. I know this better than anyone, because I forced myself to do it.

Here’s the thing though, EVERYBODY should do it. As soon as possible.

What Exactly is Passwordless Authentication?

Instead of using passwords, you would effectively verify your identity through alternative means such as a verification app, a predefined security token, or even biometric information. These forms of authentication aren’t exactly new--most smartphones have a biometric authentication system onboard--but now they are beginning to become the predominant way that IT administrators set up their authentication systems. 

Getting Employees to Identify Threats

The average employee comes to work and produces. This isn’t a problem until their lack of awareness of other matters hurts the company. Often met with “that isn’t my job”, it has to be explained that security concerns are a part of their job. Employees often can’t see how it is their responsibility, but since 90 percent of data breaches happen because of user negligence, it has to be explained that it could put the entire business in peril. Their cybersecurity efforts can literally save their jobs. 

How Hygienic are Your Passwords?

With so many of us relying on so many passwords every day, poor password hygiene can often seem to be a foregone conclusion. Think about your own passwords, right now, and see how they compare to this list of inherently insecure patterns that many people develop:

Fortunately, there is: password management systems.

What Are Password Management Systems?

A password manager is effectively what it says on the box: it’s a program that keeps track of your passwords for you. While these are available for individual users, we are more concerned with those that are meant for businesses to leverage.

These solutions have a reputation for being complicated and time-intensive to set up. However, this no longer has to be the case, and it is now more important that you find a solution that offers the features that every business needs to prioritize.

What to Look for from a Password Manager

During your search, you will want to make sure your chosen password management system offers the following features:

Security

While this may seem obvious, not all of your password management options will necessarily offer the same protections or follow the same practices. For instance, standalone password managers are inherently more secure than those tied to another solution, like a built-in one in your browser of choice.

These separate solutions usually have additional features to assist your security as you use them. Good password managers will remind you of best practices if too many saved passwords are the same or too weak and will require multi-factor authentication to be accessed in the first place. It also wouldn’t hurt to find one that also notifies you when you’re due to update some of the passwords you have saved.

It should also never save one password: the master password used to access the solution itself. That is still the user’s responsibility.

As far as behind-the-scenes security is concerned, you should find a password manager that is itself protected by a variety of security features, like encryption, role-based access, and secure cloud storage.

Storage Considerations

Determining where your credentials are kept by the password manager is another important detail to keep in mind, largely as an extension of your security considerations. Does your password manager save your passwords to the cloud, or are they kept natively on the device? Either approach has its pros and cons.

If the cloud is leveraged, your credentials will be available to you on any of your devices… but this does put your credentials in the crosshairs if that cloud solution was ever breached. If you keep your credentials stored locally, you won’t risk losing them in a cloud storage breach, but they are still vulnerable. For instance, if that device fails, there go your passwords.

Generally, this won’t have much impact on the solution you choose, as most enable either option, if not a combination of both.

User Friendliness

As difficult as your password manager should make things for cybercriminals, it should make simple for your legitimate users - starting with adding and removing them to the business’ accounts. They should find it easy to change their password as needed, and your password manager should automatically log a user into a website or application. If it senses that there are not currently credentials for that site, it should offer to save them.

Coleman Technologies has plenty of experience dealing with password security, which means we’re familiar with password managers and maintaining them. If you’d like assistance with selecting, implementing, and utilizing one in your business, let us know! We’re just a call to (604) 513-9428 away.

Password DOs
Password security doesn’t have to have a nuisance. Here are some of the easiest best practices to follow when building a password.

• The longer the password, the better: Long passwords are better for security than short passwords, but only if the password contains a varied-enough string of characters. You should aim for at least 16 characters.
• Special characters, numbers, and symbols are great for security: A strong password will contain both forms of letters, numbers, and symbols.
• Alphanumerics are ideal: If you’re trying to improve security, use alphanumeric passcodes. Try replacing a lower-case “i” with an exclamation point, or an “a” with the “@” symbol.
• Passphrases work wonders: If you find passwords are hard to remember, a passphrase might help. Use a short phrase that is easier to remember, but difficult to guess. A good example is, “iL0veW@ffle$2much” instead of “ILoveWafflesTooMuch.”
• Password variety is key: It might seem counter-intuitive to use multiple passwords that are difficult to remember, but it’s much more secure to use different passwords for each of your accounts. If the same password is used for each account, all it takes is one breach to expose multiple accounts to risk.

Password DON’Ts
Of course, best practices are more than just what you practice; it also includes what you don’t practice. Here are some pointers.

• Avoid words like “password”: Some of the most common passwords out there include “password” and “notapassword.” You should avoid using these whenever possible, as they are often the first ones to be cracked.
• Avoid key strings like “qwerty”: Strings of characters with consecutive keys, like “qwerty” and “12345678,” should be avoided at all costs.
• Don’t include sensitive information: You wouldn’t believe how easy it is to find sensitive or personal information about an individual--especially if you are the target of a hacker. To make sure a hacker can’t use any information contained in your password against you, avoid using anything like this in your password altogether.

Coleman Technologies can equip your business with a password manager to improve network security and better manage account passwords. To learn more, reach out to us at (604) 513-9428.

First of all, what shocked us the most is that according to the FTC, in the United States, 9 million individuals have their identities stolen each year. Identity theft is a little different than identity fraud, however. Theft is when personal information is exposed and taken without permission. This is happening all the time by malicious software like spyware, but it can also happen when legitimate websites and services get infiltrated by cybercriminals. If a reputable online store (or even a database for a brick and mortar store) gets hacked into, your personal information can be stolen. That's identity theft.

Identity fraud is when that data is misused for financial gain. This is when things start to get very dangerous. In 2009, $56 billion dollars were accumulated by cyber criminals through identity fraud. The good news is in 2010 that number went down to "only" $37 billion. What does that mean to the average person? On average, victims of identity fraud had $4,841 dollars stolen per victim. Trouble is, the world has had to improve drastically to protect consumers from identity fraud. This means higher costs of doing business which then get reflected on prices of products and services. In other words, because of identity fraud, we all lose.

How does your data get stolen?  There are plenty of ways, but here are a few popular methods:

1. Hackers can pick up credentials via public Wi-Fi and public PCs.
2. Credit Card Skimming - a process that involves your credit card data being stolen when your credit card is swiped at a standard ATM or credit card terminal.
3. Selling or discarding used computer equipment that isn't properly wiped can expose personal information.
4. Hackers can infiltrate networks and databases.
5. Dumpster diving and paper mail theft.
6. Malware and viruses
7. Phishing.

In almost half of reported identity theft cases, the victim knew the criminal.

What do you do if your identity is stolen?

Almost half of all reports of identity frauds are discovered by the user first, although banks and credit card companies have methods in place to stay on top of it as well. If your financial credentials are stolen, you need to contact your bank and/or credit card companies immediately, both by phone and in writing. You'll want to file a police report with details about where your identity was stolen, what you believe was or could have been stolen, and documented proof of the crime.

You don't want to risk identity fraud. Monitor your credit reports closely, shred sensitive mail and documents before throwing them away, and ensure your computers and network are running latest security updates and antivirus, as well as other security measures. For a complete review of your security, contact us at (604) 513-9428 and we will help pinpoint vulnerabilities and fill in the cracks before a costly event occurs.