Every year we see a rash of data breaches, the majority caused by compromised credentials. In response, KT Connections has been providing tips and best practices to help keep your users and your business safe. As the year winds down, let’s take one more look at credentials and learn another tactic to create secure and simple passphrases.
First a couple reminders;
Sometimes it seems as if we here at KT Connections are constantly promoting credential best practices, and the truth is, we are. Credential security is critical to keeping you safe online. An example of the cascade effect that comes from poor credential management is the recently launched Disney+.
Disney received a lot of flack within hours of launching the new streaming service because thousands of subscribers had their new accounts stolen on the very first day. While the initial thought was that Disney+ had been hacked, it turns out the loss of access to their Disney+ accounts was due to using the same credentials on another service that was breached in the past. The hackers assumed that some of the new subscribers would use the same credentials again on Disney+...and they were right.
As noted previously, credential compromise can originate due to the failings of companies to secure their systems. This was a record year with a total of 5,138 data breaches and 7.9 billion exposed records involving companies such as; Marriott, Zynga, Dubsmash, Facebook, AMCA, Capital One, MoviePass, Adobe, and many others.
If your organization collects personal data, ensure you are enacting strong cybersecurity practices. South Dakota has a punitive customer protection law when it comes to personal data. If your business suffers a data breach, you face a wide range of consequences, not the least of which is financial (up to a $10,000 a day) depending on how you notify your customers.
This means YOU need to adopt safe credential habits, and ensure that all of your employees do as well. I realize we started this post just talking about streaming services, but the point is that good credential habits need to be in place everywhere!
We continually post articles online about credentials including using a passphrases instead of paswords, alternatives to passwords, using security keys and of course using two-factor authentication (2FA). In fact, here's a quick list to remind you of some best practices:
With that in mind, we would like to take a moment to add one more tool to your security toolbox: adding spaces (yes, spaces!) to your passphrases. Spaces make them easier to visually learn, transcribe, and type.
While we are familiar with using characters such as @, &, #, !, $, and other symbols to make your password more complex, we would like to introduce the concept of adding spaces into your passphrase. In fact, adding spaces can make even a very long passphrase easier to remember and still secure.
An example without spaces would be: correcthorsebatterystaple. But our recommendation is to write your passphrase as a regular sentence using only a combination of words that is unique and known to you, such as: I saw a ‘69 Ford Mustang today! Over time, you can develop a technique or system to create new and unique passphrases.
Keep in mind that we don’t want to use information easily discernible about us, we can still create unique passphrases that are easy to remember. This technique reduces the threat from hackers gleaning information from social media. For example, if you go on vacation to London, and then post all about it on social media, don’t use similar information in your passphrase.
There is one caveat to using spaces; white-space stripping. Don’t use a space at the beginning or end of any credentials. Before you use a space in your passphrase, take a moment to ensure it will be accepted and it’s important to note that some Internet sites may not accept spaces. More than likely the website will tell you if you try to use a character (such as a space) that isn’t supported.
Unsure of your credential security? Take a moment to test them using free online checkers. How Secure Is My Passphrase, LastPass’s Checker and NordPass can give you a quick idea of where your password or passphrase rates regarding security and gives you the opportunity to try different techniques to improve strength.
It’s time to take security seriously. Contact us at KT Connections. We offer a free IT assessment to get your business started on the path to a more secure technology environment. We also provide a wide range of security services designed to help your organization develop and maintain best practices geared to keep your staff and customers safe. Call 605-341-3873 today to learn how.