Password warning - they just aren't strong enough in B2BSecurEnvoy 07/06/2012, Archive
For over a decade we’ve been warning people of the security weaknesses posed by using passwords alone – and this is being reaffirmed with the news that LinkedIn password have been breached.
For B2B it’s worth the investment to use two factor authentication which relies on more than just passwords, using something you have with something you know, but for b2c and c2c it’s a worrying time as most people use the same credentials from one site to another – it’s only then a matter of time before your Amazon account and BT online etc are compromised by replaying the same passwords?
The first rule is that you must not use the same password for multiple uses – for your banking and other really important transactions you need a unique password or two factor authentication which relies on a one time password.
So now it’s time to take back control
You can’t personally go into every organisation and ask them how they protect your information. That said, perhaps if more people were willing to challenge organisation’s about their security strategy before doing business, companies might do more to protect your information.
However, given this isn’t going to happen any time soon, you need to treat your personal information as you would any of your physical possessions in the real world. Here is a list of things you can do to prevent cyber-criminals capitalising on your personal information if and when they get it:
- - Put a lock on the door by installing a firewall and make sure it is properly configured and up to date
- - Keep your operating system and browser patched and up to date
- - Install an alarm by using industry standard anti-virus software and make sure you install any updates. Malware infecting your computer can be an avenue for hackers to gain access to your personal data.
- - Restrict key holders by not sharing your password with anyone. PCs allow you to create user accounts for a reason!
- - Change your password regularly and make it hard to crack – but one you can remember without writing it on a post-it-note and sticking it to the screen!
- - If you change your PC make sure you get the hard drive scrubbed. It’s amazing what criminals can pick up on ebay
- - Be careful about the personal information you divulge when filling in registration forms. Ask yourself whether the organisation really needs that much information about you and, as importantly, can you trust them to keep it safe? They’ll tell you how they intend to use the information but don’t be afraid to ask how they’re going to protect it to.
- - Be careful what you tell strangers on social websites and in chat rooms.
- - Question the validity of emails you receive and never click on an embedded link or down load attachments if you’re at all suspicious. Most banks will tell you how they will contact you and what they won’t ask you to do. If in doubt call the organisation the communication is supposed to have been sent by to allay your fears or confirm your suspicion
- - If you have children, and allow them to use your PC to access the internet, make sure they know about online safety
- - If you are using your computer for work purposes and store sensitive data on it, get your employers to install 2 factor authentication, that’s something you know (like your own strong and made up password) and something you have like a “one-time” password which can be sent to you via an SMS message on any mobile device you own.
We’ve all got used to locking our front doors and keeping valuables out of sight. Until we can trust organisations to give our virtual possessions the same protection we need to take steps to protect ourselves.