Posts

Creating Passwords that are Bulletproof

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And once the bad guy finds his way in, especially logging into your email, it is game over. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

All it takes is a cracker to find this password, and now every account you have is compromised. And finding that password is even easier. Some studies show as many as 40 million records were compromised in 2021. Many of those records are passwords. At ProtectNowLLC.com, we have a tool that has access to over 12 billion compromised records where you can search your username aka your email address to find out if your username and associated password have been compromised on a variety of breached accounts.

Thankfully, there is an easy solution: use a password manager. I’ve had a password manager in place since 2004. At this point I probably have close to 700 different online accounts. And I might know the password for maybe five of them. The rest, only my password manager knows the password which I can easily look up. But I’ve never committed them to memory. Most people say “what if the password manager gets hacked” while this might be a valid concern, it’s not a concern of mine.

The low hanging fruit isn’t a password manager getting hacked, it’s people reusing the same passcode across multiple accounts and those credentials being available on the dark web. But, if you don’t want to use a password manager because you’re afraid the password manager is going to get hacked, you can also do the following:

Creating a Unique Password

Research shows that the best passwords are 14 characters long. Those that are shorter than that are easier to figure out. If a site doesn’t let you create a password that is 14 characters, it is possible to adapt it. Password managers do a very good job of creating/generating long strong unique complicated passcodes.

First, make a list of all of the sites you have a username and password for, and then put those sites into categories. For example, all of your sites for social media would be in a category, all of your email sites together, all of your banking sites together, and all of your shopping sites together.

Then you want to create a password that is eight characters. This will serve as the first part of any other password that you create. For example, the first eight characters might look like this:

CM&@t*yZ

Next, remember your categories? You will create a three-character password that is significant to those. For instance:

  • Social media sites – SM#
  • Email sites – &eM
  • Shopping sites – $h0
  • Banking sites – 8aN

So, this gives you 11 characters of the recommended 14-character password that you want to use. Now, you need three more characters, and that would be specific to the site.  So, let’s say you are creating a password for your bank. This is made up like the following:

Eight-character + three-character password (category) + three-character (site)

So, for your bank, it would look like this:

CM&@t*yZ8aNp$X

This is a very difficult password to guess, and for many people, easier to remember. But it’s not easy for everyone to remember. There is a solution, but first, keep this in mind. When you have to change your password, you can keep the final six characters and just change the first eight.

Now, how can you remember the first part of the password? One way to do this is to simply write it down and store it in a safe place. However, don’t keep it near your computer. Another thing you can do is to create a phrase that will help you remember.

Here’s an example. Let’s say our phrase is “My brother asked me for bread and salt.” If you take the first letter for all of the words, it would be this:

MBAMFBAS

This could be your eight-character first part…and you can make it more secure by making some swaps:

M3@MFBA$

This still makes the password very difficult for a hacker to guess but makes it easier for you to remember. You can use the same method, of course, for the smaller parts of the password.

Honestly, if you’ve got even this far in this article, congratulations to you. You must be some weird math savant with an elephants memory. Frankly, the above gives me a headache. Like I said in the first three paragraphs, it’s best to just use a password manager and forget all of this work, but if you don’t want to, this method works pretty well.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Are Password Managers as Safe as You Think They Are?

You have probably heard of password managers, and you probably think they are pretty safe, right? Well, there is new research out there that may might make you think twice, especially if you use password managers like KeePass, 1Password, Lastpass, or Dashlane. Frankly, I’m not worried about it, but read on.

Specifically, this study looked at the instances of passwords leaking from a host compute or focused on if these password managers were accidently leaving passwords in the computer’s memory.

What was found was that all of the password managers that were looked at did a good job at keeping these passwords secure when in a state where it was “not running.” This means that a hacker would not be able to force the program into giving away the user’s passwords. However, it was also noted that though each password manager that was tested attempted to scrub these passwords from the memory of the computer, it wasn’t always successful…meaning, your passwords could still be in the memory.

Some of these programs, like 1Password, seemed to have left the master password, but also the secret key for the program. This could possibly allow a hacker to access the info in this program. But, it’s important to note that these programs are trying to remove this information, but due to various situational issues, it’s not always possible.

Another program, LastPass, was also examined, and it, too, caused some concern amongst researchers. Basically, the program scrambles the passwords when the user is typing them in, but they are decrypted into the computer’s memory. Additionally, even when the software is locked, the passwords are still sitting in the memory just waiting for someone to extract it.

KeePass, which is yet another password manager, was also looked at here. In this case, it removes the master password from the computer’s memory, and it is not able to be recovered. However, other credentials that were stored in KeePass were able to be accessed, which is also problematic.

Should you be worried about this? Well, it depends on your personal thought process. Some people probably won’t care too much, and others won’t be affected because they don’t use password managers that have these issues. Since the researchers pointed out these issues each password manager has done their own updates and corrected any issues. The real vulnerability isn’t the security of the password managers but the security of the devices, their users and if the users are deploying the same password across multiple accounts.  Using the same password over and over is the risk here. So get a password manager so you can have a different password everywhere.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Use a Password Manager Or You WILL Get Hacked

Do you ever use the same password over and over again for different accounts? If so, you are not alone. However, this is quite dangerous. It’s best to use a different, unique password for each account, and to make it easier, you should use a password manager.

According to surveys, people understand that they should use unique passwords, and more than half of people get stressed out due to passwords. Furthermore, about 2/3rds of people said that they had forgotten a password or that a password issue had cause problems at work.

However, a password manager can easily solve the issues associated with passwords. A password manager is a type of software that can store login info for any and all websites that you use. Then, when you go to those websites, the password manager logs you in. These are safe, too. The information is stored on a secure database, which is controlled by a master password.

Using a Password Manager

Most people have more than one online account, and again, it’s so important to have a different password for each account. However, it’s very difficult to remember every password for every account. So, it’s not surprising that people use the same one for all of their accounts. But, if using a password manager, you can make it a lot easier.

  • When using a password manager, you can create a password that is safe and secure, and all of your passwords are protected by your master password.
  • This master password allows you to access all websites you have accounts on by using that master password.
  • When you use a password manager, and you update a password on a site, that password automatically is updated on all the computers that use your password manager.

Password Managers Can Ease Your Stress

When you first start using a password manager, it’s likely that you’ll notice you have fewer worries about your internet accounts. There are other things you will notice, too, including the following:

  • When you first visit a website, you won’t put your password in. Instead, you can open the password manager, and then there, you can put your master password.
  • The password manager you use fills in your username and password, which then allows you to log into the website with no worries.

Things to Keep in Mind Before You Use a Password Manager

Password managers available on the internet from many reputable security companies. However, before you pay for them, there are some things that you should keep in mind:

  • All of the major internet browsers have a password manager. However, they just can’t compete with the independent software that is out there. For instance, a browser-based password manager can store your info on your personal computer, but it may not be encrypted. So, a hacker can might that information anyway.
  • Internet browser-based password managers do not generate custom passwords. They also might not sync from platform to platform.
  • Software based password managers work across most browsers such as Chrome, Internet Explorer, Edge, Firefox and Safari.

Password Managers are Easy to Use

If you are thinking about using a password manager, the first step is to create your master password.

  • The master password has to be extremely strong, but easy to remember. This is the password you will use to access all of your accounts.
  • You should go to all of your accounts and change your passwords using the password manager as an assistant. This ensures that they are as strong as possible, too.
  • The strongest passwords contain a combination of numbers, uppercase and lowercase letters, and symbols. Password managers often create passwords using this formula.

Managing your accounts online is really important, especially when you are dealing with passwords. Yes, it’s easy to use the same password for every account, but this also makes it easy for hackers to access those accounts.

Don’t Reuse Your Passwords

You might think it would be easy to reuse your passwords, but this could be dangerous:

  • If your password is leaked, hackers can get access to all of your sensitive information like passwords, names, and email addresses, which means they have enough information to access other sites.
  • When a website is hacked, and all of your passwords and usernames are discovered, the scammer can then plug in those passwords and usernames into all of your accounts to see what works. These could even give them access to your bank account or websites like PayPal.

Ensuring Your Passwords are Secure and Strong

There are a number of ways to ensure your passwords are secure and strong. Here are some more ways to create the best passwords:

  • Make your passwords a minimum of eight characters long.
  • Mix up letters, numbers, and symbols in the password, making sure they don’t spell out any words.
  • Have a different password for every account that you have. This is extra important for accounts containing financial information, like bank accounts.
  • Consider changing your password often. This ensures your safety and security.

If you have a weak password, you are much more susceptible to hacks and scams. So, protect your online existence, and start utilizing these tips.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Change Passwords or not; that is the Question

We’re told to change our passwords often to minimize getting hacked. Now we’re told this is a bad thing.

5DBut not for any inherent techy reason. It’s because frequent password changing makes many people lower their guard when it comes to creating new passwords.

They get lax and end up with passwords like Bear1, Crazy4u and GetHigh1978. Or, they often only minimally change the password, such as going from Hotbaby!! to Babyhot!!.

Believe it or not, despite an infinite number of permutations involving 26 letters, 10 numbers and 10 symbols, many people struggle to create new passwords beyond just minimally altering existing passwords. And don’t even ask these folks to remember any new and very different, strong passwords.

But if you already have unique, strong and jumbled passwords, you do not have to frequently change them. So if your Facebook password is Ihv1dggnPRvGr8tGamz!, there is no reason to change this 90 days after creating it. However, changing ANY password every six months to a year is still a wise idea. And this infrequency won’t leave you drained.

And you can always use a password manager to do the figuring for you anyways. A password manager will create long, strong and unique passwords, and issue you a single master password.

Rules for a Virtually Uncrackable Password

  • Does not include any names that are found in a dictionary, including proper names, sports team names, rock group names, city names, etc.
  • Does not have any keyboard sequences, no matter how unintelligible. So even though sdfgh looks jumbled, it’s just as much a sequence as 12345.
  • It contains numbers, letters and symbols.
  • If you predict struggling to remember a bunch of jumbled passwords, then think of a phrase that you will never forget, especially one that pertains to the account you want to create the password for. An example might be the password for your credit card account. You can shorten “I Hate Making Credit Card Payments” to: iH8tmkngCCpymnt$!.

You can also shorten phrases that pertain to things you love, like for instance, a phrase about your favorite movie, food, vacation, TV show, etc.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

What is a Password Manager?

Many people, including myself, make mistakes with their passwords and use them on site after site. To remain safe, it’s important to use a unique, strong password on every site you visit. How do you do this the easy way? Use a password manager.

2PAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager, the results indicate that people have some idea of the scale of the password challenge: More than half said they felt stressed out by the number of things they have to remember on a daily basis at work, and 63% reported that they’d either forgotten a password or had a password compromised at some point during their professional career

A password manager can solve this issue. A password manager is a type of software that stores login information for all the sites you commonly use, and the program helps you to log in automatically each time you browse to a particular website.  This information is stored in a database, controlled with a master password, and is available for use at any time.

Word of Warning: Don’t Reuse Your Passwords!

What is the big deal about reusing your passwords? It could be really damaging:

  • If your password is leaked, scammers will have access to information such as your name, email address and a password that they can try on other websites.
  • A leaked password could give scammers access to online banks or PayPal accounts.

What is It Like Using a Password Manager?

The first thing you will notice when using a password manager is that it will take a lot of weight off of your shoulders. There are other things you will notice, too:

  • You first visit the website as you normally would, but instead of putting your password in, you will open the password manager and enter the master password.
  • The password manager will automatically fill in the log in information on the website, allowing you to log in.

Think About it Before You Use a Web-Based Password Manager

Yes, there are web-based password managers out there, but there are problems associated with them:

  • All major browsers have password managers, but these cannot compete with a full password manager. For instance, they store the information on your computer, and this is not encrypted information meaning scammers can still easily access it.
  • These managers cannot generate passwords randomly, and they don’t allow for syncing from platform to platform.

Get Started With a Password Manager

If you are ready to get started with a password manager, the first thing to do is choose your master password:

  • The master password must be very strong, as it controls access to everything else
  • You should also change your passwords on every other site to a stronger password
  • Make sure your passwords have capital letters, symbols and numbers for the strongest password combination

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Don’t Rely on the Password Reset

Think about your keychain. It probably holds the necessities: car keys, home keys, work keys, miscellaneous keychains you bought on your previous vacations. Now, imagine you have a keychain full of these keys that all look the same, but each only opens a specific door.

5DSounds kind of like your list of passwords, right? But what happens when you have all of these keys, and you need to get into your house? In either situation it can be easy to forget which key, or password, goes to what door or website.

So, back to the locked door situation, what do you do? A friend wouldn’t have a key that opens your house, and breaking down the door isn’t a good option for obvious reasons. Would you rely on a locksmith to come change the locks every time you forget your key? That would get old very quick.

It’s essentially the same thing when it comes to your passwords. It’s almost like you’re having to call a locksmith every time you want to get into your house because every time you leave, the lock changes. If you wouldn’t rely on a locksmith every time you want to open your house, why rely on the password reset? Step up your password game instead.

If you have loads of accounts and can’t deal with the hassle of creating and remembering long, strong passwords that are different for every account, then you need a password manager.

Not only will such a service help you create a killer password, but you’ll get a single “master” password that gets into all of your accounts. A password manager will also eliminate having to reset passwords.

Use these tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include mix matched numbers, letters and characters that don’t directly spell any words.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Don’t Name Your Dog After Your Password

Recently I got a puppy for my child. We decided to name the puppy 4wgu23x5#9. My wife,8yysH3m, thought we should name the dog 0x2%#b5. But I’m sure she’ll get over it. Meanwhile, I’m helping my older child with setting up a few social media accounts, and I suggested the two passwords: Rover and Spot.

5DIs there something wrong with this picture?

Of course! But this picture replays itself millions of times over all the time, as people name their passwords after their pets, family members or favorite sports teams. Don’t do online what you wouldn’t do in real life.

When creating passwords remember that you should avoid using things that are personal to you and that could be easy for a hacker to find out about you. Things like your pet’s name, maiden name, birthday, name of your high school and child’s name can be easily found on social networks, making it even easier for hackers to crack your passwords.

Here are some other great tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include numbers, letters and characters that don’t spell anything.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Check out Google’s Password Alert

Cyber crooks have phony websites that masquerade as the legitimate site you want to log onto. They’ve spun their web and are just waiting for you to fly into it. Google now has Password Alert, which will tell you if you’ve landed into such a non-Google web.

2DFor the Chrome browser, this extension will prompt the user to change their password.

When you change a password (regardless of reason) or sign up for a new account and it’s time to come up with a password…don’t just make up an easy word to remember or type.

  • No part of the password should contain actual words or proper names.
  • Each account, no matter how many, should have a different password.
  • If allowed, use a mix of characters, not just numbers and letters.
  • Use a password manager to eliminate the excuse of “I can’t remember a zillion passwords so that’s why I use the same one for multiple accounts.”

Even a strong password, when used for multiple accounts, can present a problem, because if that password gets in the hands of a cyber thief, he’ll then be able to access not just one—but all of your accounts with that password.

A different password for every account at least means that if any password gets into the bad guy’s hands, he’ll only be able to hack into one account per password.

And how might he get the password if it’s long, strong and full of different characters in the first place? By the user being tricked into giving it to him.

This is most often accomplished with a phishing attack: an e-mail that fools the user into thinking it’s from an account they have, such as PayPal, Microsoft or Wells Fargo. The message states there’s a problem with their account and they need to log in to get it fixed. The truth is, when you log in, you’re giving out your crucial login information to the villain.

However, Password Alert will intercept this process. And immediately, so that you can then quickly change the password and protect your account before the thief has a chance to barge into it.

Other Features of Password Alert

  • Many sites are phony, appearing to be legitimate Google sites. Password Alert will spot these sites by inspecting their codes when you visit them. You’ll then get an alert so you can get out of there fast.
  • Password Alert has a database that stores your passwords in a very secure way called a “hash.” This is the reference point that Password Alert uses every time you enter your password into the login field, to make sure you’re not entering it on a malicious site.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.