KIA&B 2016 Volume 21, Issue 1 | Page 14

Use Longer Passwords
With the rate at which computers can guess passwords, increasing the number of characters can immediately mitigate some risks associated with brute-force and dictionary attacks. A password of 8 characters can be cracked in just a few days versus approximately 4 million years for a similar password of 12 characters. We suggest using a minimum of 10 to 12 characters for all passwords. Just head over to www. howsecureismypassword. net and see how long it would take a modern computer to guess your password.
Vary Your Passwords Among Accounts
While having a longer and stronger password is a good start, it doesn’ t necessarily mean you are risk-free with online security. When you create a new account online, your password or some derivation of it gets stored in a database somewhere in cyberspace. While we hope that this database remains secure, we are constantly reminded by news of big data breaches, that this isn’ t always the case. While some sites store your password in an irreversible encrypted manner, others user simpler methods that could be reversed to reveal your true password. If your email address and password are stolen from a less-secure database, attackers will commonly try those same credentials at other sites like Amazon and eBay. If you use the same password for many different sites, a single compromise could leave many of your accounts vulnerable. This reason alone has us recommend utilizing different passwords for different accounts, especially ones of personal and financial significance like email, banking, and online shopping.
Take Advantage of Multi-Factor Authentication
The days of using only a username and password for validating your identity are coming to an end. With the widespread harvesting of stolen account information and rapid ability to guess passwords, the traditional method of authenticating to online sites is no longer secure. Fortunately there is a way to complement the username and password with another way to identify yourself online, but often you have to seek it out. Multi-Factor Authentication( or MFA) is something you probably use occasionally and may not even realize it. It is the use of another form of identifying yourself in additional to a username and password. Often this comes in the form of an email or text message with a special security code that you must input after entering the correct username and password. The effectiveness of multi-factor authentication is that it requires verifying both something you know and something you possess before allowing you access to your account. Your username and password is what you know. Your cell phone that receives a text message is something you possess. Many banks and other institutions dealing with sensitive information now require multi-factor authentication, but you may not realize some of the other accounts that do, too. Popular sites like Google( Gmail), Amazon, and Dropbox all offer multi-factor authentication, but you have to go into your account to enable. We strongly recommend that you enable and setup multi-factor authentication for any site that offers it. Doing so will exponentially increase your account’ s security in exchange for the minor inconvenience of an extra step while logging into your account.
Use a Password Manager
A common challenge for even the occasional Internet user is remembering the plethora of usernames and passwords for online accounts. Even the most basic activities online require an account and you can quickly amass dozens or even over a hundred accounts online. How can you possibly keep track of all these accounts, much less do so using unique passwords for each as previously recommended? While putting all your passwords in one place will inherently introduce some risk, it also may be the best balance between security and usability. A password manager is a piece of software in which you can enter your usernames and passwords for your various online accounts. Many even detect when you visit a site and will automatically fill in your password for you. While convenient, you should scrutinize any software where you plan to store that much sensitive information. We generally recommend a solution that remains solely in your possession like KeePass. This software installs and stores all data on your computer with a master password necessary to unlock your password list. Other alternatives, such as LastPass, store your account information online in an encrypted format. Because it is hosted by another party, you must put your trust in a third-party to handle your account information securely and be available when you need it. Reputable online password managers, like LastPass, will offer multi-factor authentication to open your password list, which you will certainly want to take advantage of.
Conclusion
With cyber-attacks on the rise and increasing numbers of criminals looking for a piece of the multi-billion-dollar-a-year industry of Internet crime, your online identity is becoming ever more at risk and you must work diligently to protect it. Using a lengthy password of at least 10 to 12 characters is a great start, but security breaches can expose even the best of passwords. Using varying passwords for different accounts can help immensely but using multi-factor authentication, if available, may be your best line of defense. Don’ t take a backseat approach to protecting your online identity. Otherwise, you might just end up wishing you were a sports-playing monkey in a zoo.
Chris Hamm is a senior systems engineer for leading business IT consultant Premier One Data Systems. Visit www. premier-one. com for more information.
12 KANSAS INSURANCE AGENT & BROKER | January-February 2016 |