UCC Mainstream Online

Poor passwords lend false security

Better password habits will reduce risk of being hacked


caption
Brian Klug, flickr
Passwords should be changed every 30 days or at least every three months to stop hackers from accessing sensitive information and stealing identities.

The news has been on fire lately with stories about hackers and compromised cyber security. The jarring topics clogging our media outlets cause many to ask the question, “Just how secure are we?”

The answer is “not very.” While nothing is absolutely foolproof, following a few methods can decrease the chances of being hacked.

Password security is a big deal when it comes to safeguarding personal information, and this security begins with something called “complexity.”  The requirements for complexity differ from company to company, but the general consensus is that passwords must contain at least eight characters and at least one of the following: an uppercase letter, a lowercase letter, a number and a special character such as an exclamation point or an asterisk.

In conjunction with complexity, passwords should be changed frequently to protect any sensitive information.

 “Changing passwords every 30 days is ideal,” John Blackwood, head of UCC’s Computer Information Systems program, said. “However, people aren’t likely to do that.” Instead, he recommends changing passwords at least every three months.

Despite the vast amount of knowledge out there about online account security, many students are unaware of the importance of maintaining good passwords. “I never change my password,” said one student, whose name has been omitted per his request. “I never thought about it.”

Hackers have many different methods to crack passwords, and once they acquire the information, they can wreak havoc. Aaron Barr, former CEO of the company HBGary Federal and a security analyst, found out the hard way about the pitfalls of neglecting necessary password security measures. “He was using all lowercase letters,” Blackwood said. Such a skimpy password is odd for a security analyst who had challenged the hacker group Anonymous to try to hack him.

After the challenge, Barr lost his job. “They [Anonymous] took control of his email, Twitter, Facebook, the company servers at HBGary. He even lost control of his phone account,” Blackwood said of the incident.

Identity theft is a serious consequence of being hacked. Many victims make the mistake of using the same password for all sensitive accounts, not realizing that if one account is compromised, all accounts are compromised. Blackwood suggests using a method that is not entirely random, but complex enough to be difficult to crack. Using this method, the first eight characters may be the same, and the last four should be descriptive of the account, like “_ucc” for example.

Another way to ensure safekeeping of passwords is to use a password keeper. This is generally a software device that utilizes encrypted files to store user names, passwords and any other relevant information. The information is then stored on a flash drive or other media and can only be accessed using one master password, which should meet all of the complexity standards.

Un-patched Windows, Apple and Android devices can also leave holes for hackers to worm their way into; therefore, updating all devices on time is important.  Using an un-patched device for a secure transaction is a recipe for disaster, as malicious software can be used to detect sensitive information and deliver it back to the software’s origin.

“It is also important,” said Blackwood, “to use paid-for virus protection on all Windows and Android devices.” Apple’s iOS does not need virus protection, because it is a secure, “closed” operating system.

Any system that could be used to access or store important information should always be protected, using a combination of software, knowledge and good old common sense.