Pa55w0rd Pr0bl3ms

Blog Date:  11/8/2016
Author:  Ray Coulombe
Category(s):  Cyber Security

Still using 123456, PASSWORD, or your birthdate for a password? Or writing them all down in a single notebook? Or, worst of all, staying with a device’s default password? Or maybe you’re using the same password for everything so you don’t have to bother remembering? Even business password management for security devices still largely resembles the Wild West, where procedure for password assignment and “management” are all over the map. Most security professionals I speak with admit to not adequately addressing this in their own personal use.

The ability of today’s technology to crack passwords is mind-boggling. Using dictionaries of known words, combinations and variants, commonly used passwords, as well as brute force, programs can test billions of combinations per second. Research has shown that changing passwords frequently probably doesn’t help, as people have the tendency to tweak existing passwords rather than significantly changing them. When it comes to passwords the longer the better, and passphrases of long length may make the recall process simpler.

There is another way to get through this. Have you ever heard of LastPass or DashLane? I personally manage my own passwords through Last Pass and they’re simple to use for whatever your own needs are. With the ability to generate randomized passwords up to100 characters with all character types, it’s easy to use the maximum size a login will allow. They can auto-fill or provide for easy cut and paste, so no two passwords ever need to match.

Whether it be 10 characters with upper and lower case letters, numbers, and special characters, or a two-factor authentication process, just find some type of management for your information and stick with it. While these programs are best served on a personal level, it makes your digital life easier and more secure in the long run.

Passwords stored in the LastPass cloud are encrypted by a strong password that is created and should be known only by the user. This master password is then used to access and locally decrypt the vault to access all user passwords on your machine. Use of a one-way salted hash function of the master password performed over a number of iterations blunts the opportunity for successful brute force attack. You can add two-factor authentication as well as mobile access. Again, what’s in the cloud is strongly encrypted.

On the other hand, SecureXperts, a Florida-based company, plans to make passwords obsolete. The company has developed a cryptographically secure MicroSD card that is NIST approved and FIPS validated, which it physically embeds in physical security appliances and mobile devices. The company’s president and CEO, Darnell Washington, has been working with Bosch on IP camera implementation for some time. First, it prevents unauthorized software from running on the device. Second, through certificates and key management, it validates a user’s access to the device through a PIN-protected Personal Identify Verification card. The embedded MicroSD card supports confidentiality through strong encryption.

Others, such as Secure Channels, are pursuing alternative multi-authentication techniques, including Where You Are.

For sure, life would be simpler and, perhaps, more secure without passwords. For now, we’re stuck with them, so use them wisely!


Resource Blogs

Most Recent Blogs Listed for Ray Coulombe.


Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->


Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->


Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->


Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->


A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->