{"id":380,"date":"2021-05-07T09:49:31","date_gmt":"2021-05-07T08:49:31","guid":{"rendered":"http:\/\/sawted.com\/sawted\/?p=380"},"modified":"2021-05-07T10:26:52","modified_gmt":"2021-05-07T09:26:52","slug":"whats-in-a-password","status":"publish","type":"post","link":"https:\/\/sawted.com\/sawted\/whats-in-a-password\/","title":{"rendered":"What’s in a password?"},"content":{"rendered":"\n
\"\"<\/a><\/figure><\/div>\n\n\n\n

The bad guys are using ever more\nsophisticated means to get your login credentials to access your personal\ninformation and gain access to the club’s data. Yes, there are still thousands\nof immediately recognisable phishing emails used by amateur criminals. But, the\nclever criminals are now carefully researching us and then targeting us with\nhighly plausible ‘spear phishing’ emails tricking even the most cautious of us\nto click on a malicious email link. The recent Human Cyber Awareness survey has\nhighlighted that managers generally consider themselves cyber aware, yet 75% do\nnot have a cybersecurity policy and over 90% rely on the club’s hardware and\nsoftware suppliers to protect them. What about all the other staff at the club\nwho have access to the club’s systems? We are all fallible and can click on a malicious\nemail link. Phishing emails either take us to an authentic-looking login page\nfor the site we think we wish to log into or download malware onto our\ncomputers which may then spread throughout the club. Either way, the results\nare good for criminals but not for us.<\/p>\n\n\n\n\n\n\n\n

We protect ourselves and our information with\npasswords. They help authenticate us to websites and applications. The survey\nshows that we tend to reuse passwords across multiple sites (84%), even sharing\nsome of them with colleagues (41%). 123456 holds\nthe number one spot in the most used password lists (Nordlink, SplashData and\nthe U.K.’s National Cyber Security Centre). Qwerty,\nsenha, 1q2w3e4r are\nall in the top 20, along with sunshine, princess, iloveyou and\npassword. Do you use any of these passwords?\nBe honest here.<\/p>\n\n\n\n

Password Strength<\/h2>\n\n\n\n

Strong passwords are vital. Simple\npasswords may easily be guessed or broken by criminals. The two main types of\nattack are ‘brute force’ and ‘dictionary’. Brute force attacks look at every\ncombination of characters that may make up a password. This type of attack\nrequires high-speed computers and can take a very long time. Consequently,\ncriminals often employ dictionary attacks instead. These attacks start with a\ndictionary of common words and phrases. The criminals then use tools to extract\nall the unique words on your social media pages and websites and add them into\nthe source dictionary. These attacks are more efficient and yield results in a\nfraction of the time. The table below compares the time taken to crack a\npassword using a dictionary against using brute force.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Multi-Factor Authentication (MFA)<\/h2>\n\n\n\n

Password strength is one defence, but a\nsecond and powerful defence is MFA. If the website we log onto uses MFA, then\nthe first time we log onto it, a message is sent to our email address or mobile\nphone. Hence the two factors \u2013 our password plus a second method. MFA\ndramatically improves security at the cost of a little more effort on our part.\nSome websites, such as online banking, require MFA every time you log onto\ntheir systems. Others need it for the first time you use their website from a\nspecific computer or web browser.<\/p>\n\n\n\n

All accounts involving money must use MFA\nfor obvious reasons. Email accounts should always have MFA activated. If\ncriminals have access, they can change your password and then impersonate you\nand attack all your contacts.<\/p>\n\n\n\n

Password Managers (PWM)<\/h2>\n\n\n\n

Password managers are great friends in the\nfight to secure data and identity. PWMs can store thousands of random solid\npasswords only used when a recognised website is accessed. Only one strong\npassword or passphrase is needed to access the PWM. The passwords are available\nacross all devices, from computers to mobile phones, making it simple to log on\nsecurely to websites. Passwords are encrypted and stored using robust\nencryption methods that even the CIA and GCHQ would find hard to crack. And PWMs\nhave two other unique capabilities providing even more robust security. The PWM\ncan give a password only to a site that is known to it. Therefore if a criminal\nmanages to lure you to a website asking for your credentials, it will not be\nrecognised by the PMW, and the password not revealed. Because the password is passed\nto a website directly, keylogging malware cannot see it and send it back to the\ncriminals. PWMs are not expensive, though ignore any that are free. Some highly\nregarded password managers are 1Password, LastPass, Keeper and Roboform.<\/p>\n\n\n\n

In conclusion, If there are two things that\neveryone should now do, they are to: start using Multi-Factor Authentication;\nand buy and use a decent Password Manager. These two steps will provide a solid\ndefence against criminals’ gaining access to your personal information and the\nclub’s sensitive data.<\/p>\n","protected":false},"excerpt":{"rendered":"

The bad guys are using ever more sophisticated means to get your login credentials to access your personal information and gain access to the club’s data. Yes, there are still thousands of immediately recognisable phishing emails used by amateur criminals. But, the clever criminals are now carefully researching us and then targeting us with highly […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-380","post","type-post","status-publish","format-standard","hentry","category-cyber-security"],"_links":{"self":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/comments?post=380"}],"version-history":[{"count":5,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/380\/revisions"}],"predecessor-version":[{"id":391,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/posts\/380\/revisions\/391"}],"wp:attachment":[{"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/categories?post=380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawted.com\/sawted\/wp-json\/wp\/v2\/tags?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}