Hello Katz - Here Are Your Articles for Thursday, August 23, 2018
Is this email not displaying correctly?
View it in your browser .
Website Industries Resources Services About Us Contact Us
Share Save

Passwords: Making Them Hard to Crack

 

Why work on making your passwords stronger? Hackers will attack the low-hanging fruit first. What attackers will do is steal the storage of passwords on a vulnerable screen. These passwords are encrypted, but with tools like Pwdump, Airodump-Ng and the Meterpreter, hackers can take as much time as they need to crack your password.

The best way to make your password less appetizing is to choose a random set of characters in the maximum length your account or system will accept:

  • The fundamental rule of password cracking is that the longer the password, the longer it takes to crack.
  • Never use dictionary words — it doesn't take long to test every word and word combination in the dictionary.
  • Brute-force password cracking tries arbitrary sequences of numbers, letters and characters over and over until one matches. To slow hackers down, make certain to use at least one of every character: one lowercase, one uppercase, one number and one special character.
  • Never use just numbers — it makes things way too easy for hackers. Since there are only 10 digits (0-9) in our base 10 number system, that's 10 billion possibilities for brute force — what hackers call child's play.
  • Change your password often — every three months for online bank accounts and every six months to a year for nonfinancial websites.
  • By changing passwords periodically, you significantly reduce the chances of someone compromising your account, even if the website/domain has been hacked.
  • Use different passwords on different accounts — if you use the same password on all your accounts, your information is only as secure as the weakest system storing your password.
  • A hacker may not have any interest in your password on a specific website, but he or she will try it on your bank account, credit card account, email account, and brokerage account. If they're all the same password, the intruder has struck gold!

Here's what you can do to deter hackers: Create a passphrase. A passphrase that's long and uses all available character types works best. For example, say you like mountain biking and hiking. Now, take the phrase and convert it into a single string of uppercase, lowercase, numbers and special characters: I<3mtnb1K1ng&H1k1ng. It's critical to intersperse special characters and numbers as well as to use both upper- and lowercase letters.

Splitting the password into three chunks reveals what might be remembered as three short pronounceable words. People are better at memorizing passwords that can be chunked either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.

Password-thieving hackers are everywhere, and they know that people commonly reuse passwords. We need different passwords for every site and program we use. Here's where password management software can come into play: Solutions like these are essential for critical business systems. Make sure you're on top of your personal and business passwords.

 

 
Share Save

Your Comments

Katz Nannis + Solomon PC
Katz Nannis + Solomon PC
info@knscpa.com
781-453-8700
800 South Street Suite 250
Waltham, MA 02453
Connect with me on LinkedIn
Saved Articles
Comments and Feedback
Refer A Friend
Your Privacy
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.
Powered by
Copyright © IndustryNewsletters All rights reserved.

This email was sent to: cpigott@knscpa.com

Mailing address: 800 South Street, Suite 250, Waltham, MA 02453