Cyber Liability Insurance | INtegrity First Corporation – Insurance Blog

With the onslaught of data breaches that happened in 2015 (about 65,000 according to the Verizon Data Breach Investigations Report), INF presents this multi-part blog series about keeping your data safe in the digital age.

Password Management Programs

As promised in Part 1 of this series, this blog entry will cover setting up and using a password management program. There are many good password management programs available, such as LastPass, KeePass and 1Password, and the cost of the program varies anywhere from free to around $100. If you are like most users, you need a password management program to:

Create unique, strong passwords for all accounts, new and old
Be an easily searchable repository for all passwords
Remind you when to change your password
Keep track of the security question answers that you created

Fortunately, there are multiple free programs that fit the above criteria. KeePass does all of the above and more. It is free and open source, which means that there is no chance of a security issue, because there are thousands of developers that have reviewed the code. In this article, we will cover the installation, setup and a few highlights of this program.

How to Set Up KeePass

To download the latest version of KeePass, go to: http://keepass.info/download.html. We recommend downloading the most recent version of the “Professional Edition”. The download link will take you to Sourceforge, which is where the download is stored. Save the setup file and then run it. Select your language and accept the agreement. Most people allow the program to be installed on the C drive. Install the program, keep “Launch KeePass” checked and click “Finish”.

KeePass will launch, as shown below:

The first thing to be done is to create a new database file that will store all of your passwords. Go to File > New. This will bring up a dialog box, asking you the location to save your password file. We recommend saving it in a cloud, such as Dropbox or Microsoft OneDrive. This way, you will be able to access your database from any device that has access to your cloud account. Take note, the file extension will be “.kdbx”. Name your file, then click “Save”.

This will bring up the dialog box to create the master key:

The master key is simply the password that you need to open the database file. This will be the only password that you need to remember from now on, so you need to make it secure. See Part 1 of this blog series for tips on creating a secure password. Enter your master password twice and click “OK”.

This brings up the next dialog box, which specifies the settings for the password database:

The default settings are adequate, so no need to change them. Press “OK” and you are done with the setup. KeePass will be opened to your new database.

Creating a New Entry in KeePass

To create an entry in KeePass, click the “Add Entry” button (the yellow key) or press Ctrl + I. The “Add New Entry” dialog box will appear:

The title field should be a description of the username and password that you are going to enter, such as “Susan’s PNC Bank Account” or “Andrew’s Chase Visa Credit Card”. The username field should be your username, which is normally an email address. By default, KeePass provides a 20-character alphanumeric password. To display this password, click on the button with three dots to the right of the password field. If you would like to change the character set or length, click on the “Generate a Password” button (it looks like a key with an orange burst) and select “Open Password Generator”.

This will open the Password Generator window:

Select the character set checkboxes that you would like the password generator to use. You can also change the length of the password. Once you have the settings to your liking, select “OK”. The password will now use the settings that you selected.

The other option is to enter your own password. You can delete the one that is generated and enter your own. Fill in the URL field with the web address of the sign-in page that corresponds to the username and password. You may choose to put in an expiration date for the password as well as set a reminder alarm. Finally, if you have any notes that go with this entry, such as a security question/answer combo, you can enter it in the “Notes” section. Once the password entry is to your liking, select “OK”. You will now see your entry in the main right-hand window pane.

To edit the entry, double-click on the title and the “Edit Entry” dialog box will pop up:

Make any necessary changes and press “OK”. To save your database, click on the “Save” button, which looks like a blue disk. You will want to create an entry for every password that you have.

To help you organize your passwords, KeePass provides categories on the left-hand side of the main window. Simply drag and drop your entries into the categories that they belong to. You can also add categories, if the existing ones do not fit your needs.

Using your KeePass Database

Now that you have populated your database, the next step is using it! To open your browser to the sign in page of an entry, double-click on the “URL” field in the right-hand window pane or highlight the entry that you want to use and press Ctrl+U.

Your browser window should automatically open to the sign-in page corresponding to that username and password. If the page has both the username and password fields on it, put your cursor in the username field and then go back to KeePass. Make sure that entry is highlighted and press Ctrl+V. This will automatically fill in the username and password in the browser.

Alternatively, if you want to enter the username and password yourself or if they are on separate pages, you may do the following:

Double click on the “URL” field in KeePass to open a browser to the sign-in page
Go back to KeePass and double click on the “Username”
Go back to the browser, put your cursor in the “Username” field and press Ctrl+V to paste the username
Go back to KeePass and double click on the “Password” field
Go back to the browser, put your cursor in the “Password” field and press Ctrl+V to paste the password

Please keep in mind that KeePass only keeps the fields copied for 12 seconds, so you must do the steps above fairly quickly.

Part 3 of this series will cover accessing your password database on different devices.

With the onslaught of data breaches that have been in the news lately (think Target or Sony), INF presents this multi-part blog series about keeping your data safe in the digital age.

Passwords

Do you pick a password and then use that for all of your accounts or do you choose short passwords that are easy to remember? Is your password “Password” or the name of your pet? Do you keep a word document or piece of paper with all of your passwords written down? If so, your digital information could be in trouble. More than 60% of people use the same password on multiple accounts. In the digital world, this means that if I can break into one account, then I can have access to all of your accounts. This is why when a data breach happens with one retailer, fraudulent activity among other retailers goes up as well due to usernames and passwords being the same.

Most people choose their passwords from a finite set of words, phrases and numbers (or some variant of this), which makes guessing your password a trivial task for most hackers. They use a “Dictionary Attack” on an account, which takes commonly used words from the dictionary and puts them together with numbers and other words to create a password to try. Bear in mind, this is not a human being doing this, so multiple attempts to guess your password can be made by the second and whole attacks can last less than one minute. Additionally, software that does this is commercially available and thus, is very easy to implement. Once a hacker has cracked one of your accounts, they immediately target others. In doing this, they will touch as many accounts as they can before you are alerted that anything is wrong.

How To Choose a Strong Password

In order to combat this and become a smarter user, you must create a strong, non-trivial password for each account that you have.

Choosing a strong password becomes simple once you learn the following four rules:

Choose a password that is 13+ characters long
Choose a password that does not contain any words in the dictionary
Choose a password that has an uppercase letter, a lowercase letter, a symbol, and a number
Choose a password that does not use all obvious substitutions of symbols/numbers for letters (i.e. 5 for “S” or @ for “a”)

One recommended way to create a password is to think of a phrase from a book or song that you like and turn it into a password. As an example, if you are a fan of “Hitchhiker’s Guide to the Galaxy” by Douglas Adams, you may turn the phrase “So long and thanks for all the fish!” into the password “S81ng&Tks4@!!f!$h!”. Notice that none of the actual words were used and not all of the substitutions were obvious, such as “8” for ‘o’. A simple trick to remember is – the longer the password, the stronger the password.

You may be asking, “How in the world am I going to remember all of these passwords? I must have over 90+ accounts online, like the average American!” There is no need to remember all of the passwords that you create. In fact, if you can remember one very strong password, you can access all of your others by using a password management program such as KeePass, 1Password or Dashlane.

Part 2 of this series will cover setting up and using a password management program.

INtegrity First Corporation – Insurance Blog

INFormed Insurance Professionals

Category Archives: Cyber Liability Insurance

Keeping Your Information Safe In the Digital Age – Part 2

Keeping Your Information Safe In the Digital Age – Part 1