What Makes a Good Password?

Did you know that, according to Pew Research, 39% of people use the same password for everything? Why is that bad? For example, Sony got hacked a few years ago, and what was really interesting was that the incidence of fraud didn’t just happen with Sony, but it went up at target.com and it went up at amazon.com. It went up kind of across the board, about 35 to 40%. And why is that? Because when one thing is hacked, the people that steal the data, actually take all of that information and try to use it online at as many places as they possibly can because they know that about a third of people use the same password for everything.

With that said, it’s really important to have a good password. And not only that, it’s important to have a different password for each account.

What constitutes a strong password? 

A strong password is typically at least 12 characters, and it consists of uppercase letters, lowercase letters, numbers and symbols. Now, we know that’s going to be a little bit difficult to remember. So typically, we recommend using songs or other other things that are familiar with you to remember your passwords. For instance, say you are a Frank Sinatra fan. So, one of your passwords might use the phrase “fly me to the moon”, then adding a symbol and some numbers.

So, make sure that your passwords that you have to remember are something that’s easy for you to remember. 

Using a password manager

The average American has over 120 passwords. Now, you can’t be expected to remember 120 passwords with 12 characters, uppercase letters, lowercase letters, numbers and symbols. One thing that we do recommend is a password manager. With a password manager, you only have to remember one password to get into the password manager, and then you can actually store all of your passwords within the password manager itself. 

What’s really nice about a password manager is it will help you create passwords that are secure as well. When you create a new password, you actually would just click on new, and then it will fill in the password for you if you want it to.

Good password manager examples

We’ve only put Password Manager examples on this list  that have not been compromised in the commercial market. There are some other password managers on the market that have been compromised, so they didn’t make this list. Some examples are Dashlane, 1Password, Bitwarden, Keeper and KeePass. INF and Integrity First Technology Solutions both use KeePass. 

You can see in the photo above, in a password manager you have your list of passwords, then you’ll have your username and your password. So let’s say you want to login to your bank. You will go to your bank’s website, you double click on your username, and then you click paste. And it would go right into the browser and then you would double click on the password, click paste, and then it would sign you in. 

So you just have to remember that one password to open your password manager, and then you have access to all of your usernames and passwords.

Two Factor Authentication

Another thing that goes along with passwords is two factor authentication, or you might have seen it as 2FA. Two factor authentication is an extra layer of security that actually would have helped all those people that had the same password for everything. So not only do you have to enter your username and password, but then there’s an extra step. This is most likely something that you have seen before. You’ll put in your username and password and then they’ll ask if you want to receive a phone call, a text message or an email with your one time verification code. 

Once you choose your verification method, they will send you your verification code just like it’s shown in the picture above. You would put the verification code in and then you can sign in to your account. 

We definitely recommend turning this on when you’re given the opportunity to do so, because it really is a very strong extra layer of protection, and it protects your accounts from hacks. If a company were to get hacked, they would get your username and password but they wouldn’t get access to your two factor authentication, they wouldn’t get access to your phone, or your email, so this would definitely help protect your account from any hack that happened.

The weakest link in the security chain

“Companies spend millions of dollars on firewalls, encryption and secure access devices and it’s money wasted. None of these measures address the weakest link in the security chain.” – Kevin Mitnick. What do you think is the weakest link in the security chain? If you said humans, you are correct!

Questions about anything in this article?  Contact Stacey Ivol at 412-563-2106 or email her at sivol@integrityfirstins.biz

Why Is Encryption Important?

There’s ranges of encryption, but having encryption present is extremely important.

For instance, there was a person from an insurance company who went to a football game in Detroit and when he went to the restroom, he sat his phone down. He didn’t have it locked, and he didn’t have any encryption on it. Whenever he left the restroom, he forgot his phone and they actually ended up having a large data breach because whoever had the phone was able to access all his emails and any files that he had access to.

So device encryption is so important. Something as innocuous as “Oh, I left my phone in the restroom” could cause something huge. So how do you go about implementing that type of encryption?

Encrypting Apple Devices

If you have a Mac, encryption actually comes built in. So all you have to do, if you don’t already have it turned on, is turn on Filevault. You’ll go to your security and privacy settings, go to Filevault, and then you’ll click turn on Filevault. When you turn on Filevault, you’ll be able to see your computer encrypting your data – it’ll just be a little progress bar. 

Every time you then turn on your computer, you’ll have to put in your password twice, once for unlocking the computer and then once for unlocking the encryption. You’ll actually be able to again, see a little progress bar and it’ll say decrypting data. So you’ll see that it sits at rest in an encrypted state. If somebody were to steal your Mac, your data would be encrypted. 

Now with your iPhone, as long as you have iOS version 8.0 and up, and about 95% of devices do have iOS 8.0 and up, the iPhone actually encrypts as soon as you add a passcode or password. The way to check that you have your passcode or password turned on, number one, is whenever you open your phone, you have to be able to put in a password. And number two, if you go to your settings, and then click on face ID and passcode and you scroll all the way down to the bottom, you’ll see this little sentence that says data protection is enabled. As long as data protection is enabled, that means that your iPhone is sitting encrypted. 

Encrypting Microsoft Devices

Now, let’s say you have a Microsoft device. If you have a Microsoft device with Windows Pro on it, BitLocker is the encryption software that they use. If you have a Windows machine, that is the pro version, all you have to do is go to the Control Panel, look up BitLocker, and then you’ll just turn on BitLocker. And again, a progress bar will show and you’ll see that the device will now have the data sitting encrypted. 

Now, if you have Windows Home and not Windows Pro, you are able to upgrade. The upgrade costs anywhere between $100 to $120, depending upon the sales that they have going on at the time. Once you go from home to pro, then BitLocker will become available, and you can turn BitLocker on and encrypt your Microsoft device. 

Encrypting Android Devices

Finally, if you have Android devices, and you have Android 4.4 or lower under security, what you’ll need to do is add a pin and then enable encryption. If you have an Android device, that is the OS 5.0 or greater, most devices are actually encrypted by default with a password. And all you have to do is again, check your security menu to see that option. Go to your security menu and then scroll down and it will say encryption is on. So as long as you see “encryption on” your Android device is protected. 

Bonus Tip – Set Phone Notifications So They Don’t Appear On Your Lock Screen

Now, as kind of a bonus tip, one thing that can happen that you’ll show data that it’s inadvertent is if your phone is locked and your phone notifications show. So it’s possible that you could have your phone out or on a table or with another client and you could actually have a notification show on your lock screen. 

It might say you have an email from someone, it might show you the first line depending, it can show you all the text from an actual text. Depending upon your situation, you don’t typically want other people to be able to see your notifications. So we recommend turning those off. That way your notifications won’t be visible unless a password is entered. 

Learn how to do this on an Apple device

Learn how to do this on an Android device

Once you set this up, if your phone is off or in lock mode, you will not get any type of notifications that show anything without your password being entered. 

Have any questions about the topic discussed in this article? Contact us today at 412-563-2106.