By Bryan Bechard
Faculty Member, School of STEM, American Public University
October is National Cyber Security Awareness Month. President Obama is partnering with the National Cyber Security Alliance (NCSA) to start a public awareness campaign they call “Lock Down Your Login.” The idea is to encourage more people to go beyond mere usernames and passwords for authentication purposes. A number of companies are participating in the “Lock Down Your Login” campaign, including Facebook, MasterCard and USAA.
According to the White House, as many as 62% of successful data breaches could have been prevented with better use of authentication systems. These authentication systems include biometrics or dual-factor authentication to supplement usernames and passwords.
Hacker’s ‘Spear Phishing’ Stole Hollywood Celebrities’ Photos and Videos
Edward Majerczyk, a 28-year-old son of a Chicago policeman, pleaded guilty last month to hacking into the email and iCloud accounts of at least 20 celebrities. He stole nude photos and videos from them.
Majerczyk sent “spear phishing” emails to his intended victims that appeared to come from Apple or Google security. Under various pretenses, he requested their usernames and passwords. His victims provided this information, enabling him to access their email and iCloud accounts and steal personal photos and videos.
It is important to resist providing usernames and passwords in response to emails and text messages unless you have absolutely confirmed that the request is legitimate, which such requests seldom are. If you have the slightest concern that such a request might be illegitimate, contact the actual company to find out if such a request was a scam or not.
Dual-Factor Authentication Aids in Safely Accessing Your Account
You can also utilize dual-factor authentication where your password is only the starting point for accessing your account. After you put in your password, the site you are attempting to access sends a special one-time code to your smartphone so you can access that account.
In some instances, companies will send the code to you only if you are attempting to access your account from a different device than you usually use. Had the celebrity victims used dual-factor authentication, Majerczyk and other attackers would not have been able to hack their accounts.
One Compromised Account Opens the Door to a Victim’s Other Accounts
Another problem with passwords is that many people use the same password for all of their online accounts. Once one victim’s account is compromised, an attacker can access multiple accounts, including online banking accounts.
Even Mark Zuckerberg, Facebook’s founder of and a sophisticated user of technology, was guilty of this practice. During the summer, his password was stolen during a LinkedIn data breach and used to access his Twitter and Pinterest accounts.
How to Easily Set Up Strong Passwords
Everyone should have unique passwords for all of their accounts. Use a password manager if possible to generate random, unique passwords. A strong password will contain a mix of capital letters, lowercase letters, numbers and symbols. A good manual way to pick a strong password is to take an easily remembered phrase as your base password and then adapt it for each of your accounts.
For instance, you can use a phrase such as IDon’tLikePasswords as your base password. Add a couple of exclamation points to the end of the password and you have a strong password base. Then, add a few letters to this base password to distinguish it from each of your other accounts. Thus your Amazon account password could be “IDon’tLikePasswords!!Amz”. This is a simple way to create easy-to-remember, unique passwords for all of your accounts.
About the Author
Bryan Bechard is the CISO for an automobile finance company; he previously worked at Comcast and HSBC. He holds a Master of Science in information assurance and the following certifications: CISSP, GPEN, CRISC and Toastmaster. Bryan has been an information security instructor for 10 years and a security professional for 16 years.
Comments are closed.