Secure Passwords

Full article

Not too many people are going to get excited about the topic. However, almost all of us will have some important online accounts, not to mention network access and client database security, etc., for many business owners and employers. Here are a few guidelines:

Here are the Top 5 most used trivial passwords, which are about as good as no password at all:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111

Have a look at this web page from CNN Business, it provides an interesting overview of trivial passwords, computer and password security.

Some of our online accounts matter, in the ‘serious’ sense, and some don’t. Each onto their own in terms of that judgement, but in general I would not regard social media as ‘serious’ accounts, though opinions might vary on that.

The ‘serious’ accounts probably hold more detailed personal information about us, more ‘marketable’ on the dark net. So if just your own account is compromised because someone got your login details, your personal information may be vulnerable. But, if the service provider’s client databases suffer a breach and data exfiltration, not all service providers hold client information in securely encrypted format, and your details may be exposed as one of thousands or millions of records. These could be put up for sale on the dark net or exposed publicly. For a disturbing example, Google the Ashley Madison data breach which occurred in 2015. If your password is secure it may help prevent the hackers deciphering your account and accessing your details in the event a service provider suffers a data breach.

Banks these days have pretty solid security on online accounts, such as User ID, PIN, minimum requirements on password length and complexity, two-factor authentication (usually via sms code or smartphone app) and so on. So if someone gets your User ID and password details, they would also need your 2-FA device before they could access your account. Nothing is 100% secure but this is currently as close as practicable in the real world.

Now is a good time to review where you are in terms of secure passwords and remediate where appropriate.