Longer is stronger when it comes to s

HOW many online services do you use? This is probably difficult for you to count as so many websites and online portals have become part of our daily lives.

We have our banking, social media, shopping, news, streaming services, gaming and many others all available to us at a click of a button or swipe of our finger.

Now think about how many s you have? The chances are you have very few or maybe just one. For the s you do have, do they contain some of your personal information like your date of birth or a part of your address or a family member’s name?

This is exactly what cyber criminals are hoping for when they launch ‘Brute Force’ attacks using software that will try to guess your using millions of variations of common words and symbols.

Cyber criminals can also get access to your sensitive data when they purchase credentials that have been stolen as a result of websites like LinkedIn being hacked in the past. When they get their hands on one set of your credentials it is likely they will be able to use them to access other services. This is called ‘Credential Stuffing’ and their goal will be to use this data to get access to your banking or credit card details.

Once you are compromised, they could then go on to attempt to scam family or friends that you have as s.

We sign up to so many services without really knowing how securely our data is being stored, and with so many data breaches happening it is only a matter of time before your credentials get into the hands of one of the bad guys.

You can check if your credentials were ever stolen using a website called www.HaveIbeen Pwned.com, you may be surprised with the results. Huge lists of credentials are regularly ed to the Dark Web where many other hacking groups will try to use them for financial gain.

The truth is, trying to create unique and complex s across many different services is near impossible. Humans are just not good at that level of recall. There are, however, some tips that can make life a lot more difficult for the criminals.

Using a manager

There are online services that will help you manage your s. A manager will securely store your s and help you to create unique, complex s for new services you sign up for without the need to them.

You will need to create and one very strong to access the service and the manager will look after the rest for you.

If the thought of keeping all your eggs in one basket makes you nervous or you are put off by the costs of these services (usually a few euro per month) there are other ways to reduce the risk of your being compromised.

Prioritise your services

Without a manager it is going to be difficult to a different for every service you use. To help with this you can prioritise your services.

The you use to access your email is the highest risk you own; if an attacker can get access to your email they can very likely jump to other services that you ed for using that email address.

Any other services that store sensitive personal details such as your banking or credit card details also need a strong unique .

For services like news or weather apps you could use a generic as the risk is low if these services are compromised.

Longer is stronger when it comes to

s

It is now accepted that the most difficult s to crack are longer phrases rather than shorter very complex s. A phrase should be approximately 4 words long or at least 15 characters.

You could use a line from your favourite song or quote from your favourite TV show. For example: Fr. Ted My Lovely Horse could be turned in to a long to include capital letters, symbols and numbers to meet the criteria of most online registrations. Like TeDMyL0ve1yH0r$e

Once you have a phrase you can then add a modifier to it that will help you distinguish among the services that you use. For example, adding the modifier below for Facebook. TeDMyL0ve1yH0r$eFBK1.

Adding another factor

Many platforms now offer multi factor authentication (MFA) to to their services.

Essentially, this adds another layer of security to your should it fall into the wrong hands. This can come in the form of biometrics, such as your fingerprint, or a unique code that is sent over text or through an authenticator app. If this is an option within the services you use, you should take advantage of it, generally they are designed to work very quickly and won’t slow you down too much.

It may seem a lot to take in, but if we all began to move away from short s to longer, more difficult-to-hack phrases, and took advantage of multi-factor authentication where it was available, we would greatly reduce the risk of a compromise and the very damaging financial and personal impact that can come with that.

ABOUT THE AUTHOR

John-Ross Hunt is a Product Manager with Cyber Security leaders Trend Micro, specializing in the area of enterprise security awareness training with the product Phish Insight.

Tomorrow: Safely browsing the internet.