Dumb passwords lead to compromise

You may think it obvious, but it still apparently needs to be said – using dumb passwords will lead to a compromise.

When I worked with the state police, the hacking investigations I worked on typically fell into one of two categories: disgruntled (ex)employee, or dumb passwords. Things aren’t much different in the private sector, either – but often the stakes are much higher. Yes, there are more sophisticated attackers, but most of the time it simply comes down to obviously bad security practices.

When I saw the title of this article (“hacked via RDP really dumb passwords“), I couldn’t help but sigh – this is exactly what I see time and again, and we just don’t seem to learn.

As a new years resolution, how about we all change our passwords? And yes, I said passwordS… plural. You do use more than one, right?

My security tips for the new year:

  1. Use different, strong passwords on everything
    Yes, this can be difficult, but there’s help available. Use a password manager – I like LastPass, but there are plenty of password managers to choose from). A good password manager will generate secure passwords for you, and keep them all safe (but easily accessible by you). If storing the passwords online (like with LastPass), see my next point.
  2. Enable two factor authentication if available
    This usually means mixing something you know (like a password or PIN) with something you have (like your phone or a physical key), and makes it impossible for a hacker to access your account by guessing your password alone. The list of online services that currently support two factor authentication is growing and currently includes sites like Google, Facebook, Paypal, Apple, Twitter, Dropbox, and many more.

There’s plenty more we can do to keep ourselves secure, but how about we just start with those two? I’d really love 2014 to be the year where we all start taking a bit more control of the security of our online (and other) accounts. Let’s all make it happen, and have a fantastic 2014.

RSS feed for comments on this post · TrackBack URL

Leave a Comment