DIGITAL SOLUTIONS

How to create mega-passwords and impenetrable credential vaults

We’d like to explore credentials in more depth and introduce you to some tools that you can use to ensure that yours are never compromised.

September 26, 2017

In the first article of our Cybersecurity life skills series, we explained how our digital lives can expose us to the risk of identity theft, fraud and ransomware, and that most of the time, the risk to our identities comes from our credentials. This time, we’d like to explore credentials in more depth and introduce you to some tools that you can use to ensure that yours are never compromised.

Our usernames and passwords are the controls we use to protect our financial information, health data, and other personal details. A strong set of credentials is the first line of defense against intrusion, compromise, and the messy world of identity theft. Remember, if our credentials are compromised, then someone is able to ‘become us’ in a digital sense, so we all need to understand some of the basics to better protect ourselves.

But how exactly do our credentials become compromised? This can be done in a number of ways:

Social engineering: If your privacy setting on Facebook is set to ‘public’, anyone who isn’t a designated friend – in fact complete strangers – can visit your profile and view not just basic information such as your profile, gender, or username, but also all the personal updates you’ve shared via your Timeline. By scanning profiles, cybercriminals can easily gather information such as the names of pets, spouses, and birth dates and use these details to guess what individuals’ passwords might be.

Brute-force attacks: A brute-force attack involves an attacker systematically checking all possible password combinations until they find the correct one. Using sophisticated tools, hackers can attempt billions of combinations per second, and even introduce numbers and symbols into the mix.

Email phishing: We’ve all seen the warnings from banks that they’ll never send emails requesting that you click on a link or download a file. Banks know that attackers are impersonating them, attempting to gain your banking credentials through deception. Likewise, cybercriminals adopt variants of this technique, using emails to gather credentials. This is commonly known as ‘phishing’ or, in the case of targeted attacks, ‘spear phishing’.

Untrusted or pirated software: Those who make use of untrusted or pirated software risk exposing their systems to dangerous viruses. These viruses can install key-logging software which records every key the user strikes on their keyboard, without their knowledge. This gives cybercriminals access to their target’s usernames, passwords, and other personal information which they can then use to impersonate or defraud the victim. Other types of malicious software are designed to crack encryption mechanisms.

Clearly, raising our defenses against such attacks means ensuring that we create passwords that are long, complex, and unique to us, for every separate service we use. But the truth is it’s hard to remember all the passwords and pins we use for each of the systems and devices we make use of, so we end up re-using them or writing them down.

The good news is that there are tools available that can help us to balance security with usability.

Here are the 5 steps:

1. Select a password management system such as KeePass, LastPass, and Keeper which allow you to securely store and manage all of your credentials, from a single location.

2. Create one really strong password that you’ll remember – ideally something that means something to you. For example, if you own a particularly talkative parrot, your password could be something like percytheloudmouthedparrot. Then you could make it even stronger by mixing upper and lower case letters and introducing numbers, for example by changing the letter ‘o’ to zero, and changing ‘e’ to ‘3’ and including symbols. Now that kind of password is unlikely to become vulnerable to brute forcing or easily compromised! It becomes your‘mega-password’ through which you access your password management tool account. You can change your ‘mega-password’ at any time.

3. Link that password to a specific, free email address that you don’t use for anything else. (Note: If you receive emails to this account it may indicate that it’s under attack or already compromised, because its sole purpose is to retrieve or change your ‘mega-password’.

4. Once you’ve set up your account, the system helps you generate unique and similarly complex passwords and authentication methods for every service or system that you use.

5. The system essentially becomes the ‘impenetrable vault’ for storing all the usernames and passwords that you use in your daily life – but you only need to remember your one ‘mega-password’.

For us, this approach has provided a simple solution to the challenge of remembering all our different passwords and navigating multiple security controls. In the next update of our Cybersecurity life skills series, we will exploresome of the ways we can better protect our nearest and dearest – children, parents, grandparents, and friends – from fraud, cyberbullying, online predators, and more.

Watch video

In the same category