Where is this coming from?

I met somebody earlier this week who had been in one of my training sessions earlier this year. They had been going on about the changes they had made as result of that training course. The main one he was delighted with was the use of an authenticator app for multi-factor authentication or two factor authentication.

He had put this on, on many of his accounts and he was delighted with it. Because when he had checked his email addresses on www.HaveIBeenPwned.com he found that he had been in a number of data breaches and that his passwords had been exposed in those data breaches. So he made absolutely certain put on multi-factor authentication on those accounts.

That sounds like a good course of action

Then I asked him “and you changed your passwords. Right?”

He said “No. No. I can never remember … I always forget my passwords when I change them. So I use the same password all the time. But now the accounts are fully protected sure with the MFA.”

What is wrong with that?

But I was explaining to him that if he continued to use the same password, that has been included in a data breach, then this is going to be in the public domain and criminals are going to be using that password to try and break into any other accounts that he might have, that he might not have protected with MFA.

So poor passwords and MFA is not a good idea

So really he needed to go and make an investment and get himself a password manager and I reiterated that and I will always keep saying you should use a password manager to generate unique long strong passwords for every single account that you have online. Let the password manager remember them. That’s it’s job.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 090 Poor Passwords and MFA appeared first on L2 Cyber Security Solutions.

Who said that we should stop changing passwords regularly?

No I’m not crazy. I have long had a problem with frequently changing passwords. I’ve never believed that they are a good security thing to do.

Back in 2017 the National Institute for Standards and Technology (NIST) changed their guidance on regularly changing passwords.

What is the problem so?

Because the thing with regularly changed passwords is they’re usually short, which short passwords are weak, so we’re talking about 8, 10 or 12 characters and they can be easily cracked fairly quickly. A regularly changed password usually has a number in it which just gets incremented every time you change. So Password1, Password2, Password3.

So if somebody cracks your password from 2 years ago, they have your password. They just go through all the numbers. They increment the numbers until they get in. So that’s why regularly changed passwords are bad.

What should I do instead so?

You should really use like a passphrase such as:

MaryHadALittleLambItsFleeceWasWhiteAsSnow

That is 40 characters of super strong not easily broken password.

But even better yet, use a password manager to let it generate unique passwords for every single site and service. Making them long and strong and not easy to break. So please stop changing passwords regularly. Only change your password on an application or a site if you believe it has been compromised.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 064 Stop Changing Passwords Regularly appeared first on L2 Cyber Security Solutions.

Password Best Practices

This will be a simple week of do’s and don’ts around passwords.

Do use a unique password

Use a unique password for every single site, service and account that you may have.

Do use a long password

And do use long passwords for those sites, services and accounts. I’m talking about 15 characters or more for the passwords.

Now your probably thinking “How the hell am I going to remember long passwords like that, for the dozens and dozens of accounts that I have?”

Do use a password manager

Get yourself a password manager which will do the remembering for you. All you need to do is remember a single master password, for the password manager. Now make that one password nice and long, like 20 characters or more. But that is the only password that you need to remember. The password manager can then generate really long, complicated passwords for all of your accounts for you. And it will just remember them for you.

Don’t share your passwords

Don’t share your password with anybody else, because sharing a password with other people might be considered a data breach. Because they may suddenly have access to data that they shouldn’t do.

Don’t regularly change your passwords

And finally don’t change your passwords on a regular basis. Passwords that are changed on a regular basis usually end up with numbers at the end of them which get incremented each time the password is changed and that is really, really poor. You should only change your password if you suspect it has been compromised.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

www.L2CyberSecurity.com

www.twitter.com/L2Cyber

The post #WeekendWisdom 016 Password Best Practices appeared first on L2 Cyber Security Solutions.