Sectorlink's Blog

With hacking and pirating becoming more and more frequent, it is essential to ensure that you protect your information. Strong passwords should be a random string of characters or a combination of letters and numbers (alpha numeric). Some login screens or systems will support spaces, so you could even have long phrases such as “my mother likes to go to shopping every Sunday,” which may be easier to remember because you are memorizing a phrase, rather than a complex password such as apdso8fi324324k2olp, etc.

If you have 15 characters or less for a password encryption, you may consider using keys throughout the entire keyboard, not just something simple, such as, for example, a last name and birth date or your pet’s name with their birth date, etc. By making the password something that is not easy to type in quickly, such as 0.2fpzql-4j2pb5, a person has to literally go all over the keyboard to type in this password, which is not what would commonly be done. Some systems are case sensitive, so you can mix in capital and lower case letters. Be inventive and creative. Most importantly try avoiding typical password phrases such as admin or administrator. These are common login’s that can be frequently hacked. Also, do not use short passwords, such as 3-4 letter passwords, use at least 8 or more. If you only have 15 characters, use all 15.

Next, and most importantly, DO NOT give your password out. This is a common mistake that people will do because they may trust someone they THINK will be responsible in keeping this information a secret. NEVER give your password out. If you have to have developer’s work on things, such as for example, your website or a database, always try to have a different login name and password for them to use that you can later remove when they are done. If they are working on something and it cannot be completed in one day, have the password changed immediately and let them know the new password and/or login information when they need to work on your application again.

Never provide information via a regular email. Always try to use secure mail or contact the person via telephone (and verify you are speaking to the correct person). Email can always be intercepted during the sending process. Identity theft and online fraud is growing, so do what you can to protect yourself.

Try to change your password and if possible, even a login name as frequent as possible, once every week or every other week, or once a month. Always use something different -- don’t use the same password on a regular basis such as every third month I will use “this” password and every 5th month I will use “that” password. Again, if you have trouble remembering your password, use long phrases when possible.

If you have several passwords and you need to write them down in a document and store it on your computer, make sure that you are able to password protect the document. Programs such as Microsoft office will allow you to set a password to a document to even view it. Use a password that you know you will not forget to even protect this type of document and as always, change that password on a daily or at least, a weekly basis.

A good guide is: http://en.wikipedia.org/wiki/Password_strength
(make sure to view the “examples of weak passwords” section. If you fall into this category, I would suggest that you make a change to ensure better protection.)

Always make sure that when you are logging into an account that would like you to keep credit card information or any other crucial financial information that you are logging into the correct website or secured location.

Check out this website to have your password tested:

http://www.securitystats.com/tools/password.php

You can even have passwords generated for you:

http://www.mytsoftware.com/dailyproject/PassGen/PassGen.html

Well, how did my password get stolen in the first place?

When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:

1. There are programs designed to guess a user’s password. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.

Here is a good tip: It’s best to steer clear of any personally identifying information when creating a password.

2. There are programs and software that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.

Here is a good tip: Staying away from actual words, even in a foreign language, is recommended.

3. By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.

Here is a good tip: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.

4. Phishing scams usually try to hook you with an urgent instant message or e-mail message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony web sites designed to trick you into providing personal information, such as your user name and password.

Here is a good tip: My best advice is do not click a link in any suspicious e-mails, and do not provide your information unless you trust the source.

5. Passwords are not always stolen online. A hacker who is lurking around in a computer lab, cybercafé or library may be there for the express purpose of watching you enter your user name and password into a computer.

Here is a good tip: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.

What should I do if my password is stolen?

1. Immediately change EVERYTHING. This means change all user names, passwords, any online information that is critical such as stored credit card numbers etc., online security password phrases (i.e. a challenge password to have information about the account given to a caller, etc).

2. Call all financial institutions and change everything or claim that your information is no longer secure and account numbers will need to be changed.

3. Contact web-based companies that store your financial information and have this information removed or changed.

We are here for YOU!

As a valued Sectorlink customer, we are always happy to assist you to prevent headaches such as the aforementioned. Please contact us any time should you need any assistance with these matters.

Your Sectorlink Technical Support Representative,

Jason Stockler
www.sectorlink.com
support@sectorink.com
jasons@sectorlink.com