Security Awareness Training - Password ManagementOctober 20, 2019 |
Before starting this article, take a few minutes to check www.haveibeenpwned.com. Type in one or more email address that you often use when signing up to websites. Hopefully, you will find that you have not been affected by a data breach. A data breach as defined by techtarget.com as “a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.” With the world more connected than ever, how do we make sure our information is protected? Protecting the data of its employees and/or consumers can be extremely difficult for any organization. Many companies do not make its money from protecting data and because of that, security takes a back seat to what is more profitable. Data breaches have been prevalent in recent years with big-time breaches such as Experian in 2017 which exposed the Personally Identifiable Information (PII) of millions of people. This doesn’t all happen solely from a hooded figure frantically typing commands to access a company's infrastructure. Companies oftentimes don’t have the necessary security resources to securely configure their assets. Companies instead end up with misconfigurations, of which script kiddies (people with no skill in cybercrime but copy and use code that was created by a skilled programmer to break into computer systems) can take advantage. With small and big companies alike showing negligence with our data, we need to find ways to protect ourselves. One way to do that is by using strong passwords and making sure we aren’t using the same password for every site we sign up to. If you’re like how I was prior to getting into cybersecurity, you will have 2, maybe 3 passwords with slight changes mixed in. Let’s go back to Have I Been Pwned, this time check if your most common passwords are in their database for passwords previously exposed in data breaches: https://haveibeenpwned.com/Passwords. Hopefully, you’re in good shape. Apple has taken up the mantle for data privacy amongst the big tech giants, whose technology we use regularly. It has done a few things that I am fond of. Since iOS 12, Apple has had a feature that suggests strong passwords for you to use when signing up to sites. Fortunately these passwords are saved in your iCloud keychain so that you don’t have to memorize them. With its new iOS 13, Apple has made it mandatory for all apps that offer third-party sign in to also include a sign in with Apple functionality. For a few years now, it was hard to not come across a website that did not allow you to sign in with Facebook. We’ve recently seen in the news how Facebook treats data. A good thing about sign in with Apple is the ability to use a burner email address which will root emails to your actual address in the backend. More information about sign in with Apple is detailed on TechCrunch at https://techcrunch.com/2019/06/07/answers-to-your-burning-questions-about-how-sign-in-with-apple-works/. What about the people that aren’t a part of the Apple ecosystem? I say to you, get yourself a password manager. Although I have an apple device, I don’t want to be reliant on a single source of failure. If something ever goes wrong with my apple account, I have the Lastpass password manager. With Lastpass you are able to organize and access your site passwords, ssh keys, bank account information and forms all for free. Lastpass can also be integrated with both android and iOS phones to easily sign in to your accounts. The following instructions are for setting up Lastpass on both. - Android: https://helpdesk.lastpass.com/lastpass-mobile/lastpass-for-android/ - iOS: https://helpdesk.lastpass.com/lastpass-mobile/ios/ This isn’t the only way to protect yourself, but it is a good place to start. When I was in elementary school I often heard advice like “don’t speak with strangers”, and “don’t get in cars with people you don’t know.” There are a few cybersecurity guidelines that not only children but everyone should follow. Not using the same passwords for everything you use is one. The best way to understand something that you’ve learned is to teach it to someone. As discussed in my first article, I’m using this site as a way for me to learn and grow. Being that I work in cybersecurity, I will continue to write cybersecurity related articles every now and again. Explaining these topics will help me and hopefully help you.