Weak passwords: IT consulting firms see them all too often. In spite of their known prevalence, businesses still use common passwords like “password” or “1234.” Poor passwords risk giving hackers access to private documents, servers and credit card files that businesses are obligated to keep safe – and a security breach can ruin the reputation of a company. Advanced Persistent Threat The Advanced Persistent Threat (APT) attacks in the computer world are more than your average virus or malware. An APT specifically refers to the threat a person or entity poses when it wants something you have and is willing to invest the time and resources to get it. For example, an APT could be a hacker who’s determined to get the credit card and personal identity information of all your customers or gain access to your social media networks.
APT attackers are making IT consulting firms and IT security pros rethink security design, defenses and approaches as the traditional methods are becoming less effective with advancing technologies. Password Developments Passwords are only as good as their unpredictability.
In 2010, researchers at the Georgia Tech Research Institute conducted a study about passwords and concluded that the best ones weren’t necessarily those that used a combination of special characters, numbers and capital letters. Instead, the best passwords are those that have at least 12 characters. There are 94 characters you can use on a keyboard, and the theory of probability states that the more characters you use in a password, the harder it is to break. For example, if you have a three-character password that uses only letters, it will take only 140,000 tries to guess it. This isn’t hard for a computer. On the other hand, if you have an eight-character password that incorporates any of the 94 keyboard characters, a hacker would have to run through 722 quadrillion guesses. With the realization that longer passwords were harder to predict, many systems enforced password rules that made people select a random combination of special characters, letters and numbers. However, the problem with a 12-character password is that it’s hard to memorize.
The password length prompted a new term in the computer world: passphrase. Passphrase rules bypass most of the traditional password rules, except for minimum length. While you could create a random 12-character passphrase, many IT consulting firms use the following methods to create a passphrase: • Choose four words. IT consulting firms state that a good passphrase can simply consist of a combination of four (or more) unrelated words you choose at random. • Use the first letter from each word in a rather long sentence. The previous sentence has exactly 12 words. If you were to use the first letter from each word, the passphrase would be “utflfewiarls.” • Substitute characters to make a passphrase more complex. For example, you may choose to substitute the word “a” (like in the example sentence) with the % character. The more substitutions you use, the harder the passphrase is to break. To help enhance the security of your business, consider working with a consulting company. IT consulting firms can help you develop effective password configurations and train your staff to use the enhanced security measures.
This article is written by Rod Biagtan of Prosum Technology Services.
Prosum provides IT consulting, cloud support services and IT staffing in Los Angeles and Orange County.