How To Protect Your Online Accounts From Being Breached

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For example, hacked social media accounts will go for between $30 to $80 each.

The rise in reliance on cloud services has caused a big increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.

Having either a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft, and more.

To make matters more challenging, users are still adopting bad password habits that make it all too easy for criminals. For example:

  • 34% of people admit to sharing passwords with colleagues
  • 44% of people reuse passwords across work and personal accounts
  • 49% of people store passwords in unprotected plain text documents

Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA) is the best method there is to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.

When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you significantly increase account security. In most cases, a hacker is not going to have access to your phone or another device that receives the MFA code, thus they won’t be able to get past this step.

The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.

Use a password manager for secure storage

One way that criminals get their hands on user passwords easily is when users store them in unsecured ways, such as in an unprotected Word or Excel document or the contact application on their PC or phone.

Using a password manager provides you with a convenient place to store all your passwords that is also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.

Password managers can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.

Review your privacy settings

Have you taken time to look at the security settings in your cloud tools? One of the common causes of cloud account breaches is misconfiguration. This is when security settings are not properly set to protect an account.

You don’t want to just leave SaaS security settings at defaults, as these may not be protective enough. Review and adjust cloud application security settings to ensure your account is properly safeguarded.

Don’t enter passwords when on public Wi-Fi

Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out on public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive data, such as login passwords.

You should never enter a password, credit card number, or other sensitive information when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app, which encrypts the connection.

Use good device security

If an attacker manages to breach your device using malware, they can often breach your accounts without a password needed. Just think about how many apps on your devices you can open and already be logged in to.

To prevent an online account breach that happens through one of your devices, make sure you have strong device security. Best practices include:

  • Antivirus/anti-malware
  • Up-to-date software and OS
  • Phishing protection (like email filtering and DNS filtering)

An Easier Way To Secure Your Password

Mark Funchion is a network technician at Tech Experts.

Between new threats and new tech, security is something that can always be improved upon to make sure your systems are as secure as possible. Passwords are the first level of security, and the area that seems to cause the most headache for end users and IT managers.

In an ideal world, every password would be super complex. For example, a 32-character randomized password with capital letters, lowercase letters, special characters, and numbers. This is possible with a password manager – or if you’re really skilled at memorizing random character strings (unlikely).

The reality is that this does not occur, leading to most of us using a password that is not as secure as hoped. There are a few ways that attackers gain access to our passwords, and the most common methods are an algorithm that “cracks” the password and guessing. Usually, these two are combined, creating databases that nefarious individuals can use for gaining access to your accounts.

The biggest issue with passwords is the human factor. We like things to be simple, so we use things that are familiar. When we have to change a password, we change it in predictable ways, and usually write it on a sticky note.

Let’s look at “Password” as a password. Yes, it’s terrible, but really, it’s eight characters with one capital letter. A password cracker will break “Password” the same as it will break “ushtGsgt.” The second example will just take a little longer to crack because programs try common words and phrases first, then start brute-forcing every combination.

Again, looking at human nature, if one hundred people are asked to make the word “Password” harder to guess, most will swap the “o” for a zero. That’s then added to the list of words and phrases checked first. If the same one hundred people are asked to add a special character and a number, most will probably create something like “Password1!”

Why? Because it is easy to remember, and the “1” and “!” are convenient. Since so many of us will use the same variations of passwords, these become common and therefore are more easily broken.

These reasons are why it’s recommended to use three uncommon, unassociated words as a password (and to not use that combination for all your passwords). For example: “GiraffeDiamondCoffee.” An algorithm will still crack this eventually, but it’s easier to remember and not easily guessed so it will take a while to crack.

The longer it takes, the less likely they will actually get to your data. By using three different random words for your passwords, it is much less likely that your combination of words ends up in the frequently used list, adding more security. You can also easily add numbers and special characters to meet security requirements as needed.

The best practice is to use a password manager and use super complex passwords. Otherwise, using three-word passwords like “GiraffeDiamondCoffee” can boost your security. It may look easy – but it is a 20-character password, so it’s more secure than “P@$$w0rd1!”

Computers that are cracking passwords will try every combination and can test over 100-million per second, so a 10-character password (even with numbers and special characters) only has so many combinations. However, a 20-character password using only capital and lowercase letters like “GiraffeDiamondCoffee” has even more. While the second password seems much easier to crack to the human eye, it’s much more complex in reality.

Do yourself a favor: change how you create your passwords and make your information that much more secure – without making it impossible for you to login to your applications and websites.

Changing Your Password Has Changed

If you didn’t know, changing your password regularly is so 2018. No, as ever in the world of tech, things have moved on and there are better, easier ways of doing it now.

We’re not suggesting you stick with the same password you’ve been using for the last 10 years. And certainly not suggesting you use the same password across multiple apps.

Today, the most secure way to keep your passwords un-hackable is to utilize a random generator for each new password. And then use a password manager to keep them all safe for you.

A random generator will create passwords you couldn’t possibly remember yourself – even if you could recite pi to 100 digits. They’re really… random. Which is perfect for keeping your accounts secure.

The password manager comes in and stores these passwords safely for you. So no more jotting down random characters in the back of a notebook.

Together, they make the perfect team. And we suggest that you get your own team to use them, now.

If you’re unsure how to set this up, or you would like some help to find the password manager that would be best for your business, call us at 734-457-5000. We’d love to help.

Make Remembering Passwords A Thing Of The Past

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too.

This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the
Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a password manager
Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager.

The best password managers let you customize how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

We can set you up with an Enterprise Password Manager (the one we use) and train you and your team on how to best use it – simply get in touch!

Turn on multi-factor authentication (MFA)
As well as setting up a password manager, turn on multi factor authentication (MFA) wherever possible. When you log in to your accounts, you’ll need to enter an additional security code as second means of keeping your account secure.

These codes can be sent to you by text message or email. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds. Some applications also support a hardware security key that you plug into your computer or that displays security codes that rotate every 60 seconds.

Multi-factor authentication is available on most software and is considered a highly effective tool against hackers.

Even if they’ve got your login details they can’t get in without your phone.

We recommend you implement this for all apps your staff use.

After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process – just give us a call!