(869) 466-6624 info@theitfacility.com

PROTECTING YOURSELF ONLINE – PART 2

Passwords

Once you realise that passwords are the weakest link in protecting your online accounts, then you’re some way towards protecting your online accounts.

So why are passwords so vulnerable? Because they depend on us, and for the most part people are lazy. Too lazy to think of difficult passwords and certainly with the modern day connected world, the average person might need at least a dozen strong passwords that they can remember and therefore it’s too difficult. Let’s face it, and I don’t want to single out anyone here, – you know there’s a but coming right!? – but if the best password Mark Zuckerberg with all his resources and knowledge of the risks could think of was booboo (and he used it on several accounts), then what for the mere mortals among us.

As I said I gave up trying to remember passwords some years ago. There were too many accounts and what one thought might be a strong password was laughed at by the service provider, I mean I didn’t even get a frowning face.

So pick a Password Manager, I use one that works on many platforms or Operating Systems, such as Android, iOS, Linux, MacOS and of course Windows. I can hear your next question, honestly I don’t even have to concentrate or listen carefully. “So what if that service is hacked?” you say.

Well this has happened coincidentally to the service I use. So here’s a tip I recommend and use. It’s a great technique and I’d like to say I thought of it but I can’t claim the credit. So here’s how it works, as we see in the example below, we’re required to create a password

password-generation-sh1

The crescent shaped arrows indicate that the password generator can create a password for you. Here we see that LastPass has generated a password and if I choose to use it, the password and the website would be recorded in it’s database under my account.

password-generation-sh2Having used the password manager to generate a password and saved it in the password manager’s database, we can go ahead to the website’s change password dialogue box as below. Then you add M@ng0s say to the end of the password on the site you’re creating the account. You could use the same ending if you wish or different endings for some sites, say Banking or Social Media. Now, should the Password Manager’s site be hacked and the password stolen, the hackers ONLY have half of a password! You only need to remember your special ending. Look at the example below.

password-generation-sh3So having recorded ONLY the portion of the password generated by LastPass in the LastPass database, I can continue to add my M@ng0s portion to new password field on the website, and press the Set new password button. Now the password recorded by the Devex web site contains both portions of the password, the randomly generated portion created by LastPass and the M@ng0s portion I added.

There are two other things to remember, The first is that, you do not need to record the username or e-mail address in the password manager. There are two things needed to sign into a system, a username (often an e-mail address) and a password. By only recording the randomly generated passwords in the password manager, if the password manager service is hacked then the hacker only has a password or piece of a password. When you visit the a particular site the password manager may enter the password for you, but you are required to supply the username or e-mail address.

The second is that this technique offers no protection if the website or service themselves are hacked and usernames and passwords are stolen, since the hacker would have access to the complete password and the username. Over the years, there are steps web service operators take to protect passwords should they fall into the wrong hands.

Now for those of you thinking I’ve given you my password in the screen shots, that’s not actually a part of my current password, it’s for “training purposes” only, and in any case you would only have half of a password, and still need the correct username! However in part 3, I’ll demonstrate a method of protecting your account should your username and password become known to a third party.

If you have a comment or thoughts on this or a better technique then feel free share them.