Page 18 - PA_Enterprise_March-2024
P. 18
PAE
asking to be hacked. Here’s a better example, like Google Authenticator. By incorporating
which might be more applicable for you Gen two-factor authentication in conjunction
Xers: In1984VanH@lenRock$! Although with a complex passphrase, you are greatly
these passwords are not the gold standard of minimizing your chances of being hacked.
good password management, they are useful While not perfect, two-factor authentication
for those who will not regularly use good provides the user with something that any
password hygiene outlined in the higher levels security professional will tell you is of value: It
of online protection. makes you that much harder of a target, which
usually means your adversary will likely move
Level Three: A password phrase that on to easier victims.
utilizes a pattern
This is a password that can be incorporated Level Five: Password manager software
across different platforms, but is just different with two-factor authentication
enough to allow for that password not to be Knowing that a complex passphrase coupled
used twice. For example, if you have various with two-factor authentication is the best way
social media accounts, you could use a word to secure your login information, the problem
with a color (and unique number/character remains of memorizing, recording, and/
pattern) across those accounts. For example: or sharing this information. For this reason,
Instagram — urRED!@7am&8pm, Facebook it is recommended that organizations that
— urWHITE!@7am&8pm, LinkedIn — share login information have employees
urBLUE!@7am&8pm. use a password manager software, such as
1Password or Dashlane.
A word of caution: some organizations
demand that passwords be changed every While still not infallible, a password manager
90 days. Sometimes individuals use the helps employees who might practice
four seasons to align with the required poor cyber hygiene prevent data from
update times. For example: ‘Spring2023!,’ unintentionally leaking out. It also allows for an
‘Summer2023!,’ ‘Fall2023!,’ ‘Winter2023!.’ immediate lockout of an employee who was
Again, a professional hacker will be able recently terminated, without having to waste
to crack this code in under a minute. Use a time on an overall organizational password
combination that is specific to you — and only reset.
you (and stop using ‘!’ so much — try using ‘+’ Shared accounts pose an inherent risk. The
or another less-common symbol).
moment you share a password with another
Level Four: A password phrase with two- person, vulnerabilities increase and so does
factor authentication the likelihood of being hacked. If you’re going
Two-factor authentication is recommended to share a password, it needs to be changed
for more sensitive login accounts, such as at least every 90 days and as soon as anyone
with banking information, work emails, and with access to the password leaves your
file sharing. This can rely on a confirmation organization. Most large public and private
text, email, biometric, or token, whether it’s organizations mandate this frequency of
a physical fob or an authentication system updating passwords. Just make sure to avoid
18 March 2024
