A Reminder From Yahoo: Change (And Improve) Your Passwords

A Reminder From Yahoo: Change (And Improve) Your Passwords

YahooLogo

On January 31, 2014, Yahoo announced that a major theft of mail account passwords had compromised an “ undisclosed number” of accounts. Writing from the Yahoo Tumblr blog, senior vice president in charge of Yahoo’s platforms and personalization products, Jay Rossiter, pointed out the attack was a result of a third-party database being compromised, and not from Yahoo’s own systems directly. In addition to explaining the steps Yahoo was taking to protect its members, Mr. Rossiter reiterated the importance of individuals adopting better password security habits as a general rule.

Such password thefts have become a regular occurrence, and often happen when thieves discover a weakness in the overall system – anything from a misplaced laptop to a weak password owned by a system administrator.

In January 2013, for example, a number of US banks suffered a cyber-attack known as a “Distributed Denial of Service (DDoS)“, in which zombie computers repeatedly and continually connected to the banks’ websites many times a second, making them inoperable to any other users. In the case of the bank attack, the technicians from security firm Incapsula [www.incapsula.com] were able to detect it and close it down before any damage was done. In tracking its source, they found that the DDoS instructions were relayed to a number of infected computers – the type that many millions of people use every day – through an innocent small business website located in England, and an overly simple password, “admin” was at the root of the problem. Click here to read the full CloudTweaks article.

With technology getting increasingly more sophisticated and instantaneous, it remains a permanent horserace between those who wish to use the Internet for business, entertainment and life, and those who wish to use it to create destruction, or to fuel crime. To the bad guys, everything is an opportunity. Consider online payments, for example. Most ordinary online consumers, when preparing to pay with their credit card, carefully check to ensure the presence of the “https://” marker at the beginning of a page’s address, which signifies sufficient encryption, and they then carefully type their credit card number into the panel reserved for just such a purpose.

Bad guys, however, see that credit card number window as something much more: it’s an open channel to a much bigger matrix. By entering a different set of code into that same space, they are able to convince the computers on the other side that they should be let in to distribute their payload. It’s known as an SQL injection. Where most people see a single-purpose form, they see a doorway. That is the difference, and it is something that must remain top of mind for all managers, not just those in IT. Passwords, much like bicycle locks, tend only to keep the good guys and amateur thieves away.

This doesn’t mean that average people are without resources, but it does mean that additional effort must be expended to make hacking more difficult, as thieves, by nature always seek the easiest route. One of the best ways to do this is to make passwords more difficult for them to guess. The most common password in use in offices across the country is still the word “password,” and the next most popular is “123456.”

People generally find it annoying to have to remember many dozens of passwords. They find it even more annoying to have to change them regularly, and even more annoying when the password requires complicated combinations of letters, words and punctuation. However, regular change, and complicated strings are essential. It makes no sense to use easily-guessed passwords such as your child’s name, or easily-deduced challenge/answer questions such as “what is your mother’s maiden name,” since these facts can be easily looked up online.

As a manager it is essential to encourage all staff – including system admins – to create passwords that are extremely difficult to crack, and which are not left lying around. This can be done through the use of password encryption software such as LastPass, (www.lastpass.com) or through specific software supplied by the IT department, or simply by encouraging people to use longer sentence strings that have meaning only to them.

Password security is a necessity. Most people would never leave their homes or cars unlocked when leaving for work in the morning, and they are unlikely to leave the door-key and alarm code under the doormat. Increased sophistication in the creation and maintenance of passwords is a small price to pay for increased security not only on a personal level, but on a global one as well.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

The Internet of illness

The Internet of illness

The Internet of illness The number of postings about IoT solutions has continued to rise. It is a wave that hasn’t crested yet. I’ve posted several here on CloudTweaks as have a number of other authors. IoT topics from the industrial use, to what IoT is going to change around the world. It got me…

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent The massive AWS re:Invent show this week in Las Vegas is a celebration of cloud computing. What was formerly debatable is now inevitable: the world is moving to cloud. Amazon’s annual cloud revenues of about $7 billion, combined with an estimated $5 billion annual run rate by competitor Microsoft Azure, and the odd…

On-Premise VoIP vs The Cloud

On-Premise VoIP vs The Cloud

Modern Day Phone Systems The jargon in the business phone system industry is enough to make even the most tech-savvy entrepreneur’s head spin. However, if we cut through all the strange wording and focus on the features that make each system unique, we can develop enough of an understanding to make a well-informed decision for…

How Your Business Can Overcome Its Fear of BYOD

How Your Business Can Overcome Its Fear of BYOD

Overcoming BYOD Fear While the popularity of the remote workforce has been on the rise, more and more people are returning to the office to work out of fear that their business data isn’t secure, according to a Neustar report. A whopping 83 percent of respondents are worried about the security of their files, and 27…

4 Things To Know Before Virtualizing Your Desktops

4 Things To Know Before Virtualizing Your Desktops

Forrester Research: The Keys to a Successful Deployment Desktop virtualization projects are transformational. They can dramatically minimize IT costs while better empowering workers with more ubiquitous access to the applications and data they need to be productive. In fact, according to recent research by Forrester, worker productivity when working remotely across multiple devices, increased 51%…

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Tackling Complex IT Challenges Sponsored by Hybrid IT: The Next Evolution in Enterprise IT, NetApp and Verizon. Today’s sophisticated business environment demands a dynamic and robust IT infrastructure which is a far cry from the closed, controlled environments that most IT departments were created to handle. A hybrid IT infrastructure, drawing services from multiple cloud-based…

Featured Sponsored Articles
The Benefits of Cloud-Based Phone Systems

The Benefits of Cloud-Based Phone Systems

Cloud-Based Phone Systems This article has been sponsored by RingCentral, provider of state-of-the-art cloud infrastructure. Although today’s businesses rely on a host of modern technology, the century-old telephone call is as essential as ever. Of course, businesses today aren’t relying on simple analog voice calls for effective interaction with partners, suppliers, colleagues, and customers, but…

Featured Sponsored Articles
Working With Cloud White Label Partners

Working With Cloud White Label Partners

Cloud White Label Services Sponsored by CloudMGR The benefits of consolidating your cloud to one of the giants such as AWS, Microsoft Azure, and Google Cloud are improving as competition increases, with pricing wars between the service providers meaning better savings for businesses utilizing these services, and an abundance of features at user fingertips as…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor