A Reminder From Yahoo: Change (And Improve) Your Passwords

A Reminder From Yahoo: Change (And Improve) Your Passwords

YahooLogo

On January 31, 2014, Yahoo announced that a major theft of mail account passwords had compromised an “ undisclosed number” of accounts. Writing from the Yahoo Tumblr blog, senior vice president in charge of Yahoo’s platforms and personalization products, Jay Rossiter, pointed out the attack was a result of a third-party database being compromised, and not from Yahoo’s own systems directly. In addition to explaining the steps Yahoo was taking to protect its members, Mr. Rossiter reiterated the importance of individuals adopting better password security habits as a general rule.

Such password thefts have become a regular occurrence, and often happen when thieves discover a weakness in the overall system – anything from a misplaced laptop to a weak password owned by a system administrator.

In January 2013, for example, a number of US banks suffered a cyber-attack known as a “Distributed Denial of Service (DDoS)“, in which zombie computers repeatedly and continually connected to the banks’ websites many times a second, making them inoperable to any other users. In the case of the bank attack, the technicians from security firm Incapsula [www.incapsula.com] were able to detect it and close it down before any damage was done. In tracking its source, they found that the DDoS instructions were relayed to a number of infected computers – the type that many millions of people use every day – through an innocent small business website located in England, and an overly simple password, “admin” was at the root of the problem. Click here to read the full CloudTweaks article.

With technology getting increasingly more sophisticated and instantaneous, it remains a permanent horserace between those who wish to use the Internet for business, entertainment and life, and those who wish to use it to create destruction, or to fuel crime. To the bad guys, everything is an opportunity. Consider online payments, for example. Most ordinary online consumers, when preparing to pay with their credit card, carefully check to ensure the presence of the “https://” marker at the beginning of a page’s address, which signifies sufficient encryption, and they then carefully type their credit card number into the panel reserved for just such a purpose.

Bad guys, however, see that credit card number window as something much more: it’s an open channel to a much bigger matrix. By entering a different set of code into that same space, they are able to convince the computers on the other side that they should be let in to distribute their payload. It’s known as an SQL injection. Where most people see a single-purpose form, they see a doorway. That is the difference, and it is something that must remain top of mind for all managers, not just those in IT. Passwords, much like bicycle locks, tend only to keep the good guys and amateur thieves away.

This doesn’t mean that average people are without resources, but it does mean that additional effort must be expended to make hacking more difficult, as thieves, by nature always seek the easiest route. One of the best ways to do this is to make passwords more difficult for them to guess. The most common password in use in offices across the country is still the word “password,” and the next most popular is “123456.”

People generally find it annoying to have to remember many dozens of passwords. They find it even more annoying to have to change them regularly, and even more annoying when the password requires complicated combinations of letters, words and punctuation. However, regular change, and complicated strings are essential. It makes no sense to use easily-guessed passwords such as your child’s name, or easily-deduced challenge/answer questions such as “what is your mother’s maiden name,” since these facts can be easily looked up online.

As a manager it is essential to encourage all staff – including system admins – to create passwords that are extremely difficult to crack, and which are not left lying around. This can be done through the use of password encryption software such as LastPass, (www.lastpass.com) or through specific software supplied by the IT department, or simply by encouraging people to use longer sentence strings that have meaning only to them.

Password security is a necessity. Most people would never leave their homes or cars unlocked when leaving for work in the morning, and they are unlikely to leave the door-key and alarm code under the doormat. Increased sophistication in the creation and maintenance of passwords is a small price to pay for increased security not only on a personal level, but on a global one as well.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

Comic
In The Fast Lane: Connected Car Hacking A Big Risk

In The Fast Lane: Connected Car Hacking A Big Risk

Connected Car Hacking Researchers and cybersecurity experts working hard to keep hackers out of the driver’s seat. Modern transportation has come a million miles, and most all of today’s vehicles are controlled entirely by digital technology. Millions of drivers are not aware that of the many devices in their digital arsenal, the most complex of…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

Building a Data Security Strategy – More Important Than Ever

Building a Data Security Strategy – More Important Than Ever

Data Security Strategy Article sponsored by SAS Software and Big Data Forum Security and privacy have been an integral concern of the IT industry since its very inception, but as it expands through web-based, mobile, and cloud-based applications, access to data is magnified as are the threats of illicit penetration. As enterprises manage vast quantities…

Pitney Bowes Selects Aria Systems for Billing on the New Commerce Cloud

Pitney Bowes Selects Aria Systems for Billing on the New Commerce Cloud

Top-Ranked Cloud Billing Company Enables Greater Speed and Frictionless Billing for Unparalleled Customer Experience San Francisco, CA – August 23, 2016 – Aria Systems, which helps enterprises grow subscription and usage-based revenue, today announced that Pitney Bowes has selected Aria’s cloud-based monetization platform as the key billing and monetization component of their new Commerce Cloud…

The Golden Age of Wearable Technology

The Golden Age of Wearable Technology

The Golden Age One of the biggest fads in the technology sector right now is wearable tech. From Smartwatches that let you check your emails, chat with friends and search the web, to fitness accessories that monitor your heart rate and your sleep patterns, this is truly the Golden Age of wearable technology. But some…

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Speed, flexibility, and innovation require multiple cloud services As businesses seek new paths to innovation, racing to market with new features and products, cloud services continue to grow in popularity. According to Gartner, 88% of total compute will be cloud-based by 2020, leaving just 12% on premise. Flexibility remains a key consideration, and…

What You Need To Know About Choosing A Cloud Services Provider

What You Need To Know About Choosing A Cloud Services Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a…

Get Ready For Virtual Reality and the Cloud

Get Ready For Virtual Reality and the Cloud

Virtual Reality Cloud We’re lucky to live in an era where virtual reality is no longer relegated to the confines of a sci-fi movie universe. Thanks to technology introduced by products like Oculus Rift, consumers now have access to virtual environments with fully immersive graphic capabilities. As a result, companies have only just begun to…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Benefits A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and…

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses…

How Big Data Is Influencing Web Design

How Big Data Is Influencing Web Design

How Big Data Is Influencing Web Design For all you non-techies… You’re probably wondering what big data is (I know I was….a few years back) so let’s get the definitions out of the way so we’re on the same page, okay? Big data is A LOT of data – really, it is. It is a…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

Infographic: The Evolving Internet of Things

Infographic: The Evolving Internet of Things

Evolving Internet of Things  The Internet of Things, or IoT, a term devised in 1999 by British entrepreneur Kevin Ashton, represents the connection of physical devices, systems and services via the internet, and Gartner and Lucas Blake’s new infographic (below) explores the evolution of the IoT industry, investigating its potential impact across just about every…