A Reminder From Yahoo: Change (And Improve) Your Passwords

A Reminder From Yahoo: Change (And Improve) Your Passwords

YahooLogo

On January 31, 2014, Yahoo announced that a major theft of mail account passwords had compromised an “ undisclosed number” of accounts. Writing from the Yahoo Tumblr blog, senior vice president in charge of Yahoo’s platforms and personalization products, Jay Rossiter, pointed out the attack was a result of a third-party database being compromised, and not from Yahoo’s own systems directly. In addition to explaining the steps Yahoo was taking to protect its members, Mr. Rossiter reiterated the importance of individuals adopting better password security habits as a general rule.

Such password thefts have become a regular occurrence, and often happen when thieves discover a weakness in the overall system – anything from a misplaced laptop to a weak password owned by a system administrator.

In January 2013, for example, a number of US banks suffered a cyber-attack known as a “Distributed Denial of Service (DDoS)“, in which zombie computers repeatedly and continually connected to the banks’ websites many times a second, making them inoperable to any other users. In the case of the bank attack, the technicians from security firm Incapsula [www.incapsula.com] were able to detect it and close it down before any damage was done. In tracking its source, they found that the DDoS instructions were relayed to a number of infected computers – the type that many millions of people use every day – through an innocent small business website located in England, and an overly simple password, “admin” was at the root of the problem. Click here to read the full CloudTweaks article.

With technology getting increasingly more sophisticated and instantaneous, it remains a permanent horserace between those who wish to use the Internet for business, entertainment and life, and those who wish to use it to create destruction, or to fuel crime. To the bad guys, everything is an opportunity. Consider online payments, for example. Most ordinary online consumers, when preparing to pay with their credit card, carefully check to ensure the presence of the “https://” marker at the beginning of a page’s address, which signifies sufficient encryption, and they then carefully type their credit card number into the panel reserved for just such a purpose.

Bad guys, however, see that credit card number window as something much more: it’s an open channel to a much bigger matrix. By entering a different set of code into that same space, they are able to convince the computers on the other side that they should be let in to distribute their payload. It’s known as an SQL injection. Where most people see a single-purpose form, they see a doorway. That is the difference, and it is something that must remain top of mind for all managers, not just those in IT. Passwords, much like bicycle locks, tend only to keep the good guys and amateur thieves away.

This doesn’t mean that average people are without resources, but it does mean that additional effort must be expended to make hacking more difficult, as thieves, by nature always seek the easiest route. One of the best ways to do this is to make passwords more difficult for them to guess. The most common password in use in offices across the country is still the word “password,” and the next most popular is “123456.”

People generally find it annoying to have to remember many dozens of passwords. They find it even more annoying to have to change them regularly, and even more annoying when the password requires complicated combinations of letters, words and punctuation. However, regular change, and complicated strings are essential. It makes no sense to use easily-guessed passwords such as your child’s name, or easily-deduced challenge/answer questions such as “what is your mother’s maiden name,” since these facts can be easily looked up online.

As a manager it is essential to encourage all staff – including system admins – to create passwords that are extremely difficult to crack, and which are not left lying around. This can be done through the use of password encryption software such as LastPass, (www.lastpass.com) or through specific software supplied by the IT department, or simply by encouraging people to use longer sentence strings that have meaning only to them.

Password security is a necessity. Most people would never leave their homes or cars unlocked when leaving for work in the morning, and they are unlikely to leave the door-key and alarm code under the doormat. Increased sophistication in the creation and maintenance of passwords is a small price to pay for increased security not only on a personal level, but on a global one as well.

By Steve Prentice

Follow us

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
Follow us

Sorry, comments are closed for this post.

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow usSteve PrenticeSteve Prentice…

Cloud Infographic – Big Data Survey: What Are The Trends?

Cloud Infographic – Big Data Survey: What Are The Trends?

Jaspersoft Big Data Survey Shows Rise in Commitment to Projects and Decline in Confusion Nearly 1,600 Jaspersoft Community Members Participate in Second Jaspersoft Big Data Survey San Francisco, February 4, 2014 – Jaspersoft, the Intelligence Inside applications and business processes, today shared results from its Big Data Survey. Nearly 1,600 Jaspersoft community members responded to…

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts It’s no secret that Cloud Computing is more than just a buzz term as that ship has sailed off a long time ago. More and more companies are adopting the uses and benefits of cloud computing while aggressively factoring cloud services spending into their budget. Included is an excellent…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

Moving From Email Into The Cloud

Moving From Email Into The Cloud

Mobile Collaboration In The Cloud Imagine that you, as a manager, are told by the powers that be that you have to find “efficiencies” within your department that will result in one million dollars of savings annually. You struggle with this. You send an email to everyone on your senior team. “Where can we save…

Sponsors

What Is A Hybrid Cloud?

What Is A Hybrid Cloud?

What Is A Hybrid Cloud? With the emergence of cloud-computing technology comes the addition of new terminology. The terms public cloud and private cloud are reasonably well understood. However, a hybrid cloud can mean different things to different people. Under The Engine Perhaps the best way to define or explain a hybrid cloud is to…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter