CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

YahooLogo

A Reminder From Yahoo: Change (And Improve) Your Passwords

YahooLogo

On January 31, 2014, Yahoo announced that a major theft of mail account passwords had compromised an “ undisclosed number” of accounts. Writing from the Yahoo Tumblr blog, senior vice president in charge of Yahoo’s platforms and personalization products, Jay Rossiter, pointed out the attack was a result of a third-party database being compromised, and not from Yahoo’s own systems directly. In addition to explaining the steps Yahoo was taking to protect its members, Mr. Rossiter reiterated the importance of individuals adopting better password security habits as a general rule.

Such password thefts have become a regular occurrence, and often happen when thieves discover a weakness in the overall system – anything from a misplaced laptop to a weak password owned by a system administrator.

In January 2013, for example, a number of US banks suffered a cyber-attack known as a “Distributed Denial of Service (DDoS)“, in which zombie computers repeatedly and continually connected to the banks’ websites many times a second, making them inoperable to any other users. In the case of the bank attack, the technicians from security firm Incapsula [www.incapsula.com] were able to detect it and close it down before any damage was done. In tracking its source, they found that the DDoS instructions were relayed to a number of infected computers – the type that many millions of people use every day – through an innocent small business website located in England, and an overly simple password, “admin” was at the root of the problem. Click here to read the full CloudTweaks article.

With technology getting increasingly more sophisticated and instantaneous, it remains a permanent horserace between those who wish to use the Internet for business, entertainment and life, and those who wish to use it to create destruction, or to fuel crime. To the bad guys, everything is an opportunity. Consider online payments, for example. Most ordinary online consumers, when preparing to pay with their credit card, carefully check to ensure the presence of the “https://” marker at the beginning of a page’s address, which signifies sufficient encryption, and they then carefully type their credit card number into the panel reserved for just such a purpose.

Bad guys, however, see that credit card number window as something much more: it’s an open channel to a much bigger matrix. By entering a different set of code into that same space, they are able to convince the computers on the other side that they should be let in to distribute their payload. It’s known as an SQL injection. Where most people see a single-purpose form, they see a doorway. That is the difference, and it is something that must remain top of mind for all managers, not just those in IT. Passwords, much like bicycle locks, tend only to keep the good guys and amateur thieves away.

This doesn’t mean that average people are without resources, but it does mean that additional effort must be expended to make hacking more difficult, as thieves, by nature always seek the easiest route. One of the best ways to do this is to make passwords more difficult for them to guess. The most common password in use in offices across the country is still the word “password,” and the next most popular is “123456.”

People generally find it annoying to have to remember many dozens of passwords. They find it even more annoying to have to change them regularly, and even more annoying when the password requires complicated combinations of letters, words and punctuation. However, regular change, and complicated strings are essential. It makes no sense to use easily-guessed passwords such as your child’s name, or easily-deduced challenge/answer questions such as “what is your mother’s maiden name,” since these facts can be easily looked up online.

As a manager it is essential to encourage all staff – including system admins – to create passwords that are extremely difficult to crack, and which are not left lying around. This can be done through the use of password encryption software such as LastPass, (www.lastpass.com) or through specific software supplied by the IT department, or simply by encouraging people to use longer sentence strings that have meaning only to them.

Password security is a necessity. Most people would never leave their homes or cars unlocked when leaving for work in the morning, and they are unlikely to leave the door-key and alarm code under the doormat. Increased sophistication in the creation and maintenance of passwords is a small price to pay for increased security not only on a personal level, but on a global one as well.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
The Lighter Side Of The Cloud - New Delivery System
startup tech comic series
The Lighter Side Of The Cloud - NYSE
The Lighter Side Of The Cloud - Identity Theft
The Lighter Side Of The Cloud - Overeating
Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...
The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy As you would expect, for any business to achieve successful growth and meet its objectives, it must ...
Legal Tech - How to Create Long-Term Growth for Your Practice

Legal Tech – How to Create Long-Term Growth for Your Practice

Legal Tech Your Practice Your law firm is a business. Like all businesses, growth and profitability is paramount. You want ...
Google Cloud Platform: Enabling APIs

Google Cloud Platform: Enabling APIs

Enabling Google APIs The Google Cloud Platform is a comprehensive tool that helps companies manage their IT resources. Completing software ...
My Fascination with Amazon Go

My Fascination with Amazon Go

Amazon Go Recently, Amazon unveiled the world’s first completely self-service, no checkout, grocery store — and it’s really captured the public’s imagination. Lines ...
Critical Success Factors when shifting Workloads into the Cloud

Critical Success Factors when shifting Workloads into the Cloud

Shifting Workloads into the Cloud By 2020, 92 percent of all workloads will reside in the cloud. Yet challenges remain ...
15 Promising Cloud-Based Video Conferencing Services

15 Promising Cloud-Based Video Conferencing Services

Cloud Video Conferencing Services We have put together a compilation of some of the best cloud based conferencing services for businesses. The cloud video conferencing services market is expected to reach US$ 6.40 Billion by 2020 from the current $3.31 ...
Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor is best known for its candid, honest reviews of employers written anonymously by employees. It is now common practice and a good idea for anyone considering a position with a new employer to check them out on Glassdoor first. With ...
10 Prototyping Tools To Help Build Your Startup

10 Prototyping Tools To Help Build Your Startup

Prototyping Tools We are continuing this week by focusing on startup tools, tips and tweaks that will help you build, design, manage and market your way into the cloud based business that you want to be. Last week we offered a ...
Machine Learning Open-Source Tools

Do More With Machine Learning Thanks to These 6 Open-Source Tools

Machine Learning Open-Source Tools We are in the middle of a machine learning, AI and big data renaissance — at least, that’s what we’re calling it. Seemingly everyone is interested in this technology these days, and for a good reason ...
Leading Programming Languages - TIOBE Index for July 2018

Leading Programming Languages – TIOBE Index for July 2018

Last month we announced that TypeScript entered the TIOBE index top 100 for the first time. TypeScript appears to keep growing in popularity. This month it entered the top 50. TypeScript is slowly becoming the new and improved JavaScript. One ...
Load Testing Tools

Load Testing Tools

Provided is a short list of load testing tools which will test server and application resistance and certainly valuable in order to help test and tweak your company's infrastructure ...