No Username or Password… No Wishes!
By Theon Alleyne, CRCP, CCEP , USA Senior Managing Consultant,IBM
Apparently 8.4 Billion passwords were revealed on a hacker forum. The implications are endless. Attackers can simply conduct Brute Force tactics to compromise reused passwords on different sites. Reputable data leak checkers like “Have I Been Pwned” can help, but a better course of action is utilizing a combination of a strong password or a password manager. CyberNews
๐๐ข๐ง๐ ๐ญ๐ก๐ ๐assword
There are a lot of challenges that come with managing passwords.
The matter is critical for network access in organizations.
Why?
As I said before, the human is the weakest link in the cyber security chain. The good news is that there is no host delightfully saying โGood Byeโ.
With so many accounts to log into, password fatigue sets in quickly. It is important to resist the urge to use common, easy to remember passwords, across multiple sites.
I understand that it reduces stress, but the consequences and cost may go well beyond $1 million.
Here are some actions you can take to protect your companyโs devices or accounts from unauthorized access.
โ๏ธ Don’t write down your passwords on a paper very close to the device you work on.
โ๏ธ Don’t use the same passwords across multiple platforms.
โAdd complex words to your passwords.
โUse passwords managers to record your passwords so you have to think too much to recall them.
๐๐ฉ๐๐ง Sesame !
James Howells, a British IT worker, and Stephan Thomas from San Francisco, wish they could say Open Sesame to get back their fortunes.
Thomas has his fortune in a Bitcoin wallet that holds 7,002 Bitcoin, but he canโt remember the password.
Howells believes his 7,500 bitcoins are on a hard drive in a UK landfill and wants permission to open up the rubbish heap so he can try a different type of mining.
Together almost half a billion dollars is at stake.
Both of these situations speak to the need for exchanges that can hold digital keys securely, and withstand attacks.
Thomas claims he lost the paper where he wrote down the passwords for his IronKey.
IronKey is like a Genie that grants ten wishes/guesses, before going poof! Thomas has two guesses left.
Here are two keys to keep in mind, to secure your digital wallet.
First, enable passwords on your digital device before use, and apply the layers of security provided by the device.
Second, create a password that is unique to you, for your digital wallet, and be sure it is an easily- remembered, yet hard-to-guess password.
Most important, donโt lose your device or password.
ย Bad passwords
Haven’t you learnt anything about using “123456” as passwords?
It is terrible how people ignore good advice.
Password Manager, NordPass reported that a staggering 2.5million number of people still use “123456” as their passwords this year.
If it is way for you, itโs super easy for the bad actors.
The UK National Cyber Security survey in 2019 revealed that 23.2 million people still use “123456” as their passwords, 7.7 million people use “123456789” and 3.6 million people use “password” as their passwords.
We can do better than allowing the bad actors to crack our passwords.
When you want to create strong passwords, avoid using names of football clubs, musicians, dictionary words, number combinations, fictional characters, strings of adjacent keyboard, repetitive characters, your date of birth, phone number or name.
Instead use a combination of upper and lower- case letters including numbers and symbols, make it longer to up to 12 characters or more and never reuse passwords across multiple accounts.
Do you know anyone with an easy password?
๐๐ซ๐ ๐ฒ๐จ๐ฎ๐ซ ๐๐ ๐ ๐ฌ ๐ข๐ง ๐จ๐ง๐ ๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐๐ฌ๐ค๐๐ญ?
Bad actors just place our Facebook account details on the open market for FREE.
Yes, this is the information you had to give Facebook to get an account. And n
ow itโsย
all up for grabs … phone numbers, Facebook IDs, full names, locations, birthdates, bios, and maybe, email addresses.
Here are three quick things to consider to protect yourself from fraud and cyber threats.
1. Create a social media email address that is different from your personal or business email.
2. Where possible use a free web phone number like Google Voice for your Social Media account.
3. Change your Social Media password every time you change your business password.
๐๐ถ๐๐ฎ๐ฏ๐น๐ฒ ๐ฑ๐ฒ๐ณ๐๐ป๐ฐ๐ ๐ฎ๐ฐ๐ฐ๐ผ๐๐ป๐๐….
The recent hack into Colonial Pipeline Co. โColonialโ is a clear example of why
multi-factor authentication must be used to protect online access.
Investigations into the attack revealed that the hackers gained entry into the network through a virtual private network โvpnโ account. VPNโs allows employees to remotely access the company’s computer network.
Interestingly, the hackers used a defunct account that was not disabled.
Further, investigators noted that password a for the inactive account was also discovered in a batch of leaked passwords on the dark web.
What this means is that, an employee may have used the same password on another account that was previously hacked.
The good news is that US Government has recovered more than half of the of $4.4 million ransom Colonial paid to regain access to itโs network.
Colonial was fortunate.
What would happen to the reputation of your financial institution, if it was hacked?ย
๐ฆ๐๐ผ๐ฝ ๐ด๐ฟ๐ฎ๐ป๐๐ถ๐ป๐ด ๐ฎ๐ฝ๐ฝ๐ ๐ฝ๐ฒ๐ฟ๐บ๐ถ๐๐๐ถ๐ผ๐ปย to use accessibility services.
Yes, write it down. โ๏ธ
Always deny requests for accessibility services.
Do you know that any app approved for accessibility services to your device, can take over your device? ๐ง
Which means the game you downloaded can cause the funds in your bank account to disappear. Poof! ๐จ ๐ฅฒ
Also of note…..
Mobile security analysts been found apps on both Google and Apple stores claiming to be helpful utilities, that can scan your device and tell you when updates to chrome, WhatsApp, PDF reader or other apps are available.
In fact, McAfee research revealed that these apps are used to install fake updates that take over a smartphone or tablet and download malware in order to steal the user’s bank account passwords. ๐ฆ
So, before downloading apps, research the developerโs information to see if you find online complaints.
An app available on Google or Apple stores does not mean it is 100% safe.
Currently he is currently working as Senior Managing Consultant at IBM . Previously he has held positions as Executive Director J.P. Morgan, Examination Manager ,Financial Industry Regulatory Authority (FINRA) andPrincipal Investigator at NYSE.
His area of expertise liesin process, policies, and procedures improvement. He has Led Technical implementation of software to enable Financial Crimes Compliance and Fraud Detection and Mitigation.
He is passionate about social justice and survival issues.
Mr. Theonis Master of Public Administration - Inspector General Program (Inspection and Oversight), BSc Criminal Justice , Certified Regulatory & Compliance Professional (FINRA Institute at Wharton) Securities Law and Securities Regulation and Certified Ethics and Compliance Professional.
- Phishing is not done at sea - April 13, 2023
- No Username or Password… No Wishes! - April 13, 2023
- Compliance is Not the “Bogeyman” - January 28, 2021
Stay connected