Set strong passwords

Setting strong passwords for all of your devices is essential. Your passwords should be unique and complex, containing at least 12 characters along with numbers, symbols, and capital and lowercase letters. Changing your passwords regularly — and never sharing or reusing the same password — will help prevent hackers from figuring them out.

Additional device controls are firmware passwords. These are hardware passwords that help prevent others from using your computer. While disk encryption prevents cyberthieves from accessing information stored on your device, firmware passwords protect your hardware by preventing your machine from being rebooted or reset without your password.

Don’t be silly

Stay away from the obvious. Never use sequential numbers or letters, and for the love of all things cyber, do not use “password” as your passwordCome up with unique passwords that do not include any personal info such as your name or date of birth. If you’re being specifically targeted for a password hack, the hacker will put everything they know about you in their guess attempts.

  • Make it long. This is the most critical factor. Choose nothing shorter than 15 characters, more if possible.
  • Use a mix of characters. The more you mix up letters (upper-case and lower-case), numbers, and symbols, the more potent your password is, and the harder it is for a brute force attack to crack it.
  • Avoid common substitutions. Password crackers are hip to the usual substitutions. Whether you use DOORBELL or D00R8377, the brute force attacker will crack it with equal ease. These days, random character placement is much more effective than common leetspeak* substitutions. (*leetspeak definition: an informal language or code used on the Internet, in which standard letters are often replaced by numerals or special characters.)
  • Don’t use memorable keyboard paths. Much like the advice above not to use sequential letters and numbers, do not use sequential keyboard paths either (like qwerty). These are among the first to be guessed.

The revised passphrase method

This is the multiple word phrase method with a twist — choose bizarre and uncommon words. Use proper nouns, the names of local businesses, historical figures, any words you know in another language, etc. A hacker might guess Quagmire, but he or she would find it ridiculously challenging to try to guess a good password example like this:

QuagmireHancockMerciDeNada

While the words should be uncommon, try to compose a phrase that gives you a mental image. This will help you remember.

To crank it up another notch in complexity, you can add random characters in the middle of your words or between the words. Just avoid underscores between words and any common leetspeak* substitutions. (*leetspeak: an informal language or code used on the Internet, in which standard letters are often replaced by numerals or special characters.)

The sentence method

This method is also described as the "Bruce Schneier Method." The idea is to think of a random sentence and transform it into a password using a rule. For example, taking the first two letters of every word in “The Old Duke is my favorite pub in South London” would give you:

ThOlDuismyfapuinSoLo

To anyone else, it’s gobbledygook, but to you it makes perfect sense. Make sure the sentence you choose is as personal and unguessable as possible.

Use multi-factor authentication

Two-factor or multi-factor authentication is a best practice that offers an additional layer of protection. Two-factor authentication usually requires you to submit your password and username along with, say, a unique code that is sent to your cell phone. This may be all that is needed for some systems, but multi-factor authentication adds additional layers of security with the use of biometrics, like facial or fingerprint recognition, to make it harder for hackers to gain access to your device and personal information.

At Integritechs, we’ve been utilizing multi factor authentication(MFA or 2FA) for a long time for our administrative accounts and other accounts that require a stronger level of protection against unauthorized access. In the past few years, this standard has gone from a need on things like bank accounts and accounts with full access to sensitive information to an absolute necessity for nearly all accounts as evidenced by even companies such as Yahoo! (mostly personal email access) encouraging MFA because they understand the associated risks that even unauthorized access to personal emails can pose major threats to personal identity information(PII) and the intellectual properties of small and mid-sized businesses.
Hackers use intelligent tools and software to scrape exposed personal data from social media and personal emails to infiltrate organizations of all sizes. Understanding that this is a real and present risk to businesses, we are aggressively advocating MFA as a solution for all businesses. We understand that adding layers of security can also add layers of complexity. This awareness has caused us to look at a large variety of solutions and ultimately to use a common set of tools and resources to engineer a solution that is both extremely secure AND simple to use. It is critical to insure that businesses keep up with security requirements to mitigate risk while not incurring additional layers of security.
If you are even the least bit curious about how we accomplish this, I’d be more than happy to explain it in a layman’s terms level of detail to help you understand the true value and critical importance of exploring your options for doing this now. We’ve seen the damage done to businesses first hand, when their IT “guy” or service doesn’t address security based on today’s challenging environment and the results can be simply devastating to a business. I’ll stop short of pleading with you, but if you're interested in a solution that makes your business more secure and access actually easier, please feel free to reach out to me directly with no obligation to take any action whatsoever.