D219 Cyber Security: Credentials

Before the digital age, privacy and security simply involved locking up documents and valuable information inside locked file cabinets that were kept inside locked rooms inside locked buildings surrounded by locked gates guarded by security guards.  Today, these file cabinets may have been replaced by computers that is locked inside a room inside a locked building surrounded by locked gates guarded by security guards. But these computers are connected to an interconnected world where every second intruders are constantly poking and prodding to get access to these digital valuables.

The physical file cabinets may have required your key to get access but losing the key still required multiple layers of security to get access to the physical cabinet.  On the other hand, our credentials is the virtual key to whatever we need to keep private and safe but unfortunately most likely these credentials are the only layer of security for these digital valuables.

So like keeping our house keys or car keys safe from getting lost or stolen, we must also practice digital common sense to do the same with our credentials.

It is important that the password used in any account be as strong as possible to minimize the likelihood that the password can be guessed or hacked.  The password should contain each of these criteria:

1. At least 8 characters
2. At least 1 lower and upper case letters [ a-z A-Z ]
3. At least 1 number [ 0-9 ]
4. At least 1 symbol [ !@#$%^&*-+... ]

Most password hacks use a method called a brute-force hack.  This type of hack uses a dictionary of words and phrases to try login to accounts. So the best way to limit this type of hack is to stay away from common words and phrases. By using characters beyond the alphanumeric character set, a hack  will also be required to to use a larger array of options when trying to guess the password.

Read more about creating a strong password and securing your account

Beyond not giving out your username and password, there are other ways to protect and manage your passwords. A common is to use a password manager such as Lastpass, Keeper, and Dashlane. These managers store your username and password for a particular account. When you want to login to that account, it will insert your stored username and password on the associated account login form. These managers may be free and have some premium features such as sharing, unlimited accounts, and support. You can get a list of these managers through these PCMag articles: Premium | Free. Google also provides a free password manager.

Another way to authenticate without having to remember multiple account logins is to utilize the third party authentication method. The most common are Facebook, Google, Microsoft, or Twitter. Instead of typing your username and password to login to an account, some websites will have buttons for these third party accounts to use to login:

Keep from reusing passwords when changing on the same account as well as using the same password on multiple accounts. If you use the same password on an account that gets hacked, that info will be available and can potentially be used to login to other accounts with the same password. Google's password manager will warn you when you use the same password on more than one account. 

Multi-factor authentication is another layer of protection for when logging into an account.  The most common are:

1. Biometric
2. Email/Phone 2-auth
3. Dongle key device

The biometric authentication uses your physical features to recognize you. The fingerprint, face, and eye are very unique to each person and so these are used as the physical features.
Another secondary authentication uses a mobile device to send you a code or an alert to verify that it is you requesting access.