passwords: how to beat the hackers

nine new rules for hack-proof security.

by barry j. friedman, cpa
industrynewsletters

consider all the passwords you use, in your personal and business lives. passwords secure all the resources on your computer and phone — your email and important online accounts.

more hot-button topics for clients: supreme court’s wayfair ruling on sales tax sows more confusion

goprocpa.comexclusively for pro members. log in here or 2022世界杯足球排名 today.

why work on making your passwords stronger?

hackers will attack the low-hanging fruit first.

what attackers will do is steal the storage of passwords on a vulnerable screen. these passwords are encrypted, but with tools like pwdump, airodump-ng and the meterpreter, hackers can take as much time as they need to crack your password.

the best way to make your password less appetizing is to choose a random set of characters in the maximum length your account or system will accept:

  1. the fundamental rule of password cracking is that the longer the password, the longer it takes to crack.
  2. never use dictionary words — it doesn’t take long to test every word and word combination in the dictionary.
  3. brute-force password cracking tries arbitrary sequences of numbers, letters and characters over and over until one matches. to slow hackers down, make certain to use at least one of every character: one lowercase, one uppercase, one number and one special character.
  4. never use just numbers — it makes things way too easy for hackers. since there are only 10 digits (0-9) in our base 10 number system, that’s 10 billion possibilities for brute force — what hackers call child’s play.
  5. change your password often — every three months for online bank accounts and every six months to a year for nonfinancial websites.
  6. by changing passwords periodically, you significantly reduce the chances of someone compromising your account, even if the website/domain has been hacked.
  7. use different passwords on different accounts — if you use the same password on all your accounts, your information is only as secure as the weakest system storing your password.
  8. a hacker may not have any interest in your password on a specific website, but he or she will try it on your bank account, credit card account, email account, and brokerage account. if they’re all the same password, the intruder has struck gold!

here’s what you can do to deter hackers: create a passphrase. a passphrase that’s long and uses all available character types works best. for example, say you like mountain biking and hiking. now, take the phrase and convert it into a single string of uppercase, lowercase, numbers, and special characters: i<3mtnb1k1ng&h1k1ng. it’s critical to intersperse special characters and numbers as well as to use both upper- and lower-case letters.

splitting the password into three chunks reveals what might be remembered as three short pronounceable words. people are better at memorizing passwords that can be chunked either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.

password-thieving hackers are everywhere, and they know that people commonly reuse passwords.

we need different passwords for every site and program we use.

here’s where password management software can come into play: solutions like these are essential for critical business systems. make sure you’re on top of your personal and business passwords.