Password Security – You Need To Care

April 22, 2011

TOAST.net recently began requiring our customers to use a minimum 8 character password due to security enhancements we’re implementing. When contacting our users that were sporting such classic passwords as “ abc123 “, “ fred “, or my favorite: “ none “, I was a bit surprised at some of the responses we were receiving.  People seem to be reluctant to choose a better password for strange reasons:

  • I’ve been using the same password for years!
  • I can’t remember another password!
  • I don’t care about my password, there’s nothing important in there anyway!

I thought I would take some time to explain why password security is critical on any Internet account, despite it’s importance.

With Great Power Comes Great Responsibility

 

The Internet is a powerful tool.  Any person can say anything and interact with anyone, anywhere.  The more it’s used, the more seemingly unrelated items get tied together.  Most don’t realize this…they just check their email , see if anyone posted anything funny on Facebook , maybe play a quick game of FarmVille, and then go about their business.

 

 

Now, let’s set up a scenario where an evil hacker cracks your email password of “ qwerty “, then logs into your email account:

 

    1. With access to your email account, the hacker can learn your name via your email settings, and then find your Facebook account.
    2. Next, the hacker can request a password reset on Facebook, and have the confirmation sent back to your email account.
    3. The hacker can then gather personal information from your Facebook profile.
    4. With access to Facebook, the hacker can get to your FarmVille account.  If you’ve ever made a purchase in the game, information on your payment methods will be available.  This may reveal what bank you use, partial account numbers, names and billing addresses on your credit card, etc.
    5. Finally, the hacker can contact your bank pretending to be you and request your online bank password be reset.  The reset password is sent to the email account, and a spending spree commences.

 

In five steps, our resourceful hacker person gained access to your bank account due to a weak password.  It’s almost like playing Six Degrees of Kevin Bacon with your bank account.  Granted this is an extreme case, but some version of it happens thousands of times a day to people with weak passwords.  Leaving poor safeguards on any Internet account invites abuse.

 

They’ll Never Figure This One Out!

A lot of people I know picture Internet hackers as fat kids with pimples and glasses, wearing a black concert t-shirt and tapping away cryptic codes while swigging Mountain Dew.  Yes, 20 years ago that might have been the case (I don’t think I wore black concert t-shirts though).  Today’s hacking crowd is a much more sophisticated and greedy bunch.  Often they’re groups based out of chaotic areas like Nigeria, China, and Russia, and if they’re attacking someone’s account, there’s a payoff attached to it.  These guys know a thing or two about human behavior and computer practices, and if you fall into their guidelines, you’re vulnerable.  How do they “guess” passwords for accounts?  There’s many different techniques:

 

Social Engineering-   One of the top ways of getting you password stolen is caused by you giving it  to the hacker.  Those seeking your password might find it on a piece of paper you have on your desk, or even going as far as going through garbage bins and dumpsters to find login information.  Sometimes they’ll even find personal information about you to guess potential passwords.  If they see a website that lists your daughter’s name as “Samantha”, they may try variations of that name to gain access.

 

Intercepting Data- A keylogger is a small program that gets installed on your computer and records your keystrokes.  These are then sent to hacker’s computer, and they’ll be able to see anything you typed.  These programs can be installed via “trojans”, or programs masquerading as legitimate software.

Cracking – Cracking involves trying to guess a password by using common words, phrases, and names.  More sophisticated attacks involve using “brute force” software.  This involves using a program that generates every possible combination of letters, numbers, and characters.  Passwords with names and words found in the dictionary are usually found rather quickly, while capital letters, numbers, and special characters add complexity.  With enough time, any password can be discovered with this method, but every character added can change the cracking time from hours to weeks.

Theft- If your password is secure, that doesn’t mean that the sites that require it are secure.  Hackers often target corporate databases to gain usernames and password for accounts.  Cracking a database often has a large payoff, but also has the most risk of being caught.

 

Password Recovery –  People have a hard time remembering their passwords, and rely on password recovery systems frequently.  Unfortunately these are a weak link in website security.  If an email account is compromised, any site that sends a “reset your password” link to your email account is also vulnerable.

 

Put Some Muscle In Your Passwords

OK, you’re now convinced that you need to use more secure passwords, but how?  Simply changing your password from “ dave123 ” to “ dave1234 ” isn’t going to cut it, so you’ll want to follow these quick tips to keep prying eyes out of your business:

  • Your password should be a minimum of 8 characters in length.  Ten or more is even more preferable.  The longer the password is, the longer it will take to crack it.
  • Add complexity.  Common words and names can be quickly found with brute force attacks.  A way to make easy to remember passwords is to start with a name or word you’re familiar with, add at least one capital letter, then substitute numbers or symbols for one or more letters.  For example:  “ dave12345 ” is not a strong password, but “ d@V3!2345 ” is excellent.
  • Change your passwords every few months.  If you use the same password over and over, it makes it more likely that someone will find it.
  • Try to use unique passwords for every site.  You can make small changes in your current password to make it easy to remember.  Make a system to remember these changes.  For example, you could type a capital A in front of your password if using Amazon.com, a W if logging into WordPress, a B if logging into your bank, etc.
  • Be private!  Don’t write your passwords down, as this invites problems.  Also don’t type while someone is looking over your shoulder- especially you hunt and peck types that make it easy to see what you’re typing.
  • Be cautious about typing your password into a computer that does not belong to you.  Make sure there are no “save password” features turned on when using a foreign computer.  Also be sure to sign out of anything you sign into.

 

This  should minimize the possibility of your accounts being compromised.  It’s also important to run excellent AntiVirus software on your computer to prevent keyloggers and other types of programs that can collect personal data.  One compromised account can bring down your house of cards, but keeping your information secure is your ace in the hole.

 

New Business Broadband Plans!

By Mike Pawlecki March 31, 2021
TOAST.net is excited to offer 4 new Business Broadband plans

New Fiber for Business Plans!

By Mike Pawlecki March 11, 2021
TOAST.net is excited to announce 3 new Business Fiber Plans

New Residential Fiber Plans!

By Mike Pawlecki January 12, 2021
TOAST.net has added two new residential Fiber Internet plans!

Switch to Universal Pricing

By Mike Pawlecki August 14, 2020
This coming Monday, Aug. 17th, we will be switching to universal pricing -- one price for all DSL speeds (around $65) and one price for Fiber (around $90). So if anyone is thinking they could use one of our basic service plans, now's the time to order. For example:  DSL - 12 Mbps for $43.95/month - Great for seniors on a fixed income. Plenty of speed for surfing the web, checking email, and streaming for 1 or 2 TVs. Fiber - 60 Mbps for $45.00/month - Awesome solution for just about any household. Note that fiber is a new technology and only about 20% of the country can get it.  Check your address to see what service you qualify for and order by Sunday, 8/16/20! This is your last chance to lock in the speed and price of a great DSL or Fiber plan before they are grandfathered! 
Google Meet for your home or office.

Google Meet

By Mike Pawlecki May 20, 2020
Google Meet is now free for everyone. Check out TOAST.net's blog that tells you more about Google Meet usage at your home or office.

Work from Home (part 2)

By Mike Pawlecki May 1, 2020
Google - Meet Meet is video conference software, similar to Zoom. To help businesses, schools, and people around the world navigate remote life, Google is making Meet free for everyone with availability rolling out over the coming weeks. See Google's blog post for details. SolarWinds - Take Control You may need to run applications off your PC or server at the office. In that case, SolarWinds makes makes an easy-to-use application that allows home users to remote desktop to their PC in the office. It's secure and doesn't require special hardware, a static IP, or VPN. We're offering this software free of charge for 90 days. Please contact us if interested.

Work from Home

By Mike Pawlecki March 20, 2020
This week we've taken quite a few calls from companies asking how their employees and staff can work from home (WFH). We're happy to offer several WFH solutions to help organizations mitigate health risks to employees and customers. TOAST.net understands how important it is to keep your employees connected, productive, and safe during this unprecedented pandemic. Here are the services we have to help your business through this difficult time : Business Portal is a 'home page' for your browser that improves communication and efficiencies within your organization. It's a private Intranet that features company news, announcements, links to vendors and cloud apps, an employee schedule, and more! We offer this at no charge to our customers. Visit https://start.toast.net Google's G Suite - TOAST.net is an authorized reseller of G Suite, a cloud-based collaboration tool featuring Email, Calendar, Chat, Hangouts (video conferencing), and Drive. You can create files, documents, spreadsheets, and presentations with just your browser (no software to install) and share these with fellow workers, customers, and vendors. More info Remote Desktop - an easy-to-use application that allows home users to connect to PCs in the office. It's secure and doesn't require special hardware or a static IP. We're offering this free of charge for 90 days. High-speed Internet for Home - We provide residential Cable, DSL, and Fiber Internet service . So you can pay for your employee's Internet connection on your business invoice. Please contact us if you're interested in any of these services. B est wishes to everyone to stay healthy, safe, and upbeat as we socially distance ourselves for a quick end to this situation. Note: Our customer support team continues to work their regular hours. We operate support teams in multiple locations and, while there may be some disruption at certain locations for a limited time, overall we do not expect any significant change in access to support.

Cut The Cord With Unlimited Data

By TOAST.net Internet January 28, 2019
In the month after Christmas, we’ve seen a high demand for our Internet service with unlimited data. Much of it is from people wanting to use their new streaming device (Fire Stick, Roku, Chromecast, Apple TV, etc.) to cancel their expensive cable TV service. This is commonly referred to as “cutting the cord.”

Fiber Expansion

By TOAST.net Internet December 17, 2018
TOAST.net is pleased to announce fiber Internet service in 12 new metro areas:

Start Page Updates

By TOAST.net Internet December 12, 2018
Moved Facebook link from top bar to the Popular Sites section. Added Yahoo Finance to the Personal Finance section. Yahoo Finance is one of the largest business news web sites in the United States by monthly traffic.
More Posts