How secure is your password! We live in a digital age, where our lives have intertwined with technology on a molecular level, everything we do, see or listen is now assisted, enhanced or produced by this very technology, and we derived our digital self with it. Even though the creation of digital version of us was a involuntary by-product of this revolutionary progress, a lot of us never got the chance to prepare or even understand the threat it poses not only to our digital version but as far reaching as our real lives. Digital footprint is the trace you leave when you are navigating the internet, from social media posting, filling out forms online, email, texting, and other usual activities. These activities are used to create a bread crumps leading back to your digital information which in turn allows access to your banking information, social security information and much more. Most of the website (social media, banking, and other sites), are required by the law to protect your personal information and have placed some security safeguards to protect it e.g. Encryption, hashing. One of the most common way to secure your account you will find in almost every website is login portal (the combination of your username and password to access the website). Even though most website provide good sanitation and logic in this process the weakness of this process lies at the user front. We have discussed this in our blog about “Complexity brews insecurity”, TLDR version, more complex the system is more vulnerabilities it present, and in this situation if the user is given an option of choosing a task, the user will inclined towards the easier task. This is specially evident with passwords as we can see from the survey conducted in 2018 by “Bilendi on behalf of European Email Services Company” 1,050 people in the UK ,64% people use the same password for some or even all online accounts, while only 21% uses different password for each account. and 21% of total uses personal information as password. Which make sense, with website implementing good password policy (Password policy is the minimum requirement of combination and length of letters, numeric and symbols to create a password), people would gravitate towards using the same password which they created over coming all the restrictions posed by the password policy.
Survey of 1,050 People Conducted by European Email Service Different Password Each Time Not Specified Something Else Sentence Method Lengthy Random Letters Uses Random Numbers Uses Personal Information 0
5
10
15
20
25
The Problem, If one of your account is compromised, all of them are compromised. There are multiple ways a password can be attacked, here we are focusing on the brute force technique. Brute force means trying all the possible combinations of password until the computer guesses the right one, fortunately the encryption techniques evolved along the computer processing capabilities thus brute force takes unreasonably long to break good passwords, but if you include your personal information in the password this could be used in the brute force to exponentially decrease the time require to guess your password. The following is an online tool which would give you an estimated time a computer would take to break your password. (Keep in mind here personal information is not used and the exponential decrement is not factored in) www.howsecureismypassword.net
The Recommendation, Is an obvious one to use a good password, but isn’t the adherence to complete the password policy is the part of the policy? It’s a rhetorical question, we need to shift our perspective and realize that the computer can not comprehend the meaning behind the password you choose, everything is turned into 1s and 0s e.g. Password and P@ssw0rd might look the same to our eyes but its completely different for a computer, so if we are able to incorporate a habit of substituting some letters for symbols or numbers it increases the strength of password by tens or hundred folds, you can try using the online tool in real time. This solves our complexity issues, what about the length of the password, is it possible to solve that issue? Again, a rhetorical question, passphrase is the solution, instead of thinking of a super complex word, try using a sentence, phrase or even a haiku e.g. Myp@ssw0rd1ss3cur3. This makes it easy to remember and secure at the same time achieving the balance between complexity and security.
The Takeaway, The system will always be as secure as its weakest link and most of the time humans represent that link, security awareness is the key to make that link secure and dependable, for more dependable insights into the world of information security visit our blog at www.savassociates.ca www.socassurance.ca
ABOUT SAV SAV is a full-service CPA Firm (Accounting, Tax, Consulting and Cyber Advisory), with offices in Toronto, Ontario and Edmonton, Alberta. SAV was established in 2013 and is licensed to Practice Accounting in Ontario and Alberta. SAV is a boutique alternative for IT advisory services, assurance, accounting, tax, and business consulting needs. SAV provides wide spectrum of services including but not limited to audit, reviews, tax services, risk advisory services, IT advisory services to small and medium sized businesses.
SAV specializes in providing consulting & professional services with a unique focus on Information Security Advisory including Threat Risk Assessment, Vulnerability Assessment and Penetration Testing, SOC1, SOC2, and Cyber Security Audits, Risk Management and Compliance, Business Consulting and Advisory Services, Accounting Advisory Services, Financial Statement Audits, Business and Personal Taxes Our consulting team and associates have extensive experience undertaking complex security assessments and implementation within private and government sectors. SAV currently has a team of 10 members which includes 2 Partners and 8 staff members. We have an impeccable record of delivering on time and on-budget and exceeding our clients’ expectations. We are proud to say we have substantial client reengagement during our history. Our commitment to building our brand is to ensure we maintain long term relationships with the clients with our investment in our experience, services, and independence.
[Published: 2020]