PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses the importance of creating and using strong passwords – including a look at some of the techniques that cybercriminals rely on – to help us all better understand what’s behind the ‘why’ and ‘how’ of a process that’s easier than you might think (or keep track of).

By David Dungan

One of your friends just invited you to use a new app for an online group chat. You download the app, boot it up, and you’re required to (quickly) set up an account.

In doing so, you create a password, but it doesn’t necessarily meet all of the requirements that it should; it needs a unique combination of numbers, capital letters, special characters, and what feels like 27 slaps of the keyboard to get through all of the instructions and the “free trial”. Of course, you manage to clear all of the hurdles and, soon after that, you’ve added it to an ever-growing list of passwords that, some days, are more than a bit of a challenge to manage.

Yet, as difficult as it can be, strong passwords exist to protect your accounts, as well as your personal and financial information. Having a strong password isn’t arbitrary, it keeps you and those closest to you secure. Fully 70 percent of weak passwords can be cracked in less than one second by hackers using simple brute force attacks. And, once they’re in, they’ll have access not only to your information, but any friends you’ve talked with on those chat apps or any connections you’ve made could be susceptible to malware like worms via your account.

So, how does one make a strong password? To figure that out, we need to look at what hackers use to break through weak passwords. Hackers will try and take advantage of the following weaknesses:

• Commonly used passwords – Be sure to stay away from “password123” or “Pa$$w0rd” or anything resembling a common word. Also, avoid using the name of the service in your password. Hackers may have programs that try these commonly used options first, making your password one of the weakest links in a brute-force attack.
• Short passwords - It’s a good idea to create and use passwords that are longer than eight characters. Hackers have brute-force algorithms that will try every single combination of characters. With each character you add, you significantly increase the number of combinations, making it harder to break through. It can certainly make a difference; a complex 12-character password takes 62 trillion times longer to crack than a six-character password.
• Bland passwords - Use more than just letters and numbers. Hackers can customize their brute-force algorithms to only use letters, or only use letters and numbers, etc. If you pull from letters, numbers, and special characters, hackers will have to try more possibilities.
• Repeated passwords - Avoid using the same password across multiple sites. If your social media platform gets compromised and hackers have access to that password, they will try it with your username across other platforms.

In addition to stronger passwords, consider using a password manager, as it can help by taking off the weight of memorizing all of your passwords while, at the same time, keeping that information secure.

You can also use multi-factor authentication (MFA), whenever possible, as it adds a layer of security that will help protect you.  MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the account, as well as your device, network, or database.

Using these tips will provide you with a greater peace of mind and whenever you’re online, it’ll provide you – and your friends, family and even your co-workers – an opportunity to experience more of the fun we’re supposed to have, especially when we’re on social media or catching up on the world around us!