Tag Archives: identity theft

Must Read!! Build Stronger Passwords NOW.

23 Oct

Our posts on password security span the entire period of our (Evans on Marketing) existence. In each case, our goal is for you to build stronger passwords NOW. Today’s post is a MUST READ.

These are some of our prior posts. They are presented in reverse chronological order. Password security is not a new or recent concern!!


Old Rules to Build Stronger Passwords

For years, experts (including us) have stressed these “rules” for strong passwords. Many of them still make sense. Yet, further password security is needed!

Aside: Too few of YOU even use these tips.

Evans on Marketing: Tips for Behaving Safely Online (2012) — “What makes a good password. (a) Don’t use your name or combinations of it. (b) Use at least 6 to 8 characters. (c) Include at least one letter, number, and symbol. (d) Don’t use one password for all accounts. If one is hacked, then … .”

Microsoft: Create a Strong Password  (2017) –“Strong passwords help prevent unauthorized people from accessing files, programs, and more. It should be hard to guess or crack. A good password is at least 8 characters. The password doesn’t contain your user name, real name, or firm name. It is quite different from previous passwords.  You use uppercase and lowercase letters, numbers, and symbols. It doesn’t contain a complete word.”

Google Account Help: Creating a Strong Password (2017)  — “To keep safe, act on these tips. Use a unique password for each important account. Use a mix of letters, numbers, and symbols. Don’t use personal information or common words. Make sure your backup password options are up-to-date and secure.”

Guidry Consulting: How To Create Strong Passwords (2017) — “Strong passwords must be not in use on any other system. They must be changed regularly. The passwords must be 12 characters or more. They must mix upper- and lowercase letters, numbers, and symbols. The passwords must not be common words or proper nouns. And they must not be names of your spouse, kids, pets, or other personal identifiers.”

Click the image to read more from Guidry Consulting.

Build Stronger Passwords NOW. Must Read!! Tech Tips on password protection.


Why Old Password Rules Aren’t Enough Today

Look at why old password rules are not enough.

Auth0: Don’t Pass on New NIST Password Guidelines (2017) — “The NIST drafted new rules  to protect digital identities, published in June 2017. Substantial changes have been made since the National Institute of Standards and Technology’s 2013 report. Many concern passwords. The NIST advises dropping password complexity rules. It suggests new encryption standards. And it wants multi-factor authentication for sensitive information.”

Build Stronger Passwords NOW. Must Read!! NIST Digital Identity Guidelines.

Click the image to access NIST SP 800-63-3


According to Auth0, “Conventional wisdom says password complexity is good. But in reality, complex passwords can do harm. Making users’ lives easier ensures stronger passwords. A big problem for users is remembering passwords. So, they make them simple. And they re-use them. In 2016, Experian found Millennials averaged 40 services registered to one E-mail account, and only five distinct passwords.  In response, some firms have required a number, or symbol, or capital letter to make passwords harder to decrypt. BUT, an earlier study found users simply capitalized the first letter and added a “1” or “!” to the end. This made the password no harder to crack. Any [decent] password cracker knows these patterns. When required to use numbers, 70% of users on rockyou.com (which contained user info for social networks) added numbers before or after their password.”

Fortune reports that the creator of many old rules has changed his mind (2017) — The man responsible for the requirement that passwords include letters, numbers, and special characters is walking back that advice. ‘Much of what I did [for the NIST in 2003], I now regret,’ Bill Burr told the Wall Street Journal. He added that the recommendation led to complicated passwords. A re-write of ‘Special Publication 800-63’ now suggests that users create passwords with long, easy-to-remember phrases. And they should not be forced to change passwords as often. “



MUST READ: NEW Rules to Build Stronger Passwords Now

This section has a synopsis of new password advice. It includes an infographic by Evans on Marketing. It ties together tips from various sources.

XeusHack: Choosing a Strong Password in 2017 (2017) —  “Password strength is a measure of password effectiveness to resist guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker would need, on average, to guess correctly. The strength of a password depends on length, complexity, and unpredictability. You must learn how passwords work, how possible attacks to break them work, and how to choose a strong password that won’t break.”

Lifewire: 5 Steps to a Good Password (2017) — “There is no such thing as a perfect password. A committed hacker can crack any password, with the right tools. But if the protection is strong enough, the hacker may become discouraged and give up before the protection fails. We suggest a password with 3 qualities. (1) It is neither a proper noun nor a word in the dictionary. (2) It is complex enough that it resists repetition attacks. (3) It is intuitive enough that you can still remember it.”


Click the infographic to see a larger version of our password tips.

Must Read!! Build Stronger Passwords NOW. This infographic gives up-to-date password tips for Web site developers and us as Internet users.

MUST READ: Using a Password Manager

What is a password manager? Why should we use one as our best line of defense?

Webroot gives a good overview on this topic:

“How can we create and remember so many unique passwords? The best solution today is a password manager. It offers both convenience and security. Password managers come as lightweight plugins for Web browsers such as Google Chrome or Mozilla Firefox. First passwords are saved in an encrypted database. Second, your credentials are automatically filled in.”

“The major benefit of a password manager is that you need to remember a single master password. This allows you to use unique, strong passwords chosen for each of your online accounts. Just remember one strong password. The manager will take care of the rest.”

Take a look at this video from Vox.

In alphabetical order, these are four popular password managers. NOTE: Both LastPass and KeePass have free versions!


YOU: Act Secure Online

13 Oct

Hacking and identity theft make us vulnerable in shopping with a credit or debit card. Whether in a store, over the phone, or online!! So, we need to do all we can to protect ourselves. You: act secure online.

We have discussed security before. For example: Cybercrime Costs How Much?    Ransomware — What Can YOU Do?    Online Security. And consider this about password security:

“Do you have only one password for all accounts? Do you use only lower-case letters in your passwords? Do you enter your password when the URL begins with http (rather than https)? If you answered yes to one or more of these questions, you are leaving yourself wide open to identity theft and the hacking of your personal information.”


YOU: Act Secure Online

According to Sainsbury’s Bank:

“Shopping online can be fun and convenient. But are you doing all you can to keep yourself and your family safe on the Internet? Do you know how to keep your credit card secure in shopping online? Is your card registered for added security measures such as Verified by Visa, MasterCard secure, or American Express SafeKey?”

“We’ve put together 10 steps for safe online shopping below, along with how to stay safe using mobile devices and Wi-Fi. We’ve also included tips on what to do if you encounter any illegal activity.”


YOU: Act be safe online. Hacking and identity theft make us more vulnerable than ever when we shop with a credit or debit card — whether in a store, over the phone, or online. So, we need to do all we can to protect ourselves.

Do YOU Trust Companies with Your Personal Data?

20 Apr

We know that there have been incidents of stolen data around the world. These are involuntary hacks of our personal information. So, how do we feel about voluntarily sharing our information with companies? Many of us are rather reluctant to share more personal data due to concerns about identity theft, access to private information, and more.

As reported by eMarketer:

“A Pew Research Center report published in January 2017 found that only 14% of US consumers felt ‘very confident’ about entrusting companies/retailers with their data. Almost the exact same number said they were not at all confident.”



Ransomware: A NOT So Humorous Look

15 Feb

As we’ve reported before, the ransomware threat has many negative effects. Ransomware “is malware. The hackers demand payment, often via Bitcoin or prepaid credit card, from victims in order to regain access to an infected device and the data stored on it.” [Ransomware: The Smart Person’s Guide, by James Sanders]

How pervasive is the threat of ransomware in our everyday lives? Check out this rather scary cartoon from Joy of Tech. It was inspired by the recently published Ransomware: Defending Against Digital Extortion by Allan Liska and Timothy Gallo! [Click the image for a larger version of the cartoon.]


%d bloggers like this: