Tag Archives: privacy

Must Read!! Build Stronger Passwords NOW.

23 Oct

Our posts on password security span the entire period of our (Evans on Marketing) existence. In each case, our goal is for you to build stronger passwords NOW. Today’s post is a MUST READ.

These are some of our prior posts. They are presented in reverse chronological order. Password security is not a new or recent concern!!

 

Old Rules to Build Stronger Passwords

For years, experts (including us) have stressed these “rules” for strong passwords. Many of them still make sense. Yet, further password security is needed!

Aside: Too few of YOU even use these tips.

Evans on Marketing: Tips for Behaving Safely Online (2012) — “What makes a good password. (a) Don’t use your name or combinations of it. (b) Use at least 6 to 8 characters. (c) Include at least one letter, number, and symbol. (d) Don’t use one password for all accounts. If one is hacked, then … .”

Microsoft: Create a Strong Password  (2017) –“Strong passwords help prevent unauthorized people from accessing files, programs, and more. It should be hard to guess or crack. A good password is at least 8 characters. The password doesn’t contain your user name, real name, or firm name. It is quite different from previous passwords.  You use uppercase and lowercase letters, numbers, and symbols. It doesn’t contain a complete word.”

Google Account Help: Creating a Strong Password (2017)  — “To keep safe, act on these tips. Use a unique password for each important account. Use a mix of letters, numbers, and symbols. Don’t use personal information or common words. Make sure your backup password options are up-to-date and secure.”

Guidry Consulting: How To Create Strong Passwords (2017) — “Strong passwords must be not in use on any other system. They must be changed regularly. The passwords must be 12 characters or more. They must mix upper- and lowercase letters, numbers, and symbols. The passwords must not be common words or proper nouns. And they must not be names of your spouse, kids, pets, or other personal identifiers.”

Click the image to read more from Guidry Consulting.

Build Stronger Passwords NOW. Must Read!! Tech Tips on password protection.

 

Why Old Password Rules Aren’t Enough Today

Look at why old password rules are not enough.

Auth0: Don’t Pass on New NIST Password Guidelines (2017) — “The NIST drafted new rules  to protect digital identities, published in June 2017. Substantial changes have been made since the National Institute of Standards and Technology’s 2013 report. Many concern passwords. The NIST advises dropping password complexity rules. It suggests new encryption standards. And it wants multi-factor authentication for sensitive information.”

Build Stronger Passwords NOW. Must Read!! NIST Digital Identity Guidelines.

Click the image to access NIST SP 800-63-3

 

According to Auth0, “Conventional wisdom says password complexity is good. But in reality, complex passwords can do harm. Making users’ lives easier ensures stronger passwords. A big problem for users is remembering passwords. So, they make them simple. And they re-use them. In 2016, Experian found Millennials averaged 40 services registered to one E-mail account, and only five distinct passwords.  In response, some firms have required a number, or symbol, or capital letter to make passwords harder to decrypt. BUT, an earlier study found users simply capitalized the first letter and added a “1” or “!” to the end. This made the password no harder to crack. Any [decent] password cracker knows these patterns. When required to use numbers, 70% of users on rockyou.com (which contained user info for social networks) added numbers before or after their password.”

Fortune reports that the creator of many old rules has changed his mind (2017) — The man responsible for the requirement that passwords include letters, numbers, and special characters is walking back that advice. ‘Much of what I did [for the NIST in 2003], I now regret,’ Bill Burr told the Wall Street Journal. He added that the recommendation led to complicated passwords. A re-write of ‘Special Publication 800-63’ now suggests that users create passwords with long, easy-to-remember phrases. And they should not be forced to change passwords as often. “

 


 
 

MUST READ: NEW Rules to Build Stronger Passwords Now

This section has a synopsis of new password advice. It includes an infographic by Evans on Marketing. It ties together tips from various sources.

XeusHack: Choosing a Strong Password in 2017 (2017) —  “Password strength is a measure of password effectiveness to resist guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker would need, on average, to guess correctly. The strength of a password depends on length, complexity, and unpredictability. You must learn how passwords work, how possible attacks to break them work, and how to choose a strong password that won’t break.”

Lifewire: 5 Steps to a Good Password (2017) — “There is no such thing as a perfect password. A committed hacker can crack any password, with the right tools. But if the protection is strong enough, the hacker may become discouraged and give up before the protection fails. We suggest a password with 3 qualities. (1) It is neither a proper noun nor a word in the dictionary. (2) It is complex enough that it resists repetition attacks. (3) It is intuitive enough that you can still remember it.”

 

Click the infographic to see a larger version of our password tips.

Must Read!! Build Stronger Passwords NOW. This infographic gives up-to-date password tips for Web site developers and us as Internet users.
 

MUST READ: Using a Password Manager

What is a password manager? Why should we use one as our best line of defense?

Webroot gives a good overview on this topic:

“How can we create and remember so many unique passwords? The best solution today is a password manager. It offers both convenience and security. Password managers come as lightweight plugins for Web browsers such as Google Chrome or Mozilla Firefox. First passwords are saved in an encrypted database. Second, your credentials are automatically filled in.”

“The major benefit of a password manager is that you need to remember a single master password. This allows you to use unique, strong passwords chosen for each of your online accounts. Just remember one strong password. The manager will take care of the rest.”

Take a look at this video from Vox.

In alphabetical order, these are four popular password managers. NOTE: Both LastPass and KeePass have free versions!

 

Unfriend Social Media Content?

19 Oct

As we have noted before, we spend lots of time on social media. And sometimes, we commit blunders! So here’s a question for you. Should YOU unfriend social media content?

Consider these prior posts: Do You Protect Your Reputation?   Social Media Policy for Employees.   Does Social Media Use Harm Your Career?   Don’ts for Businesses on Social MediaWhat People Want from Brands On Social Media.

 

Unfriend Social Media Content? TMI

Sometimes, we realize as soon as we hit the enter key that we should not have posted certain content. Other times, we may not know that our content is improper until someone points that out. Still other times, we never recognize that we have improper content. In those instances, no one points it out to us. And this can be a BIG problem if a potential employer sees improper content. It may be even worse if our present employer notices such content.

Trend Micro is a leader in secure content and threat management. Its headquarters are in Tokyo. The firm operates in more than 30 countries around the globe. The Security Intelligence Blog represents the official blog of TrendLabs, the research, development, and support arm of Trend Micro. “Researchers, engineers, and other experts in various security threats work 24 hours a day, seven days a week to deliver solutions to the plethora of threats that confront users and businesses on a daily basis.”

One TrendLabs blog post covers the risk of placing content on social media. The infographic focuses on the risks of social media content. “You have the right to remain private. Anything you post can and will be used against you.” The infographic includes Facebook, Google +, LinkedIn, Mixi (from Japan), Pinterest, Sina Weibo (from China), Tumblr, and Twitter. Click the infographic for a larger view.

 

Unfriend Social Media Content? TMI: Too Much Information on social media.
 

YOU: Act Secure Online

13 Oct

Hacking and identity theft make us vulnerable in shopping with a credit or debit card. Whether in a store, over the phone, or online!! So, we need to do all we can to protect ourselves. You: act secure online.

We have discussed security before. For example: Cybercrime Costs How Much?    Ransomware — What Can YOU Do?    Online Security. And consider this about password security:

“Do you have only one password for all accounts? Do you use only lower-case letters in your passwords? Do you enter your password when the URL begins with http (rather than https)? If you answered yes to one or more of these questions, you are leaving yourself wide open to identity theft and the hacking of your personal information.”

 

YOU: Act Secure Online

According to Sainsbury’s Bank:

“Shopping online can be fun and convenient. But are you doing all you can to keep yourself and your family safe on the Internet? Do you know how to keep your credit card secure in shopping online? Is your card registered for added security measures such as Verified by Visa, MasterCard secure, or American Express SafeKey?”

“We’ve put together 10 steps for safe online shopping below, along with how to stay safe using mobile devices and Wi-Fi. We’ve also included tips on what to do if you encounter any illegal activity.”

 

YOU: Act be safe online. Hacking and identity theft make us more vulnerable than ever when we shop with a credit or debit card — whether in a store, over the phone, or online. So, we need to do all we can to protect ourselves.
 

Will Companies Be Ready for Europe’s General Data Protection Rule?

22 Jun

In the United States, consumer privacy rules are not as strong as they are in other areas of the world. Recently, the U.S. Congress voted to overturn a pending regulation that would require Internet service providers (ISPs) to obtain people’s permission before selling their data about them. President Trump then signed the rollback.

As reported by NPR.org:

“The reversal is a victory for ISPs, which have argued that the regulation would put them at a disadvantage compared with so-called edge providers, like Google and Facebook. Those firms are regulated by the Federal Trade Commission and face less stringent requirements. ISPs collect huge amounts of data on the Web sites people visit, including medical, financial, and other personal information. The FCC regulation would have required ISPs to ask permission before selling that information to advertisers and others, a so-called opt-in provision.”

In contrast to the U.S. approach to privacy, Europe has a sweeping new regulation that will take effect in May 2018. It will have an impact on companies based anywhere, including the United States.

Brian Wallace, reporting for CMS Wire, describes the General Data Protection Rule (GDPR), thusly. Be sure to read the material highlighted:

“The European Parliament passed the General Data Protection Rule (GDPR) in April 2016. The law is one of the most sweeping privacy laws protecting citizens ever to be put on the books, and is scheduled to take effect on May 25, 2018. One of the most misunderstood things about this law is that it covers EU citizen data, no matter which country the company using it is located. This means that any company in the world that stores EU citizen protected data has less than a year to come into compliance with the GDPR.

According to the GDPR’s Web site, “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy. The GDPR protects personal data and sensitive personal data. This includes: sensitive data: name, location, identification numbers, IP address, cookies, RFID info; and sensitive personal data: health data, genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation.

 

Take a look at the following infographic from Digital Guardian to learn more! Click the image for a larger version.


 

%d bloggers like this: