Today everything is online, and currently, most websites and portals still rely on a username and password for authentication. Even when complex passwords are required, passwords can be a vulnerability to you unless you take certain precautions. This blog post is not about creating complex passwords, not using repeating passwords, and not about using personal information to create passwords. Everyone is aware of these tips, and yet passwords are still a vulnerability.
Most people have 15+ online accounts, and that should mean that you have 15 different complex passwords that you have to remember. This can be frustrating and causes people to write them down, store them in OneNote, or in an excel file which only makes having a good password completely useless.
We recommend that you utilize a good password management tool such as Roboform to keep your passwords more secure. With Roboform, you have one complex password to know, and Roboform will protect all of your other accounts. Roboform will run as an add-on to your browser, and you can simply click on it, enter your master password, select the site that you are on, and it will enter your password for you. Each time you click on the application, it will require you to enter the master password, so it keeps others who use your computers from accessing your password list. To protect against the dictionary, brute force, or other attacks, Roboform uses AES256 bit encryption with PBKDF2 SHA256, 4096 iterations. PBKDF2 is a key stretching algorithm used to hash passwords with a salt. Roboform also requires a minimum Master Password length of 8 characters, with a minimum of 4 numeric characters.
Now that you have a good password management tool, you can also get out of the business of trying to create complex passwords. Roboform has a built-in password generator that will use a random hash to generate some very secure passwords for you. Since Roboform is managing your passwords, you don’t have to worry about someone getting ahold of your passwords.
Even when you are using a password generator, you may still be vulnerable to password attacks on shopping websites. Last year there were many companies including Home Depot and Target that had attacks where passwords were stolen. Many websites are beginning to offer 2-factor authentication, and I highly encourage you to take advantage of using this. Two-factor authentication is accomplished when you logon to a website such as Gmail and they send you a code to an email address, or a text to your phone and you have to input that code in the form before you can logon. It does take you a little longer to login to your account, but this is a fairly solid way to prevent others from accessing your account. Even if they have your password, they cannot login without the code that is sent to your device. Nothing is completely secure, but it is much more secure than just using a password.
Thank you for reading our blog, I hope you found it informative. If you need assistance setting up a password management tool, or two-factor authentication, feel free to reach out to us on our website at http://www.hillcountrytechnicalservices.com
HC Technical Team
RoboForm Security. (n.d.). Retrieved from https://www.roboform.com/security