Busi­nesses should make se­cure pass­words a pri­or­ity


NEW YORK — It may seem ob­vi­ous: Com­pa­nies’ com­put­ers, mo­bile de­vices and ac­counts need se­cure pass­words. But many small busi­ness own­ers don’t take the time to ed­u­cate staffers about these very ba­sic forms of cy­ber­se­cu­rity. And staffers may not know that their pass­words could be eas­ily guessed by hack­ers and cy­berthieves.

When­ever there’s news of a data breach at a big com­pany, or peo­ple hear of a friend’s email be­ing hacked, many com­puter users re­al­ize they need to change their pass­words. It’s a good start, but not enough. A study by re­searchers at Vir­ginia Tech’s Depart­ment of Com­puter Sci­ence found that it’s fairly easy to guess how peo­ple mod­ify their pass­words af­ter a breach. The re­searchers used a com­puter pro­gram that was able about half the time to fig­ure out what a new password was based on an ex­ist­ing one. A cy­berthief could also use such a pro­gram. So, own­ers who want to in­crease their cy­ber­se­cu­rity need to not only ask em­ploy­ees to change their pass­words, but to also come up with en­tirely new ones — chang­ing a password like “aard­vark123” to “aard­vark124” isn’t se­cure.

But new pass­words can also be prob­lem­atic. Com­pa­nies that make password pro­tec­tion soft­ware pe­ri­od­i­cally re­lease lists of the most com­mon pass­words and they in­clude “123456” and “qw­erty,” the let­ters in the top left-hand cor­ner of a key­board.

The IRS ad­vises com­puter users to get cre­ative and do a lit­tle free as­so­ci­at­ing. For ex­am­ple, think of a series of items like those in your liv­ing room and cre­ate a password out of them. The IRS came up with Blue Couch Flower Bam­boo. The Depart­ment of Home­land Se­cu­rity has a list of tips for cre­at­ing pass­words that can be given to em­ploy­ees — own­ers can down­load it from the agency’s web­site at https://bit.ly/2dhCdH7 .

Cy­ber­se­cu­rity ex­perts ad­vise against us­ing the same password — or guess­able vari­a­tions of one password — for mul­ti­ple ac­counts and de­vices. Em­ploy­ees may balk at hav­ing to re­mem­ber dif­fer­ent pass­words, but keep­ing track of them can be sim­pli­fied with password man­age­ment soft­ware. It’s a bad idea for staffers to keep printed lists of their pass­words in their desks.

Own­ers who want to step up their se­cu­rity should con­sider mul­ti­fac­tor au­then­ti­ca­tion.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.