Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Minimizing Fraud Procedures

Protect your passwords until there is something better

by Kylene Casanova

Eventually, many years henceforth, our digital identity will be protected by three-factor authentication - a knowledge factor ("something the user knows", e.g. password), a possession factor ("something the user has", e.g. a mobile phone), and an inherence factor ("something the user is", e.g. fingerprint) - but until then you need to survive the extreme vulnerability of passwords.

Mat Honan, from the Wired web-site, who lost his digital life when his ID was hacked and destroyed including family photos just everything, developed the following list of what to do 'To survive the password apocalypse':

DON’T

  • Reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.
  • Use a dictionary word as your password. If you must, then string several together into a pass phrase.
  • Use standard number substitutions. Think "P455w0rd" is a good password? N0p3! Cracking tools now have those built in.
  • Use a short password—no matter how weird. Today's processing speeds mean that even passwords like "h6!r$q" are quickly crackable. Your best defense is the longest possible password.

DO

  • Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it's better than nothing.
  • Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a "Camper Van Beethoven Freaking Rules."
  • Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
  • Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that's a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn't tied to your name—like m****n@wired.com—so it can't be easily guessed.

Source & Copyright©2013 -  Mat Honan, Wired

Sound advice from a man who lost everything.

Like this item? Get our Weekly Update newsletter. Subscribe today

Add a comment

New comment submissions are moderated.