CLOSING ENTRY: Where it all begins

Carl Mazzanti//June 13, 2022

CLOSING ENTRY: Where it all begins

Carl Mazzanti//June 13, 2022

An effective cybersecurity plan begins with a secure password. That may sound simple, but achieving it takes some steps. To understand why, we have to peel back some layers.

First, a good, strong password is important because it helps to ensure that the only people who can access your account and data are those authorized to do so. Passwords (which are best used in tandem with MFA, or multifactor authentication — more about that in a minute) are the most common means of authentication, but they are only effective if they are complex and confidential.

Unfortunately, many business owners use passwords that are based on their personal information because they are easy to remember. But that also makes it easier for an attacker to crack them. Typical passwords involve family names and birthdays. Consider a typical four-digit PIN, or Personal Identification Number. Yours may be a combination of the month, day, or year of your birthday, or it may contain your address or phone number. But think about how easy it is to find that information.

To create a strong password, instead of “softball,” for example, use “IlTpsB” for “[I] [l]ike [T]o [p]lay [s]oft[b]all.”
Other people use a word that can be found in the dictionary, but that may be susceptible to “dictionary attacks,” where hackers use sophisticated software with a large number of pre-selected words and phrases in a bid to guess passwords based on common words or phrases. Some individuals think that intentionally misspelling a word (like “daye” instead of “day”) can help, but a better approach is to utilize a series of words, linked together by memory techniques or mnemonics.

For example, instead of the password “softball,” use “IlTpsB” for “[I] [l]ike [T]o [p]lay [s]oft[b]all.” And interspersing lowercase and capital letters adds another layer of protection; modifying that example to “Il!2pSb.” gives you a password that’s not found in any dictionary.

Best practices, however, call for using the longest password or passphrase permissible (generally from eight to 64 characters). For example, “Pattern2baseball#4mYmiemale!” would be a good one because it has 28 characters and includes upper and lowercase letters, numbers, and special characters.

Once you’ve developed a strong password, it is tempting to reuse it. But do not, because that endangers your accounts. If attackers do guess the password, they would have access to your other accounts that use the same password. That is why it is important to develop unique passwords for each of your accounts.

“But I have a lot of accounts — how can I remember complex passwords for each one?” is a common question. FOGLO (Fear Of Getting Locked Out) due to too many failed sign-in attempts is a valid concern, and that is where a password manager can help.

A password manager is basically a software application — like ITGlue, or Passportal’s N‑able, for example — that is designed to store and manage online credentials and generate passwords, which are usually stored in an encrypted database that itself is locked behind a master password. This means a user only has to remember a single (effective) password. Entering that unlocks a password digital vault — and from there a user can retrieve whatever specific password is needed.

Whenever you create a new account, a password manager will ask if you want to use an auto-generated password. These are long, alphanumeric, randomly generated and highly resistant to hacker guesses. Still, remember that a powerful password is a good first line of defense, but it should be reinforced by MFA, which is another vital cybersecurity tool.

It is not an either-or choice. Multifactor authentication adds another layer of protection to the sign-in process by sending a user an additional identity verification, like scanning a fingerprint or entering a code received by mobile phone or other device. You can think of it as wearing a seat belt and a shoulder belt. Either one is good, but using both is better.

The digital world offers many benefits, but there are also plenty of bad actors lurking about. Strong passwords, password managers, and MFA can help to keep them out of your domain.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.