Password strength and security
Posted: 30 Sep 2021, 15:48
As the folks that do the Fantasy Football will no doubt have seen the email they have sent out that a small number of their accounts have been compromised. (Please note: no accounts here on Heartland have been breached.) I thought it might be a good idea to remind everyone about password best practice.
1) Use a different password for each site.
This might sound like a complete pain in the you-know-where but if the database of just one site is breached and your username and password are on there*, then online criminals will try to use that combination wherever they can. It might not be the end of the world if a hacker gains access to your Heartland account, but if they get into your paypal, it's a different matter.
(* Note that if the website is properly designed then even if the database is breached your password cannot be retrieved from it. Unfortunately many websites are not properly designed.)
2) If the site supports it, use two-factor authentication.
Most online banking sites use this: there's a further step than the usual username/password; either there's a code they send you via SMS or something similar; even if a criminal has the login details for your account they're unlikely to also have access to your phone.
3) Don't use passwords that are actual words.
Not even if you do "clever" letter substitution. P4$$w0rd is just as vulnerable to the "dictionary attack" as password is. Even good old correct horse battery staple isn't safe these days.
4) IMO your best bet is to use a password manager.
I use KeePass - it generates and saves passwords for all your needs.
I'm going to leave this as an open thread if anyone else has any thoughts.
1) Use a different password for each site.
This might sound like a complete pain in the you-know-where but if the database of just one site is breached and your username and password are on there*, then online criminals will try to use that combination wherever they can. It might not be the end of the world if a hacker gains access to your Heartland account, but if they get into your paypal, it's a different matter.
(* Note that if the website is properly designed then even if the database is breached your password cannot be retrieved from it. Unfortunately many websites are not properly designed.)
2) If the site supports it, use two-factor authentication.
Most online banking sites use this: there's a further step than the usual username/password; either there's a code they send you via SMS or something similar; even if a criminal has the login details for your account they're unlikely to also have access to your phone.
3) Don't use passwords that are actual words.
Not even if you do "clever" letter substitution. P4$$w0rd is just as vulnerable to the "dictionary attack" as password is. Even good old correct horse battery staple isn't safe these days.
4) IMO your best bet is to use a password manager.
I use KeePass - it generates and saves passwords for all your needs.
I'm going to leave this as an open thread if anyone else has any thoughts.
