Securing Your Passwords and Physical Devices
Part of securing your passwords is understanding how they become compromised. Two of the most frequent ways passwords are compromised is through Brute-Force attacks and data breeches. In a Brute-Force attack, hackers are using a systematic plan to check all possibilities until the correct one is found. If a hacker knows that the site requires a minimum of 8 characters and requires the use of both alphabetical and numeric characters they will start with those parameters. This is not done by hand. They write programs to do the dirty work.
So how do you defeat attacks like this?
First don’t make it easy on the attacker. Never do the bare minimum. If a site requires a minimum of an 8 character password with at least one number: abcdefg1 is not a good password. Sure it meets the site’s requirements, but a Brute-Force attack will have that password in no time. So how should you craft your password? The best passwords are a minimum of 16 characters and include a combination of uppercase and lowercase letters, as well as numbers, symbols and spaces.
Of course, there’s a problem with having strong passwords, they are impossible to remember. Using a plugin like LastPass can help you safely store passwords, but what you should have enabled, on all of your logins that include the feature, is two-factor authentication. Two-factor authentication will require you to also enter a code that’s sent to you, typically to you via text message, before allowing you access. As you read that you may think to yourself, what a pain that extra step creates, but what you’re doing is preventing someone else to access you account. Even if your bank password has been acquired through a Brute-Force attack or is part of one of the numerous database breeches, the moment your username and password are entered the hacker will be prompted with the send a code link. Well what do they do send the code to you, so you know something is wrong, or just give up there? Chances are they give up.
If you are unfamiliar with two-factor authentication here is a how to guide to setup two-factor authentication on many of the most popular sites.
So now your passwords have been changed, you’ve installed a secure password manager and setup two-step authentication on all sites that have that functionality, but what about the security of your physical devices?
BitLocker is an encryption program for your Windows laptops and desktops. BitLocker can be used to encrypt your hard drive and it provides some protection from unauthorized system changes like from firmware-level malware. The standard version of Windows does not include BitLocker so you would need a Professional or Enterprise version of Windows.
You will also need a hard drive with a least two partitions and a Trusted Platform Module (TPM). Not all motherboards support the Trusted Platform Module. If you are purchasing a new desktop or laptop make sure to purchase one with a TPM or the ability to add one. A Trusted Platform Module runs checks on your hardware, software and firmware and if it detects an unauthorized change your computer will only boot into a restricted mode, thereby protecting the data.
BitLocker should be added to any and all business computers that handle sensitive client data or other privileged information. Laptops may be the most vulnerable as many business professionals travel with their laptops leaving them at a greater risk of having their device.