I could give you a number of reasons why most user password authentications are useless and limited in their security. Let me specify this a little bit better. In most of your medium and large businesses, the System Administrators set strict guidelines for user authentication. In the small business and residential world though, practices of security are in most cases lacking and easy to crack. This is my focus in this article.
When you first purchase a computer, you have to set the username and password (password is optional) of the computer. Doing this prevents someone from accessing your personal information and data LOCALLY meaning, they should be unable to log into your computer to gather this data.
If only it was this simple, on Windows operating system based computers you have many levels of access. You have Guests, Users, Local Administrators, and Domain Administrators. These are pretty standard and basic levels. Guests having the least amount or privaleges and Domain Administrators having the most. For example: Guests do not have the ability to change settings, install/delete software and in some cases, access other computers. Users may not be able to install or delete software/applications, access specific areas and change systems settings.
Think of user levels like this: Your house or apartment that you live in has a lock on the front door as well as many doors within the house with locks. If you have a GUEST that comes to visit you may not give them a key to the house therefore, they only have access to the property the house sits on but not the interior. A USER (person who lives in the home) may have a key to the house and generally has access to all the common areas (living room, dining room, kitchen etc.) but not to the rooms in the house except for there bedroom. This is basically and simply how a windows computer is set up.
Let me ask you a question, if you lose your key to the house, what do you do? You could have a key hidden in the bushes or under the mat. You could call another family member who has a key. You could call a locksmith. You could look for an open window. Again, I light of a windows based computer, this is a good example.
What happens if you forget your user/password combination of your computer? Maybe you wrote this information on a piece of paper and hid it under your desk or made a note in your phone. Maybe one of your family or friends used your computer in the past and they remember this information. You could take it to a computer professional who can run an application to determine your user/password (They have quite a few methods of doing this without logging directly into your computer). They could simply reset your computer to factory defaults losing all your information and data if this information was saved in a backup location.
Based on the examples above, you maybe thinking about now “Okay, so if I lose my login it can be easily fixed.”
What do you store on your computer? Contact information for all your friends and acquintances? User and password logins for other accounts and computers? Do you pay your bills online? Do you do banking online? Do you buy presents and shop for things online? (just to name a few).
So here is where I drop the ball. No matter how secure you think your computer is; No matter how much you think that online banking and billing is secure; No matter how you think your contact information for friends and family isn’t that important and no matter how much you think and friend or family member with access to your information and data won’t…share this information, your information and data are not safe.
Government Law Enforcement agencies reported in 2017 that 47% of small business and home computers users had their identity, financial information and data hacked. 3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more. Unsurprisingly, about 40 percent of those surveyed say they had “a security incident” in the past year, meaning they had an account hacked, password stolen, or were given notice that their personal information had been compromised.
Are you scared yet?
You should be. So, do you want to 100% secure from someone hacking your information and data?
Get rid of ALL your technology and never access the Internet.
That’s pretty hard to do now in this day and age though but it’s possible. If you’re not ready to go to that extreme though. Below I have listed simple and affordable SAFE PRACTICES to reduce your chances of losing it all.
1. DON’T write your user name or passwords down.
2. Create a User Password system. If you remember your system you will remember your login. For example: I would use a backward system. If I needed a password for my bank. I’d use the street and number of the bank as my password. If the bank I was a member of was on 123 Oak street, my password was Kao321.
Now this is just a basic example but one that I remembered and never forgot my password. Again this is just an example of a password system that would not be easy for a hacker to break.
3. DON’T EVER send your username or password in any document, phone, email, chat etc. Just don’t do it. Even if you can verify the recipient on the other end of the communication. NO reputable company or business would ask for this information via the above methods. This goes for account numbers, social security numbers or credit/debit card numbers.
4. NEVER use “Enable Auto Complete” or “Remember my User Name and Password” This information is stored on your computer and is easily hacked.
5. Change your password OFTEN. We all have multiple accounts, logins and sign on. I recommend monthly but weekly wouldn’t hurt either.
6. If you log into a Public Computer (like the library or a friend’s computer) wipe out the Cache. Never assume they do this for you.
7. If you don’t want it stolen, don’t put it on the computer.
8. Be Complicated. Keeping in mind a password security system make your passwords difficult to figure out. A password like ‘Remington1’ or ‘Sadie12@” or ‘Myford#1’ are easy to crack. Use passwords like ‘Reming@1ton’ or ‘Sadie&12” or “MyFordSnum1’ for a simple example. There just harder to figure out. A good format is: ‘ForGed_about1T’, this helps with remembering the password but best practice would be some thing like
‘Targh12*nz!8’ The longer the password the harder to break.
In closing, the best user password combination is one that changes frequently, has no distinctive characters, is at least 8 characters but the more the merrier. Password creators are good and work off random generation of permissible letters, numbers and symbols. Another safe system is Biometric (reading of facial features, fingerprints or retina. These pose different problems though, one this article is not going to address.
Some systems use a three (3) step system with the last step being a text to your device with the time based final authorization characters. This is a expensive system to run.
Please understand, I am not trying to invoke fear or apprehension. These are real issues though. Again, it’s safe to say that the safest system is a system that’s never attached to the internet and never removed from your possession.
Senior Technical Engineer for Technical Support Systems
MCSE, Oracle DBA, Network Systems Engineer