Search


Tagged with Password x Raportoje në platformë x Reputacion x Taktikë x Siguria x Apps x

Making a strong password

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

Password management

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

Internal network

In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.

A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers. 

Below are the most common protection measures for wireless networks:

  • Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
  • MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
  • Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
  • Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.
Server Password Apps

Change all passwords

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop