Opinion

Too many passwords?

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc.

The problem is, with so many online accounts, how do you remember a unique password for each one? We all know that it’s unwise to use the same password for them all. And it’s not much better simply to recycle them – e.g. ‘david1’, ‘david2’, ‘david3’, etc.

There is a solution. Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example: start with the name of the online resource, let’s say ‘mybank’. Then apply your formula: e.g.

1. Capitalize the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.

This would give you a password of ‘n1mybAk;’.

There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is ‘the quick brown fox jumps over the lazy dog’ the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four step rule.

Using either of these methods gives you a unique password for each online account, but all you have to remember is the same four steps each time.

Passwords aren’t the only case in which humans can prove to be the weakest link in security. Finding ways to ‘patch’ our human resources is every bit as important as applying security updates to computers. Click here for further discussion of the human dimension in Internet security.

Too many passwords?

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox