Cybersecurity & Fraud
As Cybersecurity Month continues, Tompkins is taking this week to focus on the number #1 defense an account has to protect your information: Passwords
Strong passwords are a must in today's world. Even if you aren't the original target of a hacker, breaches and leaks of websites you use every day can expose your account information to the outside world, including email addresses, usernames, and passwords.
Has your account been exposed in a security breach or data leak? You can check your email or phone number at https://haveibeenpwned.com/ to see how much of your data might be out there.
In most cases, an attacker will get ahold of your password hash instead of your password in plain, readable text. A hash is a secure way to store passwords, and it looks like a long string of characters. However, based on the algorithm used, the same password will always produce the same hash.
So, why do you need a strong password? Since password hashes are always the same, attackers have lists of common password hashes and their associated passwords. They can use this list to compare with newly leaked passwords on the internet. If your password is something common like “password” or “Fall2021”, your hash will have a match in the hacker’s database, and they’ll immediately know what password you use.
Want a list of commonly used passwords? Many sites have articles about them, including Wikipedia. You can check if any passwords you use made the list: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
A strong password has multiple benefits. First, a password that doesn’t have common words or strings of characters will be less likely to match a database of known password hashes. Second, a stronger unknown password will take more time to crack, thus deterring an attacker from focusing on that account and moving on to easier prey.
But what is a strong password? The short answer is – a long password, or a passphrase, if you will. Why? Password crackers take time to go through each character combo in a password to guess the correct one. Simply put, the more characters in a password, the longer a computer takes to figure it out. Harder to guess passwords on a normal person’s account aren’t usually worth it for hackers.
Another point to remember is this: Never reuse passwords for multiple sites. As stated earlier, a data breach can expose your data, including email addresses and usernames. Do you have a Google account? A Facebook or LinkedIn? An online bank account? Many of these accounts use your email or a self-chosen username for logins. When hackers figure out a person’s password, they already have that account’s email or username, and the next step is often trying that combination of login info on multiple websites. Local banks, social media, work accounts, etc.
If you use the same password on multiple sites, an attacker has an easier way of getting all of your data. Once they can access your stuff, they could lock it down and hold it ransom, threaten to expose your information to the outside world, or use it to gain further access into a private network. Using different passwords everywhere doesn’t give them the chance to log into all of your accounts.
Ok, so how are you supposed to remember all of these long passphrases? The average person has around 100 online accounts! One of the best ways is to use a password manager. Password managers come in all shapes and sizes. They can be free, or paid through subscription, or a one-time fee, they can work on your desktop as well as your mobile devices, and they can store your passwords locally or in the cloud. To find one that fits your lifestyle, google “password managers” and there will be plenty of articles on the best ones on the market. Just remember to lock your password manager with the strongest password you can come up with!
What if all this fails? You have a strong password, and you never reused it anywhere. But the bad guys were persistent, and they have your complete login info! Well, this is where Multifactor Authentication comes in. Multifactor authentication (MFA), or Two factor authentication (2FA), is implemented by many sites to add another layer of protection to your account.
In the security settings of many sites, you can turn MFA on, and anytime someone tries to log into your account, a notification will be sent by text, email, or another way you set up. The notification usually has a code or other information you need to input on the login screen. Some accounts might even have physical keys or fingerprints as an option to sign in. Most attackers won’t have access to your phone or your fingerprints, so if they get to this step, they won’t be able to log into your account!
For more information on the importance of passwords and how they’re cracked, check out this article: https://www.relativity.com/blog/passwords-101-how-theyre-hacked-and-why-longer-is-better/
Interested in a fun activity with your kids? The FBI has created a set of online games for 3rd through 8th graders that focus on Safe Online Surfing: https://sos.fbi.gov/en/
Looking for more ways to flex your Cyber Safety skills? Tompkins is promoting the American Bankers Association’s “Banks Never Ask That” Campaign this October. Navigate to https://www.banksneveraskthat.com/ for videos and a fun quiz about scammers pretending to be from your bank. Can you outsmart online bankers?
In the upcoming weeks, we will focus on the importance of understanding these areas for a stronger security posture:
- Week of October 18th: Phishing and Malware
- Week of October 25th: Home Security and the Remote Workplace
Check back next week for some helpful tips on Phishing and Malware!
Thanks for visiting! Be sure to treat yourself to some Cybersecurity Awareness, so you won't get tricked by the bad guys!
Stay informed with the latest security news and developments!
Click "Sign Up for News and Alerts" below for a weekly security newsletter sent directly to your inbox!
Cybersecurity is especially important, so the team here at Tompkins wants our customers to have the most up-to-date information on all things security. That’s why we’ve partnered with Stickley on Security to provide articles and videos to give you important information and educational tools featuring potential risks and current threats.