Cloud - Only as Secure as the Weakest Password
IMPORTANT
The example of passwords used in the following text are for example only! Do not use them, since they are known passwords that are regularly use as examples in many explanations on how to use good passwords and are known by hackers. Create your own password
|
In a business, multiple people will share the same cloud environment. The person with the weakest password becomes the highest security risk, the weakest link.
If a person with ill intent, a hacker, manages to guess the password of a fellow staff member, they can use it to access all the information that staff member has access too. This is most likely to be done by a computer on the internet somewhere that keeps guessing day and night till it finds a weak enough password and gets into your cloud. This is otherwise known as a brute force attack or hack. Once the hacker gains access they can disrupt your cloud services in some way or steal customer data or worse, bank details and credit card information.
What about other aspects of cloud security such as data isolation, firewalls, SSL certificates, account lock out after x login attemps and such? These are all the basic safe guards that your cloud will typically provide. But the real threat is your password, it is the weakest point since hackers know people want to use short cuts when creating their passwords. They will use easy to guest password or worst some very common ones. Many web sites list the top 1 Million password used making them easy to use when attacking your cloud.
So, if your password is the weakest link, how can you ensure that the one you're using is secure enough? Does it need to be one of these passwords the IT guys give me that's nothing but a jumble of letters and numbers that nobody can remember? Does that make it secure? The simple answer is *No.*
Let's illustrate how you can keep your cloud secure but still have a password that's easy for a human to remember.
Most banks require that your online banking password be a minimum of 7 characters and include UPPER case, lower case, a number and a special character like an exclamation. Here's an example:
PASSWORD 1 EXAMPLE: BuXG7L~
Let's compare this with a longer password that is not considered secure by some:
PASSWORD 2 EXAMPLE: whitemencantjump
Just for fun, run these passwords through the online howsecureismypassword.net password checker. See the following images for the results:
PASSWORD 1 EXAMPLE: BuXG7L~
and
PASSWORD 2 EXAMPLE: whitemencantjump
Now just for fun, let's make the "whitemencantjump" password compliant by adding an UPPER case "W" at the beginning and a number "1" and "!" at the end and see what happens :
Modified PASSWORD 2 EXAMPLE: Whitemencantjump1!
How's that! 10 minutes for a computer to crack the 7 character bank-grade password but 35,000 years to crack the non-compliant, so called non-secure password to 7 Quadrillion years for a compliant password that is longer (18 characters but easy to remember)
Now skeptics will say that a dictionary attack would guess the long password. That is " True", there's some merit in what they say, however, this fact remains – the longer your password the stronger it is, and it doesn't have to be impossible to remember. And the longer the password the longer it will take for a dictionary attack to find the right combination. Also if you are using the other security options available to protect your cloud, the chance of a brute force attack being successful can be significantly diminished. For example, one security option that you can activate in Filopto is the account lock out feature which will lock an account after X number of attempts in guessing the user password.
So what's the bottom line? Make your passwords longer, use memorable easy to type word. Jumbles the words by inserting spaces, caps and characters. And most important remember the longer the password the more secure it is.
