(661) 281-4000

Passwords – Outdated and Dangerous, But Necessary?

Here’s a quick test – what do these seemingly random alphanumerical groupings have in common?

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

That is a list of the Top Ten Passwords used in 2018. Recognize any of these? If you don’t, you’re not necessarily in the clear, but your chance of becoming compromised or hacked is far less than someone who uses one of these passwords. If you do recognize these, you’re certainly testing your luck.

These days, creating and remembering passwords has become increasingly more challenging. If we had only one device that required a password, we could probably manage it quite easily. But with every device we use, most programs we need to do our jobs, and sites that require you to change your password every few months, it is estimated that the average person must memorize up to 191 different passwords. No wonder we often choose to take shortcuts!

The problem is, over 80% of hacks are due to compromised credentials, otherwise known as stolen username and password information that are often traded on the dark web. In fact, in one month alone in 2018, Microsoft blocked 1.3 million attempts to steal password data, which would have led to dangerous phishing attacks, and other hacking attempts.

These harrowing statistics are why you hear the recommendations:

Pay attention to that last stat: 50% of all attacks involved the top 25 most used passwords. See what I meant when I said if you recognized anything on that list you’re testing your luck?

Following all these rules and regulations, you’ll end up with passwords that are about 16-characters long, impossible to memorize, and, unfortunately, are still completely hackable (much more difficult, of course, but where there is a will, there is a way). So, what do we do now?

Password Manager

The first shortcut is a password manager. You can store all your passwords in one place. This makes remembering all your passwords much easier, but there is one challenge. The password manager is also protected by a password. If you’re utilizing a software like this, make sure that this password is especially complex, so that hackers aren’t even tempted, especially in the case of a brute force attack. If possible, turn on multi-factor authentication, especially on your password manager.

Multi-factor authentication

Many sites utilize multi-factor authentication. This extra layer of protection connects to your phone, email, or other authentication source, rather than relying solely on a password. We recommend enabling multi-factor authentication wherever possible. Only caveat here is make sure your secondary authentication source is equally secured with a strong password. No sense in double protecting yourself with a wide-open source.

Random Password Generators

These sites come up with secure passwords for you, but are typically a random jumble of letters, number, and symbols that are darn near impossible to memorize. If you’ve got a strong memory, this might be a good starting point, but if you’re like most of us this may be more challenging than it’s worth.

How to craft the best password

Use a “Password Phrase” in place of random letters, numbers and symbols. Create something that’s easy for YOU to remember, but has no meaning to anyone else. For example I<3Fh@ck3rs43v3r!. Breaking this down, you get:

Easy for you to remember because you understand the phrase, but difficult for a hacker to decipher because it’s not real words. There’s no time like the present to get started and change your easy-to-hack passwords to something safer, because it’s always better to be safe than sorry.

Work at creating passwords that will be difficult to hack. Make sure to change them regularly. Never write them down, (especially on a Post-it Note stuck to your computer!). But most of all, make passwords an important part of your life. Don’t consider them a nuisance or a thorn in your side. Make a game out of creating passwords. Challenge yourself to be more creative each time you create one. Beat the hackers at their own game by making your password too time intensive to try and crack, and you’ll reduce your chance of your information showing up on the dark web. Worried about your information already being available due to past weak password use? Contact us. We’ll run a scan that reveals your vulnerabilities.

You’re happily humming along on the Internet thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the Internet. There’s a whole world (96% of the Internet) hiding beyond these safe surface-level sites, known as the Dark Web. It’s a much less hospitable place.  

 

What exactly is the Dark Web?  

The Dark Web is a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption toolslike TORTOR was originally created to protect military communication but now has much broader utilization for both Dark Web purposes and for highly secure communication. You have to access Dark Web sites utilizing TOR, typically 

 

People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers)Over half of the sites on the Dark Web are used for criminal activities.  

 

Why Do People Use the Dark Web?  

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugsweapons, fake identities, and organsThe proliferation of cryptocurrency, like Bitcoin, has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.  

 

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for the low price of $1 to $8. Hackers utilize these purchased credentials to: 

 

What can you do about it?  

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised; so that you can immediately act, like changing passwords and activating two-factor authentication.  

We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web.  These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are very good heads up that something bad may be coming. You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.  

 

How should you get started with Dark Web monitoring?  

Our team can run a preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request that scan.  

What is the dark web? 

Have you heard of the ‘dark web’? You probably picture a guy in a hoodie, slumped over a keyboard peering at a screen of numbers with an evil smile upon his face. Oddly enough, it’s really not as dark and creepy as the media portrays. However, the scary part is the information you can find on the dark web. Don’t think the worse, I haven’t seen any body parts for sale on the dark web, I can assure you if any of your important data has been stolen. It’s likely for sale on the dark web. The dark web is named that because it’s part of the Internet that is not indexed by search engines. This certainly makes the anonymous illegal activity easier, but the dark web does host a few legitimate social networks. 

 

What’s on the dark web? 

As mentioned before, if you’ve ever had your data compromised, it is possible it’s floating around the dark web for sale. Or if you’ve heard of the latest malware attacks that have stolen millions of usernames and passwords (like the Collection #1 breach last January). There are a plethora of items to purchase. Some of the most popular are breached usernames and passwords that have been de-hashed. You can buy credit card numbers, drugs, and hacked accounts to name a few. I have personally viewed 6 stolen credit cards for the cost of $100. No guarantees they had money on them or were still valid, but I suppose it’s worth a try for a hacker. You can even hire a hacker to carry out a job for you. Most of the dark web takes some kind of crypto-currency and has boomed since currencies like Bitcoin have taken hold of the Internet. 

 

How do you access it? 

You can’t just type in “dark web” on Google and expect it to take you there. In fact, your network may even get flagged or the antivirus on your computer will prohibit it. The way people are accessing the dark web now it through a search engine named torproject.org. Now keep in mind, this organization created Tor in order to allow everyone privacy during their browsing experiences. Many countries are unable to access the Internet without someone eavesdropping on them or simply being unable to take part in free speech. Also, keep in mind that these dark web sites look just a normal as a regular website. Sometimes the only way you can see the difference is that dark web sites use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called “Dream Market” goes by the unintelligible address of “eajwlvm3z2lcca76.onion.” Its surprisingly easy to access, just remember what kind of people you’re dealing with. If they stole from other people, they’ll steal from you too.  

 

Staying ahead of the dark web 

Most people will never have the need or the courage to check out the dark web. However many IT industry experts peruse the dark side to look out for current and future hacking trends. It’s always good to know what is making money and what assets scammers are looking for. If by chance you stumble upon your own data, there’s little you can do about it. (Although, we’ve heard stories of people buying back their data). But at least you’ll know what’s compromised. Check out the dark web at your own risk, but whatever you do – save yourself the trouble – and don’t purchase anything. 

You’re prepared, at least mentally, to begin your migration to Windows 10 because you’ve read What Does Windows End of Life Mean to My Business? and Getting Ahead of Windows End of LifeIs your hardware ready, thoughHow you handle your IT (on your own, as needed support, or with a fully managed agreement) will change how you will have to deal with your transition.  The following items should help you decide how to prepare your hardware for the Windows 10 migration.  

 

Do It Yourself 

If you own all of your own equipment and deal with IT issues in house, then you will want to get started on migrating your devices now. The good news is that Windows 10 is highly compatible with just about every PC out there. If you run into trouble, it’s likely a vendor incompatibility issue, not Microsoft, itself, so you’ll want to contact them directly. When you have that handled, upgrading from 7 to 10 is as simple as running the ISO file from Microsoft.com, from a USB, or DVD. The bad news is that it will take significant time migrating every PC in your business. You’ll also need to deal with a backlog of Microsoft customer service support if you happen to run into any issues.  Remember that almost 70% of the world’s computers are still running Windows 7. Its almost guaranteed that others will run into issues and need support, as well.  

 

MSP 

If you are with a managed service provider, you should be just fine. In fact, you likely already have a plan in place from your most recent business review. Over the course of the next few months, your IT company will ensure software compatibility with all of your line of business applications and contact any necessary vendors and schedule a time with you to come out and run the update once their sure everything will go smoothly. Now, would also be a good time to consider any hardware upgrades that you’ve been needing. All new PCs will automatically come with Windows 10, alleviating any upgrade issues now or in the next three years or so. The best part of it, you have to do nothing. No downtime for your business, no extra IT work for you, and no worries. 

 

If you’re on a full managed services agreement, the upgrade is more than likely covered and any hardware needs will be handled on a new monthly payment plan (HaaS agreement). If you’re on a partial agreement or break/fix model, you’ll likely be billed for the time required to complete the upgrade. Either way, your IT company will have you completely in hand. Just remember that your service provider will soon be booked solid assisting other clients with this transition. It’s important to schedule now so you’re not left waiting.  

 

Time to Get a Contract? 

If you’re reading this blog as someone that had planned to do this upgrade on your own but have now decided that you don’t have the time or desire to do so? It’s time to contact ARRC Technology. We’ll make sure that you’re taken care of through Windows 7 end of life and well beyond.  

With Windows 7 end of life quickly approaching, it’s time to start thinking about what needs to be done to prepare. Technically, regular Windows 7 support has been dead since 2015, however, the extended support period is over January 2020, which means no more updates or security patches. What should you be aware of for EOL? Get ready, you may have some work to do.  

 

Many are concerned that their PCs will stop working. That is not the case. Your Windows software will work, but its security will depreciate rather quickly, which could put your PC in danger of cyber-attacks and viruses. Back in 2014, Microsoft ended support for Windows XP. It affected 40% of computers worldwide. Now, years later, it is estimated that about 7% of computers are still using Windows XP. These computers are the ones hackers like to target because of the security holes caused by lack of regular patching.  

 

Currently, about 70% of businesses worldwide use Windows 7, so it’s highly likely that you need to take action before Windows 7 retires. The more systems you have on Windows 7, the sooner you need to prepare. Here‘s a quick action plan:  

 

 

 

Keep in mind that Windows 10 end of life takes place in January of 2025; so, while planning, ensure your devices can make the switch again in a few years, or that you’re budgeting for another upgrade. Also, document your processes during the shift. This could make life so much easier down the road. Most of all though, act. You don’t want to be stuck without security patches or an up-to-date operating system. It’s like hackers can smell your outdated system and will gladly break-in. Protect yourself and your business and begin planning sooner than later.