On a personal note, I have to say that Hurricane Sally left me worn out, so this newsletter will be brief. Hope you don’t mind. I’ll dump a lot more on you next week! :)

A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?

However, the problem with depending on password complexity is that computers are highly efficient at repeating tasks -- including guessing passwords. Last year, a record was set for a computer trying to generate every conceivable password. It achieved a rate faster than 100,000,000,000 guesses per second.

• Longer is better. At least 12 characters, preferably 16 or more:

  “with cloud-based technology, guessing an eight-character password can be achieved in as little as 12 minutes and cost as little as US$25”

• Think of pass phrases, not pass words. They are easier to remember, easier to type, and much longer:
  
  This.Is.A.Pretty.Good.One.Actually!
  
  That-One-Aint-Bad-Either-IMO
  
  Bluebirds.Dont.Sing.Like.Songbirds
  
  
• Play word games! Use your imagination! When you play password games with yourself, you engage both sides of your brain. That means better passwords that are easier to remember!

Remember, always use two-factor authentication (2FA) whenever and wherever it is available. That’s the best protection for your password.

Check out this website: https://haveibeenpwned.com – you can sign up to be alerted when your email address shows up in a password dump on the dark web, so you know where you need to go make changes.

The Feds say they are better than private industry

CISA Data Shows Federal Civilian Agencies Faster Than Industry at Patching:

An analysis of data collected by the Cybersecurity and Infrastructure Security Agency shows civilian government agencies are doing better than private sector owners and operators of critical infrastructure when it comes to a major indicator of adherence to basic cybersecurity practices. “For the federal civilian executive branch, we’ve seen patching timeframes consistently hold at 15 days for critical vulnerabilities and 30 days for high,” said Boyden Rohner, associate director of vulnerability management at CISA. “However, outside of the federal civilian executive branch, in other critical infrastructures, the timeframes to patch have been largely longer.”

Seriously?! The federal government is faster and more efficient at something than private industry? If this is true, we need to up our game! Talk to your IT people to be sure that you are getting patches applied as quickly as possible.

Zoom Brings Two-Factor Authentication to All Users

Hooray! Go sign up now! 'Nuff said.

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab of our new website.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!