Audits and Penetration Tests
Password security? Is this a strange question? By their very nature, aren't passwords secure? Not exactly. Over time passwords have become more and more elaborate so that they are secure. First case sensitive did the trick. Then you had to have a minimum number of characters. Next, there were numbers. The special characters were required. Now passwords require all of the above. Unfortunately, with the CPU and RAM power available today no password is secure anymore, even those with mixed cases, numbers, special characters and thirteen digits.
"Dgpyyih804423" was cracked in 160 seconds. That's right - it was 2 1/2 minutes.
"thequickbrownfoxjumpsoverthelazydog" was cracked in 700 seconds. Er, that is 11.67 minutes.
So now what? What can we trust if passwords are no longer truly secure? What can we do about this? Really, it all depends on what you would like to protect and what budget you have. A good start for anybody is to simply change passwords securing important or personal information every 30 days. And yes that includes you, Paris Hilton. Below are some other ideas:
- Change your password every 30 days
- Never ever write your password down!!!
- DO NOT use a pet's name, one of your children's names, birth date, or any other public information as a password. If your password is anywhere on your Myspace page, forget it!
- Use AES 128 encryption or higher
- Add another validation process and require verification of both before allowing access. Options are fingerprints, retinal scans, or a key fob
Just using the first three suggestions above can make your passwords much more effective and those are steps anyone can take. Can you still be hacked? Unfortunately, yes! That is where the second part of security comes in. If you ARE hacked, will you know that it happened? What was touched? Was it a one-time intrusion or can they now come and go at will? Security Arsenal products can help with both preventing an attack and detecting if you have been attacked. If needed, the products are able to give you the evidence needed to prosecute if you decide to. After all, you cannot bring a case if you are unable to prove an attack, right?
Security should never be taken lightly. The stakes are huge. Aside from downtime, companies can become laughingstocks, revenue can be lost, and businesses can be sued over security breaches and information theft. Everyone knows a victim. Don't become a statistic. At Security Arsenal, we have staff with over 20 years of experience to help you avoid becoming a victim.