The Basics: Passwords

The Basics: Passwords

by Kate Pace
We’ve said it before and we’ll say it again, and again, and again. Choose complex passwords, that vary across your critical accounts, and change them at least annually. Take a minute to think about the passwords you use for your financial logins, your email, and your work accounts. How many of them are similar? How many of them have changed in the past 6 months? How many of you keep a little black book to log all the cryptic revisions to your family’s account passwords over the years?

Based on what we know today, it’s due time for the mindset surrounding password management to shift. Our office recently had a discussion regarding the most secure password management applications. LastPass, 1Password, Dashlane, and KeePass all came up in conversation, and there were corresponding opinions on the merits and drawbacks of all. I was most struck by the position of one of our senior network engineers, who in all seriousness has memorized all his complex, critical application passwords in his steel trap brain, and has done so for as long as he can remember. We would all do well to flex our memory muscles in this way, but it’s not always realistic. Our goal with this article is to stress the importance of having a plan in place that’s in line with password management best practices.

The devices in our homes are increasingly connected to our wireless networks, and the Internet of Things (IoT) is an important new frontier to consider when it comes to our network security. An article came out early this month exposing a network breach at Creech Air Force Base in Nevada. The hacker responsible was able to obtain documents relating to maintenance tasks and mechanics of the U.S. military MQ-9 Reaper drone. He was also able to tune in to live surveillance footage. How did this happen? The Netgear router password at the base had not been reset from its default setting.

This router vulnerability was publicly acknowledged over two years ago, yet it remains a widespread issue. According to research from Recorded Future, over 4,000 routers currently remain susceptible to attack. Changing the default password on your router is not complex. As Netgear has previously advised, it’s important to follow specific installation and configuration steps to ensure your network devices are better protected from malicious attacks that are very basic in nature.

Routers aren’t the only devices in your home networks that come with a well-known default password setting. As “Alexa” and Google Assistant continue to proliferate, it’s important to keep in mind that our IT security models must constantly evolve to keep pace with technology developments. Our interconnectedness and the capabilities and convenience that come with it can have a huge impact on the way we work and play. But if the military breach tells us anything, it’s that we cannot let the possibilities blind us from the basics.

Sources: “Direct threat actor interaction allowed Insikt Group analysts to discover other leaked military information available from the same threat actor. Once identified, searches in Recorded Future revealed the extent of the actor’s activities.” https://www.sfgate.com/business/article/Netgear-Add-a-password-or-risk-losing-your-data-6811071.php  / https://www.recordedfuture.com/reaper-drone-documents-leaked/