Never Type in Passwords Again … And Save Money

gatekeeper
Legal Legacy Special Issue

Easy to remember passwords like the name of a family member, a pet, or your favorite team should be a thing of the past at your firm. If you are relying on remembering passwords by writing them in a book or on a sticky note, this is called bad password hygiene and it is child’s play for a hacker to get into your system.

Good password hygiene typically relies on password policy, such as is required by various government compliance regulations (HIPAA, CMMC, etc.). ‘Brute force password attacks’ algorithms easily crack short passwords (hackers don’t just guess). All passwords should be 24 OR MORE characters in length.

Advertisement

Answering Legal Banner

Make It Harder for Hackers

One effective solution is a proximity-based hardware token paired with a built-in password manager. A product we found called GateKeeper (GK) eliminates the need to ever type a in password again (perfect antidote to keylogger malware), and even unlocks all apps and websites for you as well- you literally never sign-in to anything again. The main perk of never typing passwords is you can now create immensely complex passwords (much longer than 24 characters) with various symbols, numbers, etc. because you don’t need to remember or type them! Increased cyber safety? Yes. Huge time-saver? And Yes.

By using a product like (GK), you make it difficult for hackers. Instead of only needing to brute force break your weak password, now they would have to physically steal the Bluetooth hardware token you have in your purse/pocket, or on your lanyard. Next, they would have to know your PIN code that unlocks GK. Then they could try breaking your super long and complex passwords, but unless they’ve got a Quantum Computer (quite unlikely), they probably don’t have the time.

GK is under $200/user per year. In comparison, one breach of your password and/or network could cost your business over $200,000 in lost revenue and/or government fines (if Personally Identifiable Information is compromised). Quite tragically, some businesses never do recover from a significant breach.

Advertisement

Eza Mediation

What responsibility do you have to protect Personally Identifiable Information? Here’s a blurb from the Department of Labor’s website:

“Personal Identifiable Information (PII) is defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. It is the responsibility of the individual user to protect data to which they have access.”

Which brings us back to passwords as being the firm foundation for good cyber hygiene. Here’s another example. You’ve heard the horrific tales of all leaked passwords being for sale on the dark web. How did they get them?

  1. Keylogger Malware can be purchased nefariously for less than $99!
  2. Weak / short passwords are broken via algorithms during brute force attacks.
  3. Weak / short passwords being used across multiple platforms (as if weak / short passwords are not bad enough…humans have developed the nasty habit of reusing them repeatedly across various sign-in portals).

GateKeeper eliminates each of these breach points.

Don’t Be Low Hanging Fruit

Picture the cyber world from a hacker’s perspective as being full of trees to pick from…don’t be the low hanging fruit.

Make use of two-factor authentication (2FA) wherever it is available, as this provides a second layer of protection just in case someone did get hold of your account password. Without access to the 2FA mechanism, they would still be locked out of logging into your stuff.

If this sounds like a lot of jargon and alphabet soup, cybersecurity firms like ours can help you set up your password security plan. It’s a simple step but weak passwords remain to be one of our strongest problems.

Craig Petronella

Craig A. Petronella is the CEO of Petronella Technology Group, Inc. (PTG), ComplianceArmor.com, and BlockchainSecurity.com. PTG is an internationally trusted IT cybersecurity and digital forensics firm helping law firms with training, security, and compliance. Craig has 36 years of experience, authored multiple books. For more information on security awareness core training, go to: https://compliancearmor.com/collections/courses/products/ptg-security-awareness-core-training.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts