Busy? Tired? Shopping? Vacation? Welcome to CyberCriminal Paradise.

BLACK FRIDAY ... CYBER MONDAY ... HOLIDAY SHOPPING… BOXING DAY SALE… JANUARY GET-AWAYS… GIFT RETURNS… 

Now that I have your attention...

Busy? Tired? Shopping? Vacation? Events?

Welcome to cyber criminal paradise.

Tis the Season... and the criminals are waiting.

  • They know our habits.
  • They know we are extra busy.
  • They know we are shopping online (more than usual), mailing parcels, and rushing to meet year-end deadlines.
  • They know that as January approaches we are tired, relaxed, and perhaps careless.

How do they know? Well, apart from the obvious (did you post selfies of yourself while you were on vacation??), there are many sneaky ways that criminals track our habits, whereabouts, and vulnerabilities.

Welcome to cyber criminal paradise.

Below are 2 ways to thwart their greedy endeavours...

1 - A Short reminder list for the Holidays and beyond

If you already live by these bullet points, please pass them on to others (best to do that anyway, even if you're still learning 🙋‍♀️):

  • DON'T post selfies of your vacation while you are ON said vacation

  • DON'T use "password" or "1234" or "password1234”.

  • DON"T answer your social media security questions truthfully.

  • DON'T check your bank account using the mall wifi

  • DON'T respond to any email that says a parcel is missing, gift cards are needed, or your Amazon account has been breached. If you need to check your Amazon account, open a new webpage and type in amazon.com.

  • DON'T download the document that your new LinkedIn colleague DM'd to you.  

2 - Let's up our game from “password” to “passphrase”.

Again - please share this information with others. It is critically important! 👩💻

Passwords

A list of most used passwords in 2022... and the (surprisingly short) time it takes to crack them:

https://nordpass.com/most-common-passwords-list/

A list of most-used passwords for 2019, 2020, and 2021:

https://s1.nordcdn.com/nord/misc/0.55.0/nordpass/200-most-common-passwords-en.pdf

Yep - you read that right - the list doesn't change much over these years. So… apparently we don’t learn. 

Creating strong, unique (used for 1 account only) passwords, and storing them safely, is extremely important‼️

Adding passphrases to our list of options

https://xkcd.com/936/

A passphrase is a sequence of words that is used in place of the traditional all-in-one password. It should still contain numbers, symbols, and upper/lower-case letters, but these are sprinkled throughout a set of words. Preferably these words are randomly generated - because humans suck at "random enough to fool a computer program" (this is proven) 🤷♀️. I have added some starter options below! 🎉🙋♀️

These first 2 links are from the Electronic Frontier Foundation (EFF). They are 2018-ish, but the ideology hasn’t changed - and who doesn’t love DragonCon and 20-sided dice??

EFF Dice-Generated Passphrases
Create strong passphrases with EFF’s new random number generators! This page includes information about passwords, different wordlists, and EFF’s suggested method for passphrase generation. Use the directions below with any set of dice.And now, a message from internationally renowned security…
How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists
Here’s the not-so-secret recipe for strong passphrases: a random element like dice, a long list of words, and math. And as long as you have the first two, the third takes care of itself. All together, this adds up to diceware, a simple but powerful method to create a passphrase that even the most…

⬇️ This next option is for regular, 6-sided dice. 🎲🎲🎲🎲🎲

Let's jump right in and create a passphrase with "Diceware"!

Diceware is referenced in the above articles, and has been updated more recently. You will need the wordlist (more languages here) and 1 or more six-sided dice. 🎲 Don’t use a computer program or electronic dice generator for this, the degree of randomness varies too much.

A minimum of 6 words is recommended. 7-9 words is recommended for high value uses such as cryptocurrency wallets. Let's get started!

  1. For each word in your passphrase, you will need 5 numbers. You can roll 1 die 5 times or five die once, or any combination in between. If you roll multiple die at once, preserve the randomness by reading them from left to right (remember - we humans suck at fooling a computer with our attempts at "random").
  2. Look up each five digit number in the Diceware list and find the word next to it. Write this word on your paper.
  3. Repeat 1 & 2 until you have the number of words you want.

AND - YOUR"RE DONE! 🎉 That's it - you did it! These words are now a passphrase. If you keep the original paper list, store it in a VERY safe place. 

The Final Takeaway

I have intentionally written this edition of the Newsletter to be sharing-friendly.

It's filled with information we can share with our family, friends, and colleagues. Some of this info may be new to you - and to them - and some may be a reminder things we know but forget in the rush of the Holidays and year end.

Criminals know when we are busy and stressed. They wait for this. They prey on us more when we are distracted - whether because we are busy, happy, or in crisis.

We need to be our own advocates in keeping our personal data safe.

Each year, cyber criminals get sneakier, technology gets more complex, and life in general requires an increasing number of passwords. BUT - it's still important to make sure every account has a unique password, and that this password is changed every 6 months.

Passphrases are more secure than passwords IF they are randomly generated, and sprinkled with numbers, symbols, and upper-case letters. They may even be easier to recall.

And if you own a business PLEASE make sure you and your employees are cyber-safety-trained. It's easy - and less expensive than you think!


Let’s keep the conversation going!

 

📣 Share this with your network or a friend! 

✅ Leave a comment - Send a DM! 

 

Let’s Keep Cyber Criminals Unemployed!


⭐️ Stay safe! ⭐️


Originally published at https://www.linkedin.com.