IAM

Capital One: “What’s in your wallet?”

By May 28, 2018 No Comments

We often hear that small businesses are more of a target for cyber-attacks because they don’t have the resources to combat it. There will always be thieves targeting data.

How do you choose to protect your data?

One of the most obvious ways is with an Enterprise Password Management solution with multi-factor authentication. However, it’s the strong password that you create that is vital no matter what solution you are using. But what constitutes a strong password.

You see suggestions like this:
“Create strong passwords. Don’t use the four-letter, easy-to-remember passwords. Make them strong and long: not a word; random with symbols, numbers, capitalization.”
In 2003, that was the suggestion.

National Institute of Standards and Technology published a document with password guidelines. It was an eight-page password document titled “NIST Special Publication 800-63. Appendix A.” It advised people to use irregular capitalization, special characters, and at least one numeral. We are all familiar with that pattern because we can’t change a password until we satisfy those parameters. But what kind of passwords do we actually create?

The author of this publication has revealed that he actually ended up directing computer users towards lazy mistakes and easy-to-predict practices. And with the suggestion to change passwords at least every 90 days, a parameter adopted by organizations, users ended up creating easy to crack passwords. Take a look at your own passwords…that list of how many applications….and how many passwords to remember…and how you chose what is the easiest password for you to remember. Even when changing your password, don’t you try to stick to something familiar, similar to what you have used before and easy to remember?

The author of the 2003 guide is now saying that it was a misguided guideline because it trained us to use passwords that are hard for humans to remember, but easy for computers to guess.

In 2013, a new guideline was published by NIST which did away with those 2003 parameters (although it seems many sites have not caught on yet). New concept: create a password that a computer cannot guess, and a human can remember. Create a phrase. It is longer and more random than a single password. It is a phrase that you are familiar with…a phrase that means something to you which makes it a phrase that is easy to remember…a passphrase that may be crack-proof!

In the United States, we associate the Capital One credit card with marketing the phrase “What’s in your wallet.” It’s easy to remember and we connect it with Capital One credit cards (which of course was the whole point).

ILANTUS has a Password Management solution with user verification but the user needs to start creating stronger passwords with phrases…easy to remember for the human and becomes a stronger line of defense against cyberattacks. Strong passwords are the key to keeping your data doors locked.