In this issue:
- Three ways to beat the password paradox
- Emerging threat: Verizon PINs leaked
- Cybersecurity shorts
- Software updates
We hope you have been enjoying your summer so far. Unfortunately, the cybercriminals don't take a vacation so as always we have plenty to report this month.
One way to not get overwhelmed with your cybersecurity plan is to take actions that protect you year round. For example, in this month's newsletter we'll be discussing password strategies that will give you peace of mind once you initiate them.
Read on to learn more about that and:
- How cybersecurity concerns may affect upcoming elections
- The truth about Fortune 500 companies' cybersecurity
- A new Facebook scam costing victims thousands
- And much more
Three ways to beat the password paradox
Millions of online accounts have one thing in common—weak passwords. Experts say that about half of computer users choose bad passwords and then use those bad passwords across multiple accounts.
Most users know this is bad behavior but they face a double bind—either create a tough password that is impossible to recall or go back to the weak but memorable password.
How do you create a strong password that is easy to remember but hard to hack?
Mnemonic passwords
One way to beat the password paradox is using a mnemonic device—a pattern of letters, ideas, or associations that assist in remembering something. You may have used mnemonic devices in school to learn the order of the planets or other pieces of information. Remember, ROYGBIV?
To create a mnemonic password, choose a meaningful phrase—a song lyric, a prayer, even a line from a poem. Then, take the first letter of each word of the phrase to make the base of your password.
For example, say you chose the phrase, "Don't count your chickens before they've hatched." Your password base would be Dcycbth.
You can increase the strength of that password by bracketing it with a meaningful number—but don't choose something like your birthdate or Social Security number. If you choose the date November 7, your password will now be 11Dcycbth07.
Lastly, add some uppercase letters and symbols to boost your password strength even more: 11DCyCb+h07. That's a pretty tough password for hackers to break but still easy enough for you to remember.
Goal-setting passwords
Another method for creating tough but memorable passwords is goal-setting passwords. These passwords are not only easy to remember but are also motivational. Creative director Mauricio Estrella wrote about this practice in a Medium post after going through a difficult divorce.
Instead of being aggravated when he was required to change his work password every thirty days, Estrella decided to make his password a goal that he wanted to accomplish that month. His first password was directed at his ex-wife—Forgive@h3r.
After that password improved his feelings towards his ex-wife, Estrella decided he wanted to quit smoking. After typing Quitsmoking4ever for thirty days, Estrella did just that.
You, too, can use this motivational approach to better your life while improving your security. Choose something you want to accomplish in the near future and make it your password. Add some numbers and characters to make it even stronger.
Here are some goal-setting password examples:
Save more money à $aveM0reM0n3y!
Run a marathon à Run@M@ra+hon*
Read every day à R3@dEveryD@y
Diceware method
Security experts believe that a random string of words can make the strongest password. That's why many recommend the Diceware method. Here, you roll a die five times to create a random number. For example, say you roll a 6, 3, 1, 1, 4. Then you do that five more time so you have five five-digit numbers, such as:
63114
24225
13261
56312
33415
Then use the 7,776-word Diceware list to match each 5-digit number to the corresponding word on the list. Using the numbers above, your password would be vet eerie balsa sy hun— leaving spaces increases security.
But you may be thinking, "I won't remember a bunch of random words strung together—especially for multiple passwords!"
Two researchers at the University of Southern California (USC) have a solution: Rhyming password poems. The pair created a program that assigned codes to over 300,000 dictionary words. The program creates two-line rhyming verses you can use as your password. For example:
A letter cautiously Decries/the surgeons angrily denies.
or
Elise discovered oversight /of Valley public candlelight.
According to experts, these password poems would take millions of years to crack but the rhyming helps our brains remember.
Powerful passwords
Passwords lock our accounts from prying eyes, but using weak passwords offers little protection. Trying to remember tons of unique and tough passwords, however, seems nearly impossible. The methods mentioned above will help you beat this password challenge.
Emerging threat
Attention Verizon customers: Account PINS leaked
In recent years, there has been an uptick in mobile account fraud where scammers take over your phone number and redirect calls to a new number that they control. This can allow them to intercept two-factor authentication codes or imitate you when calling businesses.
One crucial action in protecting your identity from scammers is placing a PIN on your mobile account. This PIN adds an extra layer of security to your account as it is required online, over the phone, or in store before any changes can be made to your account.
If you are a Verizon customer and have called their customer service in the last six months, your PIN and other financial information may have been exposed. The cloud service hosting Verizon’s information was breached and Verizon now recommends all people who have called customer service this year should reset their Verizon PIN immediately to protect their account from fraud.
You can change your PIN by logging into your Verizon account online.
Cybersecurity shorts
All Fortune 500 companies have been exposed on the dark web,according to a new report from OWL Cybersecurity. The company used an algorithm to determine each enterprise's "Darknet Index” based on how much of their information was available on the dark web. This information could include data such as credit card numbers. OWL Cybersecurity found that technology and telecommunications firms had the largest darknet footprints, with Amazon taking the number one spot.
Children continue to be targeted by identity thieves looking for clean credit reports. Bloomberg interviewed two experts on things you can do to protect your children and grandchildren's identities. They also offer advice on how to talk to your kids about protecting their own information. Read the interview here.
One in four Americans consider not voting in upcoming elections due to cybersecurity concerns. Cybersecurity firm Carbon Black says this is a 10% jump from their poll last year. Nearly half of voters are most concerned about the security of their local elections.
Half of all countries have no formal cybersecurity strategy in place, according to a new report from the United Nations (UN). The UN's International Telecommunication Union created the report which found that only 38% of 193 countries have a published cybersecurity strategy. According to the report, Singapore, the United States, and Malaysia are the most committed to fighting cybercrime.
Cyberattacks target U.S. power companies and nuclear power plants. The U.S. Department of Homeland Security and the FBI issued warnings to industrial firms warning them of possible cyberattacks. One dozen firms, including Wolf Creek nuclear facility in Kansas were affected. Experts stress that cyber breaches at nuclear facilities could possibly lead to physical attacks on the plants.
B&B Theaters features data breach in theaters across the country. The seventh largest movie theater chain in the country was contacted by a financial institution that believed the company had been breached two years ago and was leaking customer information. B&B Theaters contacted Trustwave to investigate and found that while some data was leaking in 2015, they don’t believe customer information was at risk the entire time.
Avanti self-service food kiosks hacked. These kiosks, which are located in many corporate breakrooms, were found to be infected with malware stealing credit card data and biometric information. The machines allow consumers to purchase snacks or drinks using fingerprint scans or credit cards. Avanti has been investigating the situation.
New Facebook scam makes the rounds, costing victims $1,500. The scammers create fake profiles of real people and then message their friends, alerting them to a government program offering financial assistance of up to $100,000 in grant money. The scammer tells victims that they only need to send $1,500 in fees and give some personal information in order to sign-up for the program. The victim never receives the grant money.
WWE slammed after leaving database unprotected. The wrestling entertainment company was storing consumer information on an Amazon Web Services server that was not protected with a password. Therefore, the database could have been accessed by anyone on the Internet. The server is now protected, but WWE is not aware if anyone downloaded the information while it was accessible.
Be on the lookout for smishing scams coming to your phones. Smishing messages are phishing attempts that are sent to your phone as a text message. Often, these messages appear to be from your bank and Apple and they ask the recipient to act immediately. If you receive a message that you are unsure of, delete it and contact your institution directly.
New wireless skimmers found in ATMs in Oklahoma. These skimmers use infrared technology that can send payment card information wirelessly to scammers. The skimmers themselves are thin and difficult to detect. It also includes a camera that records PINs being entered, which are also sent to the scammers. Always be sure to inspect any ATM before using the machine and cover your hand while you enter your PIN.
Software updates
Adobe: If you use Adobe Flash Player, you must update your software right away. Adobe released a patch for the software after discovering three dangerous flaws in the program that would allow hackers to remotely take over your device. If you use Flash you should be using v. 26.0.0.137.
Microsoft: Over 50 security flaws were closed by Microsoft this month in their latest patch bundles. Affected programs include Internet Explorer, Edge, Office and Exchange. Your device should alert you to update automatically but you can learn more about the patches here.