Cybersecurity Center

NCFCU protects our members using a variety of equipment, tools and techniques to prevent malicious actors from causing harm. One such approach to help educate our members on some best practices to combat these villainous perpetrators. This month we will focus on a simple topic, Passwords.

How are passwords compromised?

Be on the lookout for these methods criminals can employ to compromise a password, including:

  • Intercepting them as they are transmitted over a network.
  • Brute force – automated guessing of millions of passwords.
  • Physically stealing them, for example when they are written down close to a device.
  • Searching IT infrastructure for stored password information.
  • Manual guessing based on easily accessible personal information (e.g. name, date of birth).
  • Shoulder surfing – observing people typing in their passwords in public places.
  • Social engineering – tricking people into handing over passwords.
  • Key-logging malware which records passwords as they are entered.

What can we do to prevent password theft?

A key recommendation is to use multi-factor authentication and a strong, non-predictable password. A strong password is a unique password that, as the name suggests, is a password that is totally unique to you as a user and your account. Your password should never be used anywhere else, or be associated with any other account or username. A truly strong and unique password will consist of the following:

  • Uppercase characters
  • Lowercase characters
  • Special characters (!#%$*)
  • Numbers
  • Longer than 15 characters

Use a phrase and incorporate shortcut codes or acronyms

Use a phrase and incorporate shortcut codes or acronyms, Let’s use the phrase “to be, or not to be, that is the question” (2BorNot2B_ThatIsThe?) By replacing the word “to” with the numerical 2 we’ve made the password more complex but still easily remembered. The word “Question” has also been replaced by adding a special character. Some additional examples are:

  • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question – from Shakespeare)
  • 4Score&7yrsAgo (Four score and seven years ago – from the Gettysburg Address)
  • 14A&A41dumaS (one for all and all for 1 – from The Three Musketeers, by Dumas)

If you are unsure if you have a strong password, try using a password checker. The link provided here is a password checker to test how strong a password is.
https://www.security.org/how-secure-is-my-password/

Multi-Factor Authentication

When you sign into your online accounts – a process we call “authentication” – you’re proving to the service that you are who you say you are. Traditionally that’s been done with a username and a password. Almost all online services – banks, social media, shopping have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but they all operate off the same principle. When you sign into the account (like a web browser) you need more than just the username and password. You’ll need a second thing – what we call a second “factor” to prove who you are.

To enable Multi-Factor Authentication here at NCFCU use these quick instructions. First log into the account. Navigate to the settings small gear icon in the upper right-hand corner of the page. Scroll down to Alerts and Security. Scroll down again until you reach the Two Factor Authentication portion. Here you can enable multifactor authentication and choose the authentication method. Members can have a text sent to their phones or an email sent. We also support Authenticator apps such as Google’s authenticator app.

Keeping Passwords Secure

Some additional ways to keep your passwords secure.

  • Avoid saving your password in your browser
  • Do not make your password something easily guessed (birthdates, children’s names, etc.)
  • Use a secure password manager, these can encrypt your saved passwords and suggest unique passwords to use
  • Use multi—factor authentication
  • Avoid websites that are not encrypted
  • Avoid public or insecure wi-fi connections
  • Reset your passwords frequently
Disclosures