Skip to main content

Passwords 101 – A lesson from Sony

By December 30, 2014Security

Passwords 101 – A lesson from Sony

Sony was attacked by a group of hackers very recently. Sony is a company that is worth billions of dollars. No matter the who, how, why, this attack revealed something very interesting. After Sony was breached, the hackers copied a lot of data from their servers and then leaked most, but not all of that data online to various websites. A lot of curious people downloaded the leaked content. Amongst the leaked info were actor salaries, email messages between actors and agents, and then password files. Password files with no protection. Password files named as “Passwords”.

It shouldn’t have to be mentioned, but it looks like it needs to be. Whenever you store sensitive information, such as a list of passwords, do not label that file as obscure as “passwords”. Doing that screams “Hi, I have sensitive info right here, steal me!”

The best way to store a list of passwords would have to be inside a program which keeps a database, protected by a password. Something like KeePass, which is a free program.

Passwords 101 - A lesson from Sony

Choosing a password is easy, choosing a password that’s complicated and which you can remember is hard. Complex passwords include a combination of around 8 characters or more, upper case letters, lowercase letters, numbers and special characters. Special characters are dollar signs, ampersands, percentage signs. An example of a weak and complex password is such as, “g4nsisgreat” vs “G$Ns1sGr8t”.

If you use KeePass on a regular basis, you should know KeePass includes a password generator, which creates complicated passwords. There are websites which can make a randomly generated password for you. These random passwords have nothing to do with your company or the person using the password, giving a smaller chance of someone guessing the password.

Here are three websites which can create safe, randomized passwords for you,

http://strongpasswordgenerator.com/

http://www.random.org/passwords/

https://identitysafe.norton.com/password-generator

As we said before, never store a password file, unencrypted, and with a generic file name such as “passwords” This also applies to personal information, such as people’s addresses, social insurance numbers. Personal information should be handled with more care than passwords. At the same time let’s not forget the personal information laws such as HIPPA and PIPEDA.

We’ve mentioned KeePass as a password manager, this program is great if you only plan to access the passwords from one pc, and by one person, as it’s not very multi device and multi person friendly. LastPass is another popular management utility along with 1Password. You just need to decide which one suit you best.

Have a happy and great new year, from the G4NS staff!