Recently, there have been numerous reports of successful hacking of popular websites allowing bad actors to recover personal information including passwords. In the case of LinkedIn, a well-known site for business networking, over six million passwords were exposed. Other sites were also successfully attacked, including eHarmony (1.5 million passwords exposed) and Last.fm.
You will not be surprised when I say that if you have a LinkedIn account (or any of the other sites I mentioned), I strongly recommend that you change your password as soon as possible.
This breach also exposes a further security risk taken by many Internet users: we have so many different accounts in different places that we begin to reuse passwords. While that makes it easier to remember how to get into those sites, when the password to one site is exposed, all those other accounts are also vulnerable. This is a good time to take stock of your various accounts (including CAP eServices) and establish unique, strong passwords for each.
You can find a lot of definitions of strong passwords – different sites, companies, and government organizations establish guidelines that suit their needs. I recommend the following:
Choose a password that is at least eight characters long.
- Use a mix of different character types, to include upper and lowercase letters, numbers, and special characters. (Check the password rules for each account – some sites, for instance, do not allow certain characters to be used.)
- Avoid using words that can be found in a dictionary. Brute force dictionary attacks expose user passwords every day. And yes, “password” is still among the most popular passwords.
- Consider creating a phrase that is easy for you to remember, and then use the first letters of each word in that phrase to generate a password. For example, “Weekly squadron meetings are way too long for me” could become “WsmRw2lfm!” (I recommend against using this particular example now that I’m publishing it.)
Please feel free to share any other password generation recommendations with me – I’ll be happy to summarize additional best practices for the squadron.
Cadets who are interested in learning more about cybersecurity should consider participating in the CyberPatriot program. As I’ve mentioned before, CyberPatriot is a national high school cyber defense competition that takes place beginning in early fall and CAP squadrons across the country are establishing teams today to have plenty of training time. We are still interesting in assembling a team for the Arlington Composite Squadron. Please see http://www.uscyberpatriot.org for more information and let your element leaders know if you’d like to participate.
As always, feel free to contact me with any CAP information technology-related issues.