Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

Password Policy Best Practices | 4 Ways Being Hacked Educated Me

Here at HackerAttacker, we talk a lot about how to protect yourself from hackers of all shapes and sizes (or colors, as it were).  What we rarely talk about is what it is liked to actually be hacked.  There are countless examples of various individuals being hacked (and we’ve talked a lot about some big company hacks as well), so you know it isn’t some rare occurrence.  Today, I’m going to talk about some password policy best practices I learned from being hacked myself, and how the experience changed the way in which I approach my online security.

Password Generator Using Words | Things to Know

We all know that hackers are out there and the worst of the lot want the key to our castle. In today’s world of online banking and VPN access to corporate accounts, there are many who say we are still using the wrong type of ‘key;’ one that is easily stolen and/or copied.  The password is still around though, for better or worse (though Microsoft is working on changing that soon, and with it comes the typical issues of forgotten passwords and account lockouts.  With the average help desk call costing around $25-$30 per call, a simple solution would be welcome in most environments.  Instead of just your typical self-service password reset solution; why not take a look at a password generator using words that the user has previously set? If you are interested in reducing help desk costs and empowering your users, read on after the jump!

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could. 

Simple USB Token Logon | Secure Authentication

Passwords.  Did you even read that word?  Passwords are such a staple of everyday life now that we hardly even recognize when the word even plants itself in front of us.  Half of the time, a website asks us to enter a username or ID and we immediately fill the blank space beneath it with a password.  We don’t even think about it.  That’s just the way things are now, especially with people.  Don’t you think it would be nice if you could login without a password though? Sure, it sounds simple, but what about the fallout surrounding the security vulnerabilities inherent in using no password?  Let’s talk about that after the jump!

Preventing Phishing Attacks | How to Protect Your Information Online

To this day, entering personal information online makes many of us feel uneasy. In fact, I sometimes find myself paying certain bills by submitting a hand-written check through the mail. In a personal attempt to prevent phishing attacks, it makes sense.  Now, some may call this old-fashioned method a waste of time. Maybe it's even being too paranoid or merely an under-utilization of technology’s modern-day user experience. What can I say, old-fashioned ways tend to have a better ability to prevent phishing attacks!