Password Security Matters
February 26, 2020
When many people think about password security, they think about making it hard for a human to guess their password. Many internet users have moved away from the famous "password123" as their password, because they realized it was too easy to guess. They became creative and changed the case to a mix of upper and lower case letters, and changed some of the numbers to symbols. Check out my new password of "Passw0rd1@#".
Ok, that's harder for a human to guess but what about computers? Would you believe it's only slightly harder for a computer to guess that? Computers can use a brute force method of guessing passwords. Computers don't mind spending all night long trying different password combinations. So in this example, the new password only requires the computer to also try upper case letters and symbols when trying every combination. For instance, for the first letter it will guess A-Z, a-z, then 1-0, and then all of the symbols. If it tries all of those combinations, it will be successful guessing the first letter sooner or later!
How do you slow down a computer from guessing your password? Add more characters. Adding characters increases the number of combinations exponentially. Consider a password of 3 or 4 words, one that make you smile but isn't a common phrase.
What else can be done? That's a great question. Web based applications like eTherapyDocs can help! We watch for brute force attacks, and lockout suspicious login activity permanently. We have also enhanced eTherapyDocs to allow our practices to utilize two-factor authentication.
Two-Factor authentication adds an extra security layer for your users. Two-factor authentication (2FA) means your accounts require information beyond username and password to confirm you are who you say you are before you can get into the accounts. The "second factor" comes in after you enter your username and password, which are considered to be the "first factor. " eTherapyDocs sends a txt message to the therapist's cell phone with a temporary code that is required for them to confirm their identity and access our system. Hackers can guess passwords all night long, but without access to the special code sent via SMS, they will be unable to access your accounts.
For your non-eTherapyDocs internet passwords you should check out this great article that we posted on the eTherapyDocs Facebook page which links to a great article about using a password manager to help manage your passwords, that was posted by malwarebytes.