Today, scammers are creating more effective ways of breaking into users’ social media profiles and email accounts. With this, trustworthy platforms increase their protection. For example, those who’d like to find more about in-play betting, should stay calm about their data because this website uses a high-quality encryption system. However, not all platforms ensure fantastic protection, and it causes some myths about cybersecurity. Here are the most common ones.
Passwords Must Be Updated Regularly
There’s a great analogy: “How many times a year do you have to change the heart of a house lock?” The correct answer is, “After you lose the key.” That is, the “insides” of the lock need to be changed if the key has been compromised. If it hasn’t been lost or transferred to another person, there is no point in it.
The myth that passwords need to be changed frequently was created by NIST specialists. Based on incorrect data, they developed NIST Special Publication 800-63B, which recommended alternating numbers, special characters, lowercase and uppercase letters, and changing passwords periodically. In 2017, NIST realized its mistake and rewrote the standard.
Often when changing a password, people simply add a number at the end. This does little to increase entropy (the fraction of chaos that makes a password secure). Entropy is commonly measured in bits but also in nits (natural units) or dits (decimal numbers), depending on the base of the logarithm used to calculate entropy.
If we have an eight-character password, this is 28 bits of entropy. At a thousand attempts per second, it would take three days to find such a password. Even if it consists of special characters, numbers, capital and small letters, it wouldn’t be difficult.
Letters and Numbers Are the Most Significant in Passwords
The main requirement of a password is its length. Of course, letters and numbers increase the entropy, but this is not crucial. If the password is long, it is already 128 bits of entropy. It would take a couple of thousand years to try to guess it at the same rate. Some might assume that powerful computers can do everything in fractions of a second, but that’s wrong.
Besides, there is two-factor identification. In this case, there is not only a password but also protection on the device itself or a security token. The combination of these two factors gives a stronger guarantee that your identity will not be compromised.
You Should Never Keep Passwords in Google Drive or Dropbox
You can safely keep a “database” file in Google Drive or Dropbox to be able to sync it between different devices. Even if that file leaks, you can’t open it without a master password.
There are paid managers, like 1Password. Or LastPass – it offers paid and free versions, it has a function of autofill fields.
There are applications for mobile devices, desktops and different operating systems. They store passwords in encrypted form. The encryption key in such applications is the master password. Such a password must be long.
Having the Same Password for Different Services Is the Worst Idea
Google, Facebook, or Microsoft are identity providers. On many sites, you can see icons for social networks or mail accounts in the login form next to the login and password system. So, to “log in”, you can come up with a local password for that particular site or sign in through an identity provider. In this case, Facebook or Google will represent master accounts for other resources.
Since Google has a handy two-factor authentication, it additionally protects your information.
You Must Never Post Discredatory Information
Social networks can make changes to the visibility rules for search engines. You should never post data that has to do with reputation or finances. It is important to remember that you should never insult other users on social media. In addition to ethics, such behavior is fraught with serious consequences: it can bring you physical danger (it is difficult to predict the behavior of the offended person) or cause a lawsuit.
As for the minimal basic information on the page, such as posting your real name, photo, year of birth, there is no need to hide it if you are a law-abiding person.
If you call yourself something particularly clever, you may not be found by a future employer, for example. It will be a missed opportunity for you. In some social networks, this makes no sense and is considered bad form.
Also, don’t ignore push notifications on your phone that a social media account has logged in on your behalf. Most social networks have this feature, but you need to install an app on your smartphone for it to work.
Antivirus Programs Ensure the Best Protection
In 2015, Symantec employee Brad Chakos, in charge of data protection, said: “Antivirus is dead.”
Yes, antiviruses are no longer reliable. Even by the most optimistic estimates, a good antivirus can detect only half of all threats. There is a term zero-day vulnerability, which refers to unresolved vulnerabilities and malware against which no defense mechanisms have yet been developed.
But antivirus should still be used. It’s like a seat belt in a car. It doesn’t guarantee 100% driver survival in an accident, but it increases the odds.