Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • Cybersecurity Video
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Athens Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Athens
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

Why computer passwords are still a problem in 2019

January 29, 2019 By Andrew Smith

There was a recent article before the holiday break on the complexity of computer passwords.  The top “worst” password for 2018 was “123456.”  Close behind in second place was “password.”  They were also in first and second place in 2017.  Slightly more complex was “123456789,” in third place in 2018, with the one-character shorter version, “12345678” just behind in fourth place. You get the gist.

Passwords are one of the critical problems in cybersecurity today.  They are too easy to guess.  They are too easy to break.  All a hacker needs is your user ID (say, e.g. notsodifficult@password.com) and he or she can be off to the races in a matter of minutes invading your employee email account.  Likely he also will be able to raid many of your other online accounts (like shopping, online gaming and streaming video) because you thought your lame password was so tricky that it was worthy of reusing in your 10 other accounts.  The technical term for what happens here is an account takeover.  In this case times 10.  Re-using a lame password is problem one.

Problem two is social media. We are enamored with sharing information with our family and friends.  That is good. Unfortunately, we share too much: names, places you went on vacation, names of dogs and cats and other animals, even grandparents’ names and locations.  That is all good, except when those same names of places and dogs show up in your password.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/01/why-computer-passwords-are-still-problem-2019/154086/

Filed Under: Contracting Tips Tagged With: cybersecurity, email etiquette, password, security

Security tips for choosing and using passwords

April 12, 2018 By Andrew Smith

You probably use a number of personal identification numbers (PINs), passwords, and passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or into an online retailer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, but you’ve seen enough news coverage to know that hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using the access to your information to launch a larger attack.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world. Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of insecure and inadequate passwords. Once a system is compromised, it’s open to exploitation by other unwanted sources.

How to choose good passwords

Avoid common mistakes

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.

Although intentionally misspelling a word (“daytt” instead of “date”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to “Il!2pBb.” creates a password very different from any dictionary word.

Length and complexity

The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should  consider using the longest password or passphrase permissible (16–64 characters) when you can. For example, “Pattern2baseball#4mYmiemale!” would be a strong password because it has 28 characters. It also includes the upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—some applications limit the length of passwords, some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.

Dos and don’ts

Once you’ve come up with a strong, memorable password it’s tempting to reuse it ­– don’t! Reusing a password, even a strong one, endangers your accounts just as much as using a weak password. If attackers guess your password, they would have access to all of your accounts. Use the following techniques to develop unique passwords for each of your accounts:

  • Do use different passwords on different systems and accounts.
  • Don’t use passwords that are based on personal information that can be easily accessed or guessed.
  • Use the longest password or passphrase permissible by each password system
  • Don’t use words that can be found in any dictionary of any language.
  • Do develop mnemonics to remember complex passwords.
  • Do consider using a password manager program to keep track of your passwords. (See more information below.)

How to protect your passwords

Now that you’ve chosen a password that’s easy for your to remember, but difficult for others to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your office. Don’t tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords. (See Avoiding Social Engineering and Phishing Attacks for more information.)

Programs called password managers offer the option to create randomly generated passwords for all of your accounts. You then access those strong passwords with a master password. If you use a password manager, remember to use a strong master password.

Password problems can stem from your web browsers’ ability to save passwords and your online sessions in memory. Depending on your web browsers’ settings, anyone with access to your computer may be able to discover all of your passwords and gain access to your information. Always remember to log out when you are using a public computer (at the library, an Internet cafe, or even a shared computer at your office). Avoid using public computers and public Wi-Fi to access sensitive accounts such as banking and email.

There’s no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.

For more information on passwords, multi-factor authentication, and related password topics, see Supplementing Passwords.

Don’t forget security basics

  • Keep your operating system, browser, and other software up-to-date.
  • Use and maintain anti-virus software and a firewall.
  • Regularly scan your computer for spyware. (Some anti-virus programs incorporate spyware detection.)
  • Use caution with email attachments and untrusted links.
  • Watch for suspicious activity on your accounts.

Source: The National Cybersecurity and Communications Integration Center’s (NCCIC) – https://www.us-cert.gov/ncas

Filed Under: Contracting Tips Tagged With: cyber, cyber crime, cyberattack, cybersecurity, cyberthreat, DHS, password, phishing

Forgot password? Don’t worry, new service enables single login to multiple gov’t sites

May 26, 2015 By ei2admin

A new service lets users access multiple government websites using a single login – no password required.

MyUSA, a product of the General Services Administration’s 18F, is an account MyUSAmanagement service that consolidates interactions with government websites, according to an announcement last week.

Signing up with MyUSA also lets users track what they need to do with agencies, such as renewing a business license, and receive notifications about things they need to do, such as applying for a loan.

“In short, MyUSA is your one account for government,” the announcement states. “MyUSA appeals to a diverse group of users, each of whom seeks different information from the federal government and therefore visits different websites. Most people can find value in using MyUSA.”

Keep reading this article at: http://www.fiercegovernmentit.com/story/forgot-password-dont-worry-new-service-enables-single-login-multiple-govt-s/2015-05-21

Filed Under: Contracting Tips Tagged With: MyUSA, password, web resources

Recent Posts

  • The Navy gets tough on DFARS cybersecurity compliance
  • Wait! Wait! Don’t sign that!
  • Protégé subcontract revenues from mentor hold no basis for economic dependence
  • Are more FCA cases against small businesses on the horizon?
  • Big changes to the Buy American Act are coming—will they matter?

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

GSA takes next step towards consolidating multiple award schedules

OIG report: SBA’s all small mentor-protégé program falling short

Say goodbye to FedBizOpps!

SBA adjusts monetary-based size standards for inflation

DoD issues final rule restricting the use of LPTA procurements

Read More

Contracting Tips

The Navy gets tough on DFARS cybersecurity compliance

Wait! Wait! Don’t sign that!

Protégé subcontract revenues from mentor hold no basis for economic dependence

Are more FCA cases against small businesses on the horizon?

Big changes to the Buy American Act are coming—will they matter?

Read More

GTPAC News

SBA hosting access to capital forum Sept. 16th

Recent DoD contract awards (Aug. 15 – 28)

Georgia National Guard hosting Vendor Expo Day Nov. 14, 2019

GTPAC participates at National MBE Manufacturers Summit

Recent DoD contract awards (Aug. 6-14)

Read More

Georgia Tech News

President Cabrera’s First Week

Research, sponsored activity awards top $1 billion at Georgia Tech

Georgia Tech’s economic impact on Atlanta clocks in at $3.3B in 2018

Georgia Tech aerospace engineering graduate James McConville sworn in as Army’s top officer

Georgia Tech: A driver of economic development

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2019 · Georgia Tech - Enterprise Innovation Institute