Cappuccino Chat - Episode7 - Passwords

welcome to cappuccino chat where we talk a little Tec over a good cup of coffee today we're talking with Steve fields one of our help desk engineers about passwords everybody's favorite topic passwords or lack thereof or lack thereof there you so we are still finding some people who have no password and then the almighty famous password of God there you go that is one password is another one right we'll get a little creative so what are some things we're finding out there but when it comes to these passwords well we're still finding clients new clients I should say that have zero passwords absolutely no password whatsoever which is a major security flaw or if they do have a password as very as a dictionary password very simple like the word password I'm not even a capital P doesn't make a little bit more complex but we're finding those more and more lately and that's just a it's not a good way to to to do anything whatsoever we need to think about security when we're thinking about passwords the more complex the better the longer the better at least eight characters uppercase lowercase numbers and special characters that's a good rendition of it so one of the things we hear when we're talking people passwords a lot of times will tell talk to him about you know change your password over 90 120 days and is do I really have to another password so we understand there's a lot of passwords we have to remember and what you need to remember is hackers know this so the cyber criminals out there know that nobody likes changing their password or they wanted to do the least amount possible to change their password since they have so many so less being humans we're lazy right so we're going to reuse a password so if that password gets out in the wild and what I mean by the wild is so the dark web is not something that you just find in movies right so the dark web is real it is out there the cyber criminals share passwords sell passwords and sell this information so let's say you are on Amazon everybody shops on Amazon right I do so and almost all the websites use your email address as your username right so they're halfway there they've got 50% of information that they need to now login they just use your email password which I mean your your email address which most people can get off of your website your social media accounts it's all out there right sorry to put it everywhere we have to do business and people want to do business with you by contacting a lot of times via email so necessary evil we've got to give them our information but we don't have to do is make it easy on them so but people do that so we tend to reuse the same password so the name of your dog name your cat password so if that gets out there so let's say you're shopping on Amazon and something were to happen with Amazon or better yet Dropbox any of you use Dropbox out there for business it's it's a good tool but it's been hacked three four or five a dozen times I think over the probably last six years so your passwords out there in the wild get it correct you can get another things right so we've seen people click links and provide their passwords right on phishing scheme so brought about phishing not fishing that way but they're fishing for information with a pH so they ask them to put their password in a lot of people are falling for it actually putting their password in there have it several times my parents my mom yes my mother-in-law has is famous for doing this to the whole I called call Microsoft 1-800 number and Microsoft's never gonna have you call them but passwords are necessary even we've got to use them we probably all use 20 30 40 websites that we go to on a normal basis but your employees are out there using their work computer to do these things and a lot of times they we get robotic and we use our work address for doing stuff so Coachella and stagecoach was just here and I know in 2016 the people that put on stagecoach golden boys golden boys they were hacked so that information actually made it on the dark web we were alerted we offer dark web monitoring to alert our clients if that information comes up in their domain name so you know at your company name comm if that shows up we get an alert we let you know that the information out there and a lot of it was it specifically said on there it was from Coachella comm and people were buying tickets using their work address rather than a personal email address but reusing their work password the same one they used the log onto their computer was being used to the bottom at site so their informations out there so what are some ways we can help people come up with better passwords and easier to remember my personal favorite would be like a password phrase a series of words put together and replace letters with numbers and/or characters given up giving an example here if you're like I love Steve we could easily change this that's me Steve we can change that but a zero we can change the e to a three we can use threes here as well but a little character in it whichever we prefer just make things a little bit more difficult we still know what it says if we read it but just changing little characters here and there little numbers letters uppercase lowercase change this just to an L you can change the T to a plus sign something like that so as you can see it's very complex but yet you know Steve loves himself so he uses I love Steve with some stuff at the end now what we don't want to do though because if your password gets out there is use numbers at the end of it like two three things later right so if your password is the name of your dog so maybe you know dog's name one because that's the first time you used it you might be on rendition three but if this was ever hacked because of where you used it before remember this doesn't to be their office right so this doesn't mean their employees did anything wrong it doesn't mean the person helping them with their IT did anything wrong it just means that somebody that maybe they do business with that they gave that password to did something wrong so we find there's a lot of these bigger companies that have million dollar budgets are getting breached more and more and these passwords are getting out there and they're spending the time going after him because they know there's all these passwords out there right so it's gold out there they're out there mining for gold if you will so if they start seeing numbers at the end they may try logging on with your password and they're just going to change this and keep trying it until they get in so correct we don't want we want to make it a little more difficult form right so again use a passphrase you can use your dog's name just change it up a little bit right don't just put the year at the end of it maybe put some numbers or characters in the front numbers in the back and reuse it and maybe if you like that passphrase for the year you can do something with maybe the website that you're logging on to right sorry so at the end of it you know Steve loves himself there so instead of doing our special characters and let's say he was logging on to Amazon maybe he just puts a amz at the end of it but he knows it's I love Steve right so then when he's maybe going to his email he may put o365 for office 365 at the end of it so for the year he's working in maybe this is his phrase of the year but we change maybe what's at the end depend on where you're logging I'm doing try stuff right absolutely okay so so what's your opinion on password managers maybe to help them remember all their passwords what do you think password manager is good bad and different you don't use post-its use poster don't keep them under your keyboard or on your monitor we see that we still see that too today and it's just not a great idea keep them here so what about those automatic password managers that you install on your computer what you think I personally don't like them I keep all my passwords in my head and hopefully my brain remembers them yeah so I used to use a password manager but I had problems where the password manager the database it was keeping it and get corrupted so then I'm relying 100% on that database to remember it right and then it all goes bye-bye now you also got to remember right that typically those password managers need a password to log into them very true so you get the keys to the kingdom if you will if somebody was ever to breach that one password basically I think they gotcha different web browsers chrome we like Chrome for him and he's a little more secure than Internet Explorer and list up and it's got a password thing but if that file where it stores ID ever becomes compromised on your physical computer again they kind of got you so yep yes future all right so I hope think about using passphrase hope that helps it's a good way of doing it again you can use one for the year and then change maybe where you're going at the end so that you can always remember where you're at to depend on the website or what you're doing maybe payroll you're doing payroll maybe throw some dollar signs in there again the beginning or end and then next year come up with another passphrase or next quarter or however you want to do it the more valuable your data is to the person and what you're doing the more complex and more often I think you should change your password right so if you're just uh maybe a professional services company doing like plumbing and stuff like that you know it's almost probably not trying to hack you too much but your financial planner controlling millions of dollars of assets for some of your some of your clients right you're gonna want to come up with more complex and change that more often so this is cappuccino chat so we already took care of the tech part so what's your favorite cup kind of coffee what are you liking Starbucks so we're like no you come up with a couple different we're so sure which one I'd like the best though just so everybody knows say Steve really wasn't a coffee now or not at all hey um we have an espresso maker here so we started getting some good coffee we talked him into trying it and now he likes it more than those national brands we're not going to mention anybody by name of that kind of stuff so do you like a dark coffee medium pace you like to seattle-based company but since we won't go there we will just go this way instead I do like a little bit dark a little bit rich one of the some of the brands that you've purchased recently so we've got blue line coffee company or a Brewing Company we've got the black rifle Coffee Company and of course our local favorite here's of coffee with a KO a coffee with a K yeah that was actually I think actually my favorite that was your favorite but yeah the black rifle one and has some interesting flavors and I'm sampling sampling daily and then just cream and sugar yes not sugar but what is Stevie it was it stevia stevia that ones yeah absolutely that's a little bit better okay and of course it occasionally the caramel and chocolate drizzle I know if it's available you do like that if it's available I will try that all right perfect well we took care of the technical but now we took care of Steve's daily intake of caffeine daily intake of caffeine one a day so we've got knocked out so thank you for watching and we'll see you next time on cappuccino chat thank you you