IronKey

Mobile Data Security Blog

Home  »  2013  »  March

by

Bring out the heavy hardware to protect passwords

Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats

As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.

Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.

With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:

  1. Passwords must be longer, stronger and un-guessable
    Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure.  It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.

    • Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
    • To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
  2. Remember Personal Information is Out There
    With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
  3. Use Hardware Encryption to Combat Advanced Software Threads
    Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.

And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.

by

The 4 Benefits of USB 3.0—Are You Ready For This?

The USB flash drive is back. Often an afterthought in the buzz about BYOD, USB flash drives is once again becoming increasingly indispensable tools for the mobile worker.

What’s driving the resurgence of the USB stick?

  1. Windows To Go – Windows 8 Enterprise features Windows To Go, which lets you create a bootable, full featured Windows 8 desktop that runs securely from a certified USB drive. The solution is ideal for teleworkers and contractors who might want to use their own compatible computer setup but in a secure corporate environment. 
  2. Speed – Compared to the 12 Mbps speed of USB 1.1 and the 450 Mbps of USB 2.0, the “SuperSpeed” interface of USB 3.0 tries to live up to its name with a theoretical 5.0 Gbps (5,120Mbps) of bandwidth.
  3. Power – With a constantly expanding list of accessories and portable devices, bus-powered hardware has been pushing the limits of what USB 2.0 could handle. First, the 3.0 specification allows up to 80% more power consumption for devices running at “SuperSpeed.” Second, USB 3.0 includes an enhanced version of the USB-B connector called Powered-B, which allows USB accessories to draw power from peripheral devices, as well as hosts.
  4. Crossover Connection – In trying to establish a more robust ecosystem of USB devices, new features are implemented in the USB 3.0 to allow for cross-communication between hardware. USB 3.0 includes an established method of host-to-host communication through a crossover USB A to USB A cable. Additionally, USB 3.0 builds on the “USB On-The-Go” principles of allowing portable devices, such as smartphones, to act as either a USB device or a USB host, increasing their feature set and usability with existing USB devices.

It is this speed and power that make USB 3.0 drives the platform for USB drives certified for Windows To Go. Using USB 3.0 drives like our IronKey Workspace deliver a seamless experience booting and running Windows and productivity applications from a USB drive rather than the internal hard drive. This next iteration of the USB is really exciting as increased speeds, power and connection will prove beneficial to the mobile workforce.