In the pandemic ridden times we’re currently wading through - hygiene has become an extremely important issue to focus on. What has slipped under the radar though, is a person’s internet hygiene, especially when it comes to passwords and account security. Since the beginning of the covid-19 pandemic ransomware attacks have increased by 72%. When nobody is in the office all the security that is implemented on site has essentially gone down the drain. Sure, you’re connected to your office via VPN, but the attack surface has increased tremendously with remote work.
The question now becomes, what can I do to make sure that I don’t leave myself or my company vulnerable to some form of cyber-crime? The most basic step is to have a look at the security of your passwords. Enter CASMM (Consumer Authentication Strength Maturity Model), an easy and visual way to determine the hygiene of your passwords. The model starts from the lowest level of 1, up to the highest level 8. It’s very easy to see where you fall on the spectrum, and what the next steps are to improve your hygiene.
I must confess, that I was guilty of being at level 1 for a large amount of my passwords until about 2017. It wasn’t even that imaginative of a password just “n1cholas” which could be guessed by just about anyone, and a brute-force hack would probably conclude faster than most people can blink. I “graduated” to level 2 by making my passwords unique to the site they were for. For example, my password for www.randomurl.com would be “N1cholas@RandomUrl”. It’s probably not too much of a stretch to guess my Facebook password in the event of www.randomurl.com being hacked.
Level 4 is where the majority of my passwords now sit. I still use “n1cholas” as a password for sites I don’t care about. If any of them get hacked, they won’t be useful for anything I really care about. Users are fortunate that their most private and critical accounts, such as banking, are generally at level 6 without the need for impetus from the end user. Level 8 is a little scary to me if it was the de facto standard. I’m not sure about you guys, but I would like my thumbs to stay attached to my body.
A lot of people in the tech industry are quite aware of the problems of weak and shared passwords. Maybe we should all take some time to share CASMM with our loved ones, and those that are a little less tech literate. CASMM was created by Daniel Miessler, a cyber security professional from the USA.