cyber safety — Using strong passwords that are at least 24 characters long and avoiding social media prompts for personal information can prevent a cyber security breach. (Photo by Todd Johnson, OSU Agricultural Communications Services)

It pays to be cautious when living online

Friday, October 15, 2021

Media Contact: Gail Ellis | Communications Specialist, Copywriter | 620-515-2498 | gail.ellis@okstate.edu

Much of the public lives online today, doing such tasks as shopping and banking to communicating with friends and family. While convenient, sharing information online is risky. October is Cyber Security Awareness Month, and there’s no better time for a reminder on how to play it safe in the digital landscape.

Password power

A password is the gateway to any account, and the routine practice of changing it is critical to protecting private information, said Isaac Wallace, a computer support specialist in the information technology department for Oklahoma State University Agriculture.

“Your bank accounts, credit cards, Amazon account, information on your credit score and more are all accessible with a password, so if someone were to get into your account, it could be devastating,” Wallace said.

It is tempting to choose a password for multiple accounts that’s easy to remember, but selecting the name of a family member, friend or pet is strongly discouraged.

“I can look at a social media profile and find a person’s birthday, family and friends just by doing a little sleuthing,” Wallace said. “Instead of words that are easily guessable, choose a unique, long and random password. It is exponentially more difficult for a hacker to crack a 24-character password with each additional character that increases safety.”

A password hacker can deploy several tricks to break a code including, one method called the dictionary attack. Words commonly found in many passwords are collected into a dictionary that hacking programs use first when trying to identify a password.

Passwords are compromised by both automated bots and humans and vary from major companywide breaches to one-off security attacks. Often, the private data that is stolen is sold and scattered across the internet.

To reduce the potential for password discovery, Wallace recommended using a password manager that can store all passwords in a safe and secure space online and even generate new passwords when suspicious account activity is detected. Apple products offer the Keychain password manager, and both Google and Firefox have options built into their systems, such as Google Password Manager and Lockwise. Bitwarden, 1password and LastPass are also commonly used.

“Password managers are a high-priority target for hackers,” Wallace said. “The password manager programs will encrypt the data for security, but you still need to create a good, strong password.”

OSU Agriculture IT recommends choosing a password of random phrases, rather than individual words, along with a capital letter, some numbers and a few symbols. Password safety practices also can include multi-factor authentication that requires confirming an account login on a second device. One other simple but smart way to boost account security is to pay attention to breaches in the news.

“If you don’t realize that a company where you have an account was hacked and you don’t change your password, it sits exposed online for a week, two weeks, a year or however long until you change it,” Wallace said.

Social media savvy

A password unlocks private information online, but what happens when a person willingly gives out the details through social media? In a blog post earlier this month, Levi Arnold, OSU Agriculture IT computer specialist, discussed how to safely use social media channels. Although there are several social media platforms, Facebook is often the biggest offender for hacking because it is such a commonly used medium.

“Facebook doesn’t delete information, so if security settings aren’t enabled, it’s easy to scroll back years and see a lot about a person’s life,” Arnold said.

Hacking on Facebook, for example, can involve multiple stages. If an account is compromised via a stolen password or the account password has been reset through one of the security questions, the account holder needs to reset their password or contact Facebook to lock down the account as soon as possible. Hackers might also try to mimic a Facebook user by setting up an account that looks like someone’s original profile.

“In that case, changing your password isn’t going to fix anything because it’s a completely different account,” Arnold said. “Contact Facebook immediately and explain that second account is not you and the profile needs to be deleted immediately.”

Unfortunately, when a breach in social media affects finances, bank accounts should be frozen. Afterward, the painful and long process of starting over begins — disputing charges, changing passwords and obtaining new account numbers.

Arnold said some employees at OSU’s county Extension offices fell victim to social media scamming when someone pretending to represent Facebook called and requested credit card information.

“Facebook is never going to call and ask for a credit card number or password,” Arnold said. “The best tip to remember when on Facebook and social media is to be a little cautious. If you see a weird post or someone sends you a questionable link, take a moment to ask yourself, ‘Why am I receiving this?’”

Never respond to online quizzes that ask for details on birthdays, friends, family and other life events, and never publicly share schedules or addresses. Arnold’s blog post in honor of Cyber Security Awareness Month covers more details on how social media users can protect their identities.

“It’s easy to take preventative steps, but once your information is out there, it’s almost impossible to retrieve,” he said.

Several cyber security safety blog posts are available from OSU Agriculture IT.