ZDNet's blog analyzes the tech media's response to the alleged hack of Dropbox and finds that many security recommendations offered by bloggers fall short. As it turns out, Dropbox was never hacked. Cyber criminals were only pretending they had 6 million passwords in an attempt to ransom Bitcoins from users.
When news first spread about a possible hack at Dropbox, everyone was quick to offer an opinion about password usage and lament the current state of cyber security. But the talking points about password security have little in common with best practices.
As with so many things in the tech world, when someone isn't doing their job, there's an opportunity for you – the IT contractor. Let's examine the hack that wasn't and review…
- What you need to know about password security.
- How small businesses can take advantage of new security-focused opportunities.
What's the Truth about Password Security?
You know all that advice you hear about having long passwords with little tricks that you can memorize? Well, it's only partially true.
In the media, when writers offer advice about choosing passwords, they do so assuming that a hacker is going to use a "brute force" attack to crack it. Brute force techniques involve a hacker running a cracking program that tries billions of different combinations of letters and numbers until something works. However, these attacks are becoming obsolete. Hackers are smarter than that.
In recent years, hackers have improved their password cracking techniques by…
- Compiling spreadsheets of common passwords and other passwords that they've discovered from previous hacks. When 145 million eBay passwords were hacked this summer, hackers undoubtedly added them to their lists. These password databases are called "rainbow tables" and allow hackers to crack passwords more efficiently.
- Modifying their cracking programs to combine words and add special characters to common passwords. In other words, substituting "@" for "a" won't help your password strength. Hackers are wise to these tricks.
The only sensible approach to password security is to require users to have a unique password comprised of a random combination of letters (upper- and lowercase) and numbers. Unfortunately, the average user would find these security requirements too extreme. And they're not the only ones.
Businesses are hesitant to require 2-factor-authentication or ask users to meet higher password standards. Most businesses don't want to make it harder for potential customers to create an account and log in. They believe if a user faces any hurdles, they'll simply turn away from the website and move to a competitor.
While larger competition might be tentative to increase their security requirements, small-business IT consultants might be able to find a niche by catering to the security-focused market.
Small Business Opportunities: The Next Wave of Data Security
While Internet giants are hesitant to require increased security, small businesses can…
- Take advantage of their smaller customer bases.
- Market their services as security-focused.
- Require stronger passwords and login protocol.
Remind your clients that being a small business has its advantages. In the same way that customers like the atmosphere of a locally-owned restaurant, smaller information technology businesses can differentiate their services by offering more security for customers who want it. For instance, you could help your clients migrate to password managers, switch to complex and randomized passwords, and increase their user-level security.
Customer safety and security is becoming a strong marketing point for tech businesses, so don't miss out on this potential growth.
