Why the Panic over Passwords?

I’m old enough to remember working with Windows NT3.1 and then the excitement of Windows95. I started up my computer and no password was required.

Windows 95

I think my AOL email was the first time I needed to come up with a password. It made sense to come up with something memorable (my son’s name)  that I could use every time so I would never forget. This plan felt brilliant at the time. 

My, how the world has changed. As personal and professional information moved to the cloud, the temptation to use and exploit that information created a new set of criminal enterprises.

And hacking was born.

A hacker uses technical knowledge of bugs or vulnerabilities to exploit weaknesses in computer systems to access data that they otherwise wouldn’t have permission to view. Arguably the biggest hack in history happened back in 2013, the names, birthdates, email addresses, passwords, and security questions and answers of all 3 billion Yahoo users were compromised. 

It is beyond the scope of this article to provide guidance for investigating and prosecuting security hacking, however, I can provide a few steps that people can take to protect themselves and the data that they access.

Check your email and common passwords

https://haveibeenpwned.com/ is a website that will let you know if your email or phone number has been part of a data breach. When I checked my work email, I found that I had been part of 11 different data breaches. When I check my previously used standard password at https://haveibeenpwned.com/Passwords, I find the following results.

If your passwords have been part of a data breach, you should change them immediately. There are other ways that passwords are compromised, such as brute forcedictionary attacks, and phishing. These techniques to access your data can create lead to the exploitation of your personal or professional information.

What to do?

Giving up cell phones, computers, and the internet is not a very practical solution unless you are ready for some “off the grid living” without the need for credit cards, utilities, and Amazon Prime. If you still want to participate in modern technology and binge Netflix on the weekends, then a little vigilant attention to your passwords goes a long way to keeping your information safe. 

  • Do not use the word “password” as your password. 
  • Length is the most critical factor. The experts recommend nothing shorter than 15 characters. Even a short random password (like 3UxL7hci) can be hacked in about an hour.
  • Use a mix of characters (upper-case and lower-case, numbers, and symbols). A site like How Secure Is My Password? will allow you to check how easy your password might be to hack. 
  • Avoid common substitutions. The hacking algorithms know that many of us replace an E with a 3, an L with a 7, and an @ for an a. 
  • Have a different password for every website, service, or application.

Password best practices

Use a Passphrase – Multiple word phrases are considered to be one of the most secure and easily remembered options. WhalefromAK2o21Vacay^^ is a memory for me about an Alaska vacation. It’s something that would be easier for me to remember than 3U%xL7*8J – a password that would be truly random. 

Use a password managerPCMAG Best Password Managers This article is a place to start looking at ways to manage your passwords. Password managers will also generate random passwords. There is a bit of irony in putting all of your password eggs in one basket, but that is less risky than using the same password everywhere and much less hassle than having to reset your password every time you can’t remember. I have logins for hundreds of websites and software applications. I can’t remember what I had for breakfast yesterday, much less the site where I order my turkey once a year at Thanksgiving. Greenburg Smoked Turkey

Two Factor Authentication (2FA). Having a second authentication is another way to ensure that it is you accessing your account. If a website offers this functionality, enable it. The time to receive a text with an authentication code on your phone or email is worth the extra security it provides.

Next Steps

How would your Cardinal Badge RMS, CAD911, or Court password survive a hacking attack?  The data in law enforcement systems are personal, private, and protected by law. Check your password against the sites above to see if it has been compromised and if it could be easily hacked. 

If you need to change your password in your Cardinal software, it’s easy to do:

Change password
Password window

Enter your Current Password and then put in the New Password and confirm it. 

Don’t forget to check other network and computer passwords within your agency. Your network admin password or windows passwords can give access to a tremendous amount of protected information. 

Password security is an annoying and necessary part of protecting ourselves and our citizens from data theft. Just as we would take a few extra minutes to secure the physical tools of the trade (our weapons and equipment), we need to take the time to secure the informational tools as well.

If you have questions about updating your Cardinal password, please contact our support team at 800-285-3833 or email [email protected]