As part of the July 4 activities, a hacking group known as ObamaCare posted 9,948,575,739 unencrypted passwords to the internet in a file titled rockyou2024.
This list of passwords comes from a combination of old and new data breaches.
Data breaches are now seeming like an almost daily event with more and more passwords being ‘broken’ on a regular basis. What does this mean for you in terms of protecting the Protected Health Information (PHI) you are responsible for as well as protecting your private data?
You always want to follow good password security policy which includes:
- Change your passwords on a regular basis – at least once a year for ALL of your accounts
- When changing a password do not just append a 1 to the end or a password or change the 1 to a 2. Come up with a totally different password
- Do not use the same password for each site, if you do then if one of your passwords is compromised then all of your passwords are compromised
- Use a strong password that contains numbers, uppercase characters, lowercase characters, special symbols and is at least 8 characters long. Many sites now require 12-character passwords
The question becomes How do I do this and remember all of my passwords? I have a method that I will share with you.
Step 1 Choose a phrase. This can be the title of a song you like, the name of your favorite artist or sports figure, the title of a book, anything of that nature that you will remember
Step 2 Do ‘substation’ , for example replace the letter L with a number 1 or an exclamation point character, replace the letter A with the @ symbol.
Step 3 Somewhere in the password add in and remove some characters that relate to the account. For example, of adding if you are creating a password for your AMAZON account you may want to use the first and third letters of the account in this case AA The last letter of AMAZON is “N” so remove all of the N’s from the password
Let’s go through this exercise. As our phrase will use the title of our National Anthem (the hack happened on July 4 after all. We have starspangledbanner as our base
For Capitalization we will capitalize the LAST letter of each word we now have
staRspangleDbanneR
For substitution we substitute $ for the first s, & for the g and 2 for the b (second letter in alphabet) so now we have
staR$pan&leD2anneR
For adding in the site name we add the AA after the first word but we do it with substitution so we add in @a so now we have
staR@a$pan&leD2anneR
If the password was for our EHR system, we would add in ER we might make this 3R that would give us
staR3R$pan&leD2anneR
Finally remove the N’s
staR3R$pa&leD2aeR
This may seem complicated but once you create a formula you can use it to create a unique password for each site, that as long as you remember your formula will allow you to ‘figure out’ your password for each account you have.
By changing your password for all accounts each and every year, when large password breaches like this are published, only you old passwords will be made available to hackers, and they will not be able to use them to break into your accounts.
Even better security is achieved by utilizing what is known as Multi Factor Authentication, in fact HIPAA guidance documents from the government strongly recommend Multi Factor Authentication (MFA) whenever available. MFA is getting a code texted to your cell phone, or emailed to you, or from an authentication application that you need in addition to your username and password to log in. These codes typically change every 60 seconds. This way even if somebody has your username and password, they still do not have that third factor necessary to get into your account. Whenever a site or service that you log onto enables you to turn on MFA turn it on. These days more and more sites that store sensitive information either require MFA or make it an option.
TLD Systems will be hosting a free webinar on the changes to the HIPAA rule on July 10, we will also include a discussion of password security in that program. To register for the program, click the link: https://attendee.gotowebinar.com/register/4354844939398526813
Read Comments