Home Computer Security

History of the Password

Over the last 20 years, cyber security has become a concern for business and individuals alike. Personal computers, tablets, and smartphones have revolutionized how we interact with almost everything. With a few clicks of a mouse, or swipe of a finger, we can buy clothing, book flights, reserve hotels rooms, deposit checks, pay bills; there isn’t anything we can’t do from the comfort of our own home.

Our personal information is stored, somewhere, by a seemingly uncountable number of vendors, institutions, and web sites. Unfortunately, cybercriminals are adept at using software to invade our home computers or smart phones to extract our personally identifiable information. Criminals also seek to install ransomware, locking corporations and users from accessing computers.

Just as we secure our homes with a lock on the front door, we also need to secure our online identity, our most basic protection is the humble password. The password in combination with an email address or username, identifies the authorized user of frequently accessed sites or apps and any retained personal information.

Too often, we underestimate the importance of passwords, selecting something easy to remember rather than difficult for an attacker to break.

In this multi-part series, we examine various security threats from personal computing and techniques to best protect yourself from the dangers of criminals wandering the internet looking for victims.

History of Passwords

Passwords are secret data, typically an arbitrary string of characters which include letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN). A key attribute in picking a password is to select something which is hard to guess, so a password may be composed of multiple words, separated by spaces: a passphrase.

The longer the password (or phrase) the harder it is for software password-breakers to reveal the actual password.

Passwords have been in use for much longer than the internet or computers. There are historical references to the use of “watchwords” in the Roman military. Sentries challenging anyone wishing to enter an area to supply a password or watchword, only allowing entry upon hearing the correct password.

Passwords were used by the military over the years, evolving to include both a password and a counterpassword. During World War II, GIs would challenge any individuals entering an area with a password, to be replied with a counter password.

The first time a password was used in computing was 1960 at MIT. The university had a large mainframe computer to be shared by numerous researchers. Each shared not only the mainframe but a single disk file as well. The password was developed so users could access the computer for their allotted time (in 1960, computing resources were severely limited) and only have access to their own specific files.

The first time a computer password was hacked was also 1960, when researchers started using others’ passwords to gain more computer time.

Though the password is a less than perfect approach to security, it went on to become the go-to method for computer security due to its simplicity, which is also a disadvantage.

Attempting to reduce the password disadvantages, a cryptographer at Bell Labs devised a technique called “hashing” where the entered password values were converted to numeric output which could be used to compare to an entered value to validate the passwords but could not be used to reverse engineer the password.

With hashing, the actual password is not stored, only the numeric values to validate the password entered matches. Hash functions used in cryptography have the following key properties:

  • It’s easy and practical to compute the hash, but “difficult or impossible to re-generate the original input if only the hash value is known.”
  • It’s difficult to create an initial input that would match a specific desired output.

Thus, in contrast to encryption, hashing is a one-way mechanism. The data that is hashed cannot be “unhashed”.

Additional layers of security include “salting”. Modern password databases to further protect a password by inserting random data with the password, then hashing the resulting values.

Another security technique is “encryption”, where a key is used to convert a set of entered values to something which appears to be meaningless, but which can then be unencrypted. This technique is only used when the password or pass phrase must be known and reviewed for validation.

In our next installment we discuss how customers can increase their security.

Aspen Insurance Agency is a family-run business in Denver, Colorado servicing clients nationwide. We work with multiple insurance carriers to offer our customers a wide variety of risk reduction coverage at the lowest possible cost. We offer a wide range of personal, auto insurance, commercial and professional insurance to residential and commercial insurance customers enabling the cheapest rates available. Call to speak to one of our professionals for home or business insurance and see how painless insurance shopping can be.

Small Business Cyber Losses

It should be no surprise that cyber-attacks are on the rise. Many small business owners may feel they do not need to worry as cyber losses “only” affect large companies. Though, nearly 60% of small business owners have had data compromised, experienced a security breach, or both. This is according to a survey by The Identity Theft Resource Center (ITRC).

25% of survey respondents reported an incident in the past 12 months. 54% experienced a cyber event during the past two years. These survey findings confirm that small businesses are frequently targeted. Hacker attack methodologies are automated searching any publicly accessible website (and what company does not have a public-facing site?) for a possible entry point.

Not only have more than one of half survey respondents experienced an incident; three-fourths reported more than one cyber event and one-third have had at least three, the center reported.

Cost of Cyber Recovery

Survey results also show the cost of recovering from cyber events: 44% of small businesses spent $250,000-$500,000 to cover the costs, while for 14%, the cost to recover was between $500,000 to $1 million. For many small business owners, having the capital to cover these expenses required 36% of businesses owners to borrow, 34% to raid cash reserves. Less than 30% turned to their cyber insurance to help cover the expenses.

More than 40% of businesses needed one or two years to recover, while over 25% said it took three to five years to recover.

While hackers and external threats launch most incidents, the survey found only 40% of breaches were a result of external actors.

Malicious employees and contractors accounted for 35% of incidents, while remote workers were responsible for 25%. Third-party vendors, failure to secure cloud environments, software flaws, and phishing schemes were also leading causes. The source of 3% of data and security breaches is unknown.

Small business owners should take positive steps to combat the threat of hacking and protect the business from external and internal threats.

Aspen Insurance Agency is a family-run business in Denver, CO servicing clients nationwide. We work with multiple insurance carriers to offer our customers a wide variety of risk reduction coverage at the lowest possible cost. We offer a wide range of personal, auto insurance, commercial and professional insurance to residential and commercial insurance customers enabling the cheapest rates available. Call to speak to one of our insurance advisors and see how painless insurance shopping can be.

Microsoft Security Warning

Urgent Security Warning: Update Your PC Immediately

As a family-owned insurance agency, we believe it is our responsibility to help our clients reduce their risks. We assist with coverage for auto, home, business and offer services to our clients to periodically review their portfolios identifying areas where our clients may be at risk.

We extend that dedication to reducing risk beyond their insurance coverage feeling the need to alert clients and potential customers of risks for which we may not be able to provide coverage in their personal lives, including their online presence. Microsoft is urging all Windows users to immediately install an update after security researchers found a serious vulnerability in the operating system.

PrintNightmare Threat

The vulnerability, known as PrintNightmare, affects the Windows Print Spooler service. Researchers at cybersecurity company Sangfor accidentally published a how-to guide for exploiting it. The researchers tweeted in late May that they had found vulnerabilities in Print Spooler, which allows multiple users to access a printer.

The researchers published a proof-of-concept online by mistake and subsequently deleted it — but not before it was published elsewhere online, including developer site GitHub.

Microsoft warned that hackers could exploit this vulnerability installing programs, viewing, and deleting data or even creating new user accounts with full user rights. This could give hackers enough command and control of your PC to do some serious damage.

Affected Windows Programs

This vulnerability effects Windows 10 and Windows 7, however Microsoft ended support for Windows 7 last year.

Even so, Microsoft issued a patch for Windows 7, a 12-year-old operating system, which emphasizes the severity of the PrintNightmare flaw. Updates for Windows Server 2016, Windows 10, version 1607, and Windows Server 2012 are “expected soon”.

The good news is that the current security update contains fixes for previous security issues as well.

In the last year and a half, Microsoft encountered multiple security alerts. Last year they were alerted by the National Security Agency of issue with the operating system that allowed hackers pose as legitimate software companies. Earlier this year, it was discovered that Exchange (Microsoft’s email and calendar services) had multiple vulnerabilites that allowed hackers to access servers.

It is important to note that Microsoft has not released a patch for Windows 11, its newest operating system, which is currently available only to beta testers.

How To Update

It is strongly recommended computer users allow Windows to automatically download and update Windows. If you are not sure if your computer has adopted the patch, type “update” in the search bar on the bottom left side of the Windows home screen. This will bring up a screen with a message stating: “Check for updates”. Clicking on that message will instruct your computer to show available updates, with the option to download now (recommended) or later.

Given the well-publicized attacks of the last few weeks, we should all reduce our risk by installing this update as soon as possible.

Aspen Insurance Agency is in Denver, CO, and services clients nationwide. We are a family run business working with multiple insurance carriers to offer our customers the coverage they need at the lowest possible cost. We offer a wide range of personal, commercial, and professional insurance to residential and commercial customers enabling the cheapest rates available. Call to speak to one of our insurance professionals and see how painless insurance shopping can be.