fbpx

How secure are your passwords?

Do you use any of these passwords? If the answer is yes, your computer could be hacked almost instantly.

This post is by Felix Jorkowski- Co-founder of Kalix and Head Software Engineer

From time to time, there are stories in the media about hacker attacks on websites or computer networks. You may remember last year, the computer network at a Gold Coast medical center was hacked and their patient files corrupted. Have you wondered how hackers gain access to systems like this? To put it simply, hackers look for vulnerabilities (or weaknesses in computer systems), they then use these vulnerabilities to compromise the system. These weak spots are often referred to as “security loopholes.” Today I thought, I would discuss a much-overlooked security loophole – you.

Weak Passwords

Can you guess, what is the most critical aspect of security in a cloud-based system? No, it isn’t using Anti-virus Software… It’s your choice of password! Yes, the hackers, were able to access the Gold Coast medical center’s server by hacking their password. I think this cartoon explains it well.

The hackers, of course, didn’t literary hit the medical center’s staff on the head! They either guessed what their login password was or used password cracking software to hack it.

The table below shows the amount of time it takes for password cracking software to generate every possible combination of letters for a given number of characters (courtesy of Lifehacker). Longer passwords take much longer to hack, 5 minute for a 6 character password to 4.5 years for a 10 character word. Likewise, passwords containing a combination of characters (uppercase, lowercase, and symbols) take more time hack compared to lower case only (from 2.23 hours to 2.21 years for a 7 character password).

Alternatively, some hackers just guess what a password is. You can have all the layers of encryption possible, but if your password is literally the word ‘Password,’ it will take a potential hacker just seconds to access your personal data. You’re probably wondering who would use something so obvious, but take a look at the list of the most popular passwords, do you use any of these? (courtesy of SplahData).

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12.  1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1

Sharing Passwords

Another common mistake is reusing the same password on multiple sites. I have to admit, this is something I’ve been guilty of in the past. I changed my practices after the social networking website LinkedIn was hacked last year. The hacker stole nearly 6.5 million users’ passwords. If someone looked at the list and found my email and password together, they would have had easy access to a number of my other accounts.

Unfortunately when sites do not follow best practices, or human error occurs, password leaks can occur. The only way to stop these leaks from spreading, is to have a different password for each service you use. Of course, actually trying to think of unique passwords for each site, making sure they are ‘strong’ passwords and then remembering all of them, is near impossible! Luckily there is a simple solution…

Useful Password Tools

I’ll give you a small insight into what my own personal passwords look like (of course these are not my actual passwords!)

Google – vBMEVdHtFMbPtm5aWpSCPTQRy

LinkedIn – hSTw@CJNyyxH@NB4GtdFn9drd

In total I have about 50 passwords like this, including my banking, email, business-related services – the list goes on. Using these passwords makes it almost impossible for anyone to break into any of my accounts, and if one account is compromised then I can rest easy knowing, my other accounts are safe.

These passwords are also impossible to remember, which is why I use a product called lastpass. This is a password manager generates long ‘hack-proof” passwords for all of my logins and holds them an encrypted format. The passwords can only be “unlocked” by a single ‘master password.’ But if you use a ‘weak’ master password, you are right back to where you started. The trick is choosing a secure password, that is also easy to remember!

There is a great site where you can create your own strong password out of four random common words: passphra.se. I recommend that you keep generating passwords on this site until you find one you can remember.

Single Sign-on + Two-factor Authorization

Some sites do security really well are Google and Microsoft. These sites offer a feature called ‘two-factor authorization.’ When you want to log in, you have the option of also entering a code that is sent to your mobile device. It adds an extra security step, as any potential hacker would also have to steal your phone to log into your account.

While Kalix does not offer ‘two-factor authorization’, we do offer you the ability to log into our site via these highly secure sites. This method of logging is called ‘single sign-on.’  Our Google, Facebook or Microsoft ‘single sign-on’, effectively sends you to the selected site to sign in and by doing so this, the site verifies your identity for us. By using this feature, you can get all the extra security of using ‘two-factor authentication’ plus the added benefit of not needing to remember another password!.

Protecting Your Clients

Ensuring your client records remain safe and secure is very important. At Kalix, we work hard to make sure we follow best practices in security. However, as customers, there are steps you must take to close ‘the security loop’.

  • Choose strong passwords: at least 8 characters (the longer, the better), with a combination of uppercase and lowercase letters, numbers, and symbols.
  • Do not choose commonly used passwords.
  • Do not re-use the same password on multiple sites.
  • Consider using a password manager to generate and store ‘hack-proof” passwords.
  •  Use ‘single sign-on’ for Kalix.

The Story of Kalix

This post is by Claire Nichols, Co-founder of Kalix and Accredited Practising Dietitian.
Hi everyone. I am very excited to be sitting here writing our first ever blog post. Well, I actually have to admit, coming up with a topic for the blog was a bit daunting. I mean there are lots of things to write about really, our new features, for example, but what I really wanted to do was to start with something a bit different compared to our newsletter. I so thought I would try to answer some of the big questions; who are we, what are we doing, how we got here and the meaning of life (well maybe not that one). So here goes…

Two years ago I would have never guessed, I would be a co-founder of a software company. My knowledge of IT was little to none. Sure, I could turn on a computer, make a Word document, google a topic, but I didn’t know where, to begin with making a blog, let alone a website. Then came a problem, followed by an idea and then an opportunity.

The problem arose just after starting my previous job as Early Intervention Service Dietitian in North West Tasmania. The position was funded with a special government grant, so there was a lot of pressure to measure and evaluate the effectiveness of my professional practice. Evaluating the effectiveness of dietetic practice, is easy enough, isn’t it? When you see a patient, you measure their weight and the next time you see them, you measure it again. If they’ve lost weight you’ve done a good job if they haven’t, you then haven’t…Hopefully, you are all screaming NO right now.

For the non-Dietitians reading this;

1) Dietitians do not only see patients for weight control.

2) Weight loss is hard! Improving overall diet quality, and improved patient health is what we want to achieve as healthcare professionals, right? But how does one measure healthy lifestyle?more active and establishing a healthy lifestyle are all positive achievements. They all result in improved health, irrespective of the amount of weight loss.

 The idea So I went about investigating how to measure and evaluate professional practice. I came across International Dietetics and Nutrition Terminology (IDNT) and the Nutrition Care Process (NCP). Well, actually I was using IDNT at the time and I had been since 2009 but only to write PES statements. There is a lot more to IDNT than PES statements.

For non-Dietitians NCP is a problem-solving method that Dietitians use to “think critically and make decisions that address practice-related problems”. IDNT is a “standardized set of terms used to describe the results of each step of the NCP model.” PES is a statement about the Nutrition Diagnosis or nutrition issue. Clear? If not that’s ok, I will talk about it more in future posts.

Why I like IDNT

  • There are lots of terms, getting to close to 1000 now I think (yes I actually like that).
  • They cover all the stages of the Nutrition Care Process (Assessment, Diagnosis, Intervention and Monitoring/Evaluation) i.e. initial and review assessments.
  • They include most factors in dietetics e.g. Food variety is a term, as well as Meal or snack pattern, Nutrition quality of life responses, Frequency, Consistency, Duration, and Intensity of physical activity and of course, good old Food intake, to name a few.

ideaSo my light bulb moment….because IDNT is standardized and covers all the data a dietitian would collect during initial and review assessments if I was to write all my patient documentation using IDNT then I could use a software system to track changes in the variables associated with IDNT terms. Tracking the changes in these variables would be an easy, sensitive and efficient way of evaluating professional practice. I could even use IDNT to evaluate the effectiveness of particular interventions by correlating Intervention terms with changes in the variables associated with Assessment and Monitoring/Evaluation terms.

By using IDNT I could evaluate my professional practice without having to spend extra time measuring, recording and analyzing data. The statistical analysis would be built into patient documentation and patient documentation is something I had to do anyway!

The problem was finding a software system that uses IDNT in this way. I needed a software system that supports quick electronic documentation using IDNT terms, tracks of changes in patient data over time and correlate changes in variables.

There must be something like that out there, right? No, not really. Why? My best guess is because 1) software developers are really really expensive to hire, and 2) actual building software with this functionality would take a long time.

 The opportunity- I was very lucky to have my own software developer on hand, Felix Jorkowski. So we embarked on this little project together and it has grown and grown.

So I might be the most unlikely co-founder of a software company but win or lose I am glad I took the risk to try something new. I will finish this blog with a quote which I think sums things up really well.

“You can’t make footprints in the sands of time by sitting on your butt. And who wants to leave buttprints in the sands of time?” Bob Moawad

References

Nutrition Care Process and Model Part I. The 2008 Update. J Am Diet Assoc. 2008; 108:1113-1117.

Nutrition Care Process Part II: Using the International Dietetics and Nutrition Terminology to Document the Nutrition Care Process J Am Diet Assoc. 2008; 108:1287-1293.