Mobile Security, Part I: Tips to Develop a Strong Password


Identity theft and online account security is a popular discussion amongst users of mobile devices.  It’s a hot topic because computer hackers are constantly finding new ways to scam the everyday user.  As technology continues to grow, the potential for security risks online will also increase.  Just last week, many consumer sites announced the discovery of a serious security flaw called the “Heartbleed bug” affecting the website encryption software  protecting the sensitive personal data of millions of web consumers.  According to, companies with popular sites such as Google, Facebook, Instagram, LinkedIn, Pinterest, Tumblr, Twitter, and Yahoo acknowledged the Heartbleed bug last week, and issued a security patch to fix it.  (The same article also lists these sites as potential Heartbleed victims: Etsy, GoDaddy, Flickr, Netflix, Soundcloud, Dropbox, OKcupid, Wikipedia and Youtube.)   The affected companies urged users to change their passwords immediately in order to remain secure on their sites.  Heritage also encourages users to change their online passwords regularly in order to protect sensitive personal information.  Whether on a laptop, tablet, or mobile phone, the first line of defense against hackers and other potential security risks is a strong password.

In their post, “Tips for creating strong passwords and passphrases,” Microsoft says a strong password is a code that has 8 characters or more and contains both uppercase and lowercase letters, a numerical character, and a symbol.  It is best to avoid using your username, real name, company name or other publicly available information in your code.  Unfortunately, hackers have all the tools on their side to help crack your code. To develop a strong password, first make sure it does not contain a word from the dictionary.  If you use an English word for your password, Microsoft suggests substituting numerical characters for some letters in the word to meet the strong password criteria.  In their example, Microsoft says the password “Hello2U!” meets all the criteria of a strong password but would still be considered weak because it contains a complete word.  A stronger alternative password suggestion is “H3ll0 2 U!” because it breaks up the real word with numbers and spaces.

There are many methods for developing a strong password, but at Heritage, we prefer to develop a strong passphrase instead.  A passphrase is just a series of words that create a phrase the user can remember easily.  According to Microsoft, a strong passphrase contains at least 20-30 characters, and does not contain common phrases found in literature or music, like song lyrics or a line of poetry.  As with passwords, it is more secure if the passphrase does not contain your username, real name, company name, any repeats of prior passwords, or personal information that is publicly available.  The long phrase creates a more complex code to help protect the user’s sensitive information.

Another challenge to users is the amount of passwords individuals are expected to remember for different apps, websites, personal online accounts, business account access, and sometimes also school account access.  It is not recommended to store sensitive information on your mobile device, so how does one record that information for reference while still maintaining separate passwords for security purposes?  In our next post, “Mobile Security, Part II: Managing your passwords securely,” the experts at Heritage discuss safe ways to store your log in information.


By: Lacey Rickert, Marketing Director, HCCS, Inc.

Read More about the Heartbleed Bug here’s “Heartbleed Hit List” of affected sites

Windows 8.1 Users must update before May 13th, 2014 to avoid security risks

Attention Windows 8 Users

Microsoft released a new update for Windows 8.1 earlier this week that has some users disgruntled. According to Microsoft, Windows 8.1 users will not receive security patches or any other system updates in the future unless they download and install this new update before May 13th, 2014. Users who choose not to deploy the update will be at risk for security issues on their systems, and ineligible for future patches and feature enhancements. The update requirement only affects Windows 8.1 users.

Users who utilize the automatic updates feature on their Windows device should already have the update downloaded and installed since it became available April 8, 2014. If you aren’t set up to install updates automatically, you will need to look for the update KB2919355 specifically, and download and install it to your device. The deadline to download and install this update is May 13th, 2014. Microsoft offers assistance with device updates in most of their store locations.

By: Lacey Rickert, Marketing Director HCCS, Inc.