Monday, October 29, 2018

When it Comes to Passwords, Complexity is Key

Every time you open a new account or are forced to change your password, you’ve probably been prompted to make sure that your password is a strong one. These days strong is not enough. A complex password is what you need.

Attackers have easy access to programs that can attempt to “brute force” guess your password. If passwords are not complex enough, this can take seconds. You have undoubtedly heard that your password should contain at least one uppercase letter and number and be at least eight characters long. That is OIT’s standard for our state workforce, but this may not be enough. Special Agent Scott Augenbaum (Ret). of the FBI’s Cyber Crime unit devised an easy way to make sure that you have complex passwords.

A helpful practice is to use a sequence that makes sense to you for your passwords:

  • You pick one number and one special character (like *2).
  • Then you use that combination at the front and end of your password *2xxx*2.
  • You can use a sentence that describes the account you use, but only using the first letter of each word.

This way, you can create complex passwords, and all you need to remember is your number and special character and a simple phrase. Here’s a couple of examples of how it would work.

For an Amazon account, you could use ‘Love to shop at Amazon’ as the phrase + your number/special character combination, so the password would be *2Lts@A*2. If someone were to see this written down, it would not make much sense.

For Bank of America, you could use ‘This is my Bank of America account’ *2TimboaA*2 or ‘Love to bank at Bank of America’: *2Ltb@boA*2

Note: some sites or apps like Bank of America will only accept certain special characters. If they do not accept your default of * for this example, make sure to note that you have used a different one for that site.

This method will also ensure that you are not using the same password for multiple accounts. As you know, this is dangerous because if an attacker can find your one password, she or he could have access to more than one of your accounts.

If this method isn’t for you, you can also use password creating/storing apps like LastPass or One Password. The important thing to remember these days is that strong doesn’t necessarily mean secure, complex is the key for password security.

Today's blog comes from Chelsey Vance, OIT Risk and Compliance, Senior Risk Analyst.

Thursday, October 4, 2018

Trailblazing Southwest Colorado

Today's blog comes from Anthony (Tony) Neal-Graves, the executive director of the Colorado Broadband Office. Tony is responsible for driving the state’s broadband strategy and utilizing public and private sector relationships in communities across the state to support broadband expansion.

Did you know that some of the most beautiful stands of aspen trees can be seen in southwest Colorado as they turn in September?

As part of our goal within the Broadband Office to engage, encourage, and support local communities in their efforts to ensure residents and businesses have access to high speed broadband, I spent several days in the area hosted by Miriam Gillow-Wiles of the Southwest Colorado Council of Governments (SWCCOG). In many ways southwest Colorado is an original trailblazer in the development of broadband infrastructure through the Southwest Colorado Access Network (SCAN) project. In 2011, middle mile infrastructure was deployed with funding from DOLA to connect anchor institutions across all counties within the COG. As a result, the school districts, county, and municipal facilities have high quality access.

I visited Pagosa Springs to meet with town and the county administrator. They are working together along with neighboring Hindsdale County to finalize a broadband strategic plan in the next month. This was my second time in Pagosa Springs and it is great to see the steady progress. I also met with stakeholders in Durango, Silverton, and Cortez as well as officials from La Plata, Montezuma, and San Juan Counties. It is exciting to see the engagement across all these communities to solve their infrastructure needs with the support from the private sector and state government.

One of the highlights was my stop at Osprey, a global supplier of backpacks headquartered in Cortez. During my visit, it is clear that Osprey could not maintain its presence in Cortez without the access that they have to
reliable broadband services. It is also clear that there is a strong collaboration between Osprey and the city of Cortez to provide reliable services as well as recruit other businesses to the town.

Every community understands the need for high quality broadband and the impact it has on all aspects of life from education, to healthcare, to public safety, to economic development.  The strong commitment to bring high-speed broadband to towns throughout Colorado makes my job one of the best!

Wednesday, April 25, 2018

Do You Know Who Has Seen Your Data Today?

Social networks are all about sharing. But before the news broke about Facebook and Cambridge Analytica, we may not have thought much about the fact that it’s not just friends and family seeing our posts. We now know that what we click on, what we share and what we like is being used by people we don’t consider our friends.

Regardless of the ultimate implications for using Facebook and other social platforms, it’s important that users of social media understand what information they are sharing when they allow access to their social media profiles or log in to other apps using those credentials. While it is very convenient to log in to an app with your Facebook or Twitter profile, this can lead to you sharing more information than you might realize. In most cases it is only your email address and social media profile that is shared, but you could also be unwittingly disclosing the types of posts you like, location data and even information about your friends on the social media platform. As we’re seeing in the Cambridge Analytica story, this data can be used to present you with information that is designed to influence your opinion on a wide range of issues.

If you use social media platforms, you won’t be able to stop third parties from getting their hands on your data. But there are ways you can limit the amount of data that can be mined from those accounts.


Review your connected apps section of Facebook settings to see which apps are accessing your social media profile. Click on “Settings” and then “Apps and Websites”. Check the “Active” and “Expired” sections and remove the apps you know longer want to share your data with.  


On Twitter, click on your profile and then go into “Accounts and Privacy”, then click on the “Apps” tab. Review the permissions for each app and determine if you’re comfortable with the data you are sharing. 

Some other things you might want to consider:

  • Weigh whether the convenience of your login experience is more important than the information you’ll be sharing with the creator of an application.
  • Consider what you’re sharing online before you do it. As fun as it is for all of your Facebook friends to wish you a happy birthday, remember that date of birth is a method of authentication when you need access to something, such as your online bank account.
  • Be wary of taking every quiz and entering every contest that comes your way on social media or other internet websites. Many of these quizzes ask questions that are also used to authenticate you to various websites if you forget your password.
  • Turn off cookies (browsing data) on your browser.
  • Read what information the app will take when you download it!
  • Delete old social media accounts that you no longer use.
  • Install a tracker blocker. These are add-ons you can install within your browser. In some cases they may result in a website not working properly.
  • Install an add blocker. This is another add-on that can be installed on your browser.
  • Take the time to research ways to enhance the privacy settings across your social media accounts.
Using social platforms to connect with friends, family and for professional networking likely won’t go away anytime soon. If you’re going to use these platforms you should expect that the information you include is public, so don’t reveal anything you would not want publicly known. But if you take the time to review your accounts and make sure permissions are set the way you want them, you’ll be going a long way towards controlling your own data and only sharing what you want.