Are your passwords safe in Thailand and the World?

[webfact]

 

ASEAN NOW Op-Ed

As we keep reading in the media, crimes committed in the virtual world have intensified in both form and their frequency.

Apparently, Cybercrimes could cost the Thai economy BTH $286 billion, which is a worrying 2.2% of the country’s total GDP. 

The dramatic rise in damage costs demonstrates just how we are all attacks in Thailand. 

In fact, Thailand is facing a cyber-security expert shortage right now. 

Its digital economy is developing too fast with few experts to compensate for the change. This leaves companies and the public wide open to cyber threats.

The Thai government set up their CCIB in September last year and equipped the Royal Thai Police with some advanced crime-busting weaponry. 

Constantly on the lookout for cyber-crimes, the bureau's jobs include keeping a step ahead of cybercriminals, trying to gather clues in criminal cases, both on- and offline, and acting fast to catch the culprits in the real world.

Already the CCIB is working on 2,480 cases involving 3,020 suspects. 

On average however, this bureau only manages to arrest just ten suspects cases a day which is really just a drop in the ocean.

The CCIB's tasks can be summed up in five areas: online fraud and call-center frauds, illegal trade of prohibited items, violation of cyber security, exploitation of children and women and pornography, and online gambling.

So, are you doing enough?

Many ex-pats also need to ramp up online security, so here's how to pick strong passwords 
As most of us Expats now rely on online transactions to run our daily lives, are we taking unnecessary risks security-wise?

 

Keep up to date with all things Thailand - Join our daily ASEAN NOW Thailand Newsletter - Click to subscribe

Many of us are still behind the times when it comes to our own security, even though experts have been warning us for years about the dangers of bad digital behavior.

 
Research into common passwords worldwide, for instance, reveals that many people still use known, popular passwords, which are the digital equivalent of sitting ducks. 

Poor passwords

So how do weak passwords put you at enhanced risk review a few password essentials? 

Weak passwords represent a significant security risk. 

Threat actors have a vast array of tools at their disposal, including brute force and dictionary attacks, which can easily crack weak passwords and passphrases. 

Once these passwords are cracked, cybercriminals have access to your accounts, which may include sensitive financial or personal information.

It doesn’t matter where the criminals are from, either. You can be attacked from anywhere in the world. 
Economic loss is just one part of the story: identity theft remains a persistent threat. 

Online repositories containing email addresses and account usernames are posted online, and then shared among criminals. 

From there, it’s just a few extra steps and a malicious actor can gain access to your online life. 

Passwords that are too simple or common can be cracked in as little as one second.

So, if you’re using “123456”, “qwerty”, “iloveyou”, or even your birth date for any of your accounts, it’s definitely time to ramp up your password game to avoid becoming just another sad statistic. 

 

How to Pick Strong Passwords   

Strong passwords should be Long, Complex, and Unique. 

Hitting one of these goals isn’t enough though. 

Aim for all three in each of your passwords, and your digital security status will improve significantly. 

 

Let’s look at each of the factors in a strong password now. 

Consider Length 

Remember that statistically, it’s far easier to crack a short password than a long one. Anything less than 12 characters should be avoided. 

One way to ensure you’re using long passwords is to create passphrases instead - a tactic recommended by The Electronic Frontier Foundation and many others. 

Passphrases should comprise four to five random words for added security and you can substitute a few letters for numerals or special characters. 

For example, “8ate cat pOny g0ld opal” comes in at 23 characters and is easy to remember. 

If memorizing passwords or passphrases is any issue, you may be tempted to use known phrases, such as “like a rolling stone.”

However, these do not afford anywhere near the same amount of protection.

Prioritize Complexity 

Complexity now matters as much as length. 

The best way to ensure your passwords are complex is to use a random mix of upper and lowercase letters, numerals, and special characters. 

You can also use punctuation such as hyphens, em-dashes, periods, and colons as well. 

Generating complex (and lengthy) passwords is much easier with the help of a dedicated password tool. Your browser offers to generate and store these for you. 

However, there have been concerns raised over how well protected these in-built tools are. 

Instead, opt for a dedicated third-party tool such as LastPass, a password manager that stores, secures, and generates complex passwords.

Good for the older expat who may have trouble remembering a new password or two.

Try to avoid linking your accounts to another account for easier logins, for example, having numerous accounts linked to your Facebook or Google. 

Don’t allow your browser to store your passwords. 

You could try a dedicated third-party tool such as LastPass,
https://www.lastpass.com/

Last Pass is a password manager that stores, secures, and generates complex passwords for you.

Great for the older expat who may have trouble remembering a new password or two.

Cybercrime may have in the past sounded like a Marvel movie story, however, these days taking precautions at least beats finding your saving account has been emptied.

 

-- © Copyright  ASEAN NOW 2022-05-25

 

- Cigna offers a range of visa-compliant plans that meet the minimum requirement of medical treatment, including COVID-19, up to THB 3m. For more information on all expat health insurance plans click here.

 

Get your business in front of millions of customers who read ASEAN NOW with an interest in Thailand every month - email [email protected] for more information

[RandiRona]

Well just a poor recycling attempt. No matter how strong your password is going to be,its useless if some has access to data or in Thailand's case, access to whole server's racks. Always assume that your password is compromised and go for MFA if availabe...Multi factor Authentication by using Phone, Message , email. That is the only way to safeguard against compromised databases.

[RichardColeman]

3 hours ago, webfact said:

The best way to ensure your passwords are complex is to use a random mix of upper and lowercase letters, numerals, and special characters. 

That's also why most people write them down !

[BritManToo]

3 hours ago, webfact said:

Many ex-pats also need to ramp up online security, so here's how to pick strong passwords 
As most of us Expats now rely on online transactions to run our daily lives, are we taking unnecessary risks security-wise?

Nobody has ever managed to explain to me why I need any online security at all.

Banking is all done on phone apps now.

Email and social media, it doesn't really matter.

Why do I need a 'secure password' for my AseanNow account?

It's just foolishness!

[Excel]

39 minutes ago, BritManToo said:

Why do I need a 'secure password' for my AseanNow account?

It's just foolishness!

Simply put if not, then someone could easily hack in and sign in as your good self and then post that they actually know what they are talking about . ????

[RedBackman]

Most of the information is alright but substituting numbers and special characters for letters like "p@ssw0rd" is absolutely trash advice. Modern tools for cracking passwords have algorithms that will cover those common substitutions easily.

 

Want a secure password that you have a chance of remembering? Pick a bunch of words for length and slap a number or special character in an unexpected place. ie "Bunnytimehel$5^lostrinG" - So I have to remember 4 words, I capitalized first and last, I put my numbers/characters between the l's in hello, and they were right in a row on the keyboard $5^. For a couple secure passwords that you don't want to exist in a password manager but need to remember that's doable - like the password for your password manager itself or your main email. 

 

For everything else use a password manager that securely generates passwords and use multifactor authentication, preferably with an authentication app for one of the factors because sms/phone can be insecure.

[KhunBENQ]

There are exactly two passwords that I remember:

 

1) the master password for my encrypted container (VeraCrypt) which contains a simple text file with xx account names and passwords, credit card data etc. etc.

It is 16 characters long (yes a bit weak, should be 20).

I can remember it and still it is far from simple to guess.

Remembering is easy as I use it multiple times a day on PC and phone (2nd copy of the container).

Master password is never used online, container copies locally only (four copies in total).

No cloud, no nothing

 

2) second password is a trivial 13 character password violating basic rule (some name included).

This same trivial password is used on multiple online sites which just bother for some registration without being any security relevant. Hacking would do no real harm.

AseanNow is not in this category

 

Almost none of the passwords in the container is made of complex characters (some sites still force otherwise). All easy readable from a limited set of ASCII letters and digits.

Created with a tool.

Length matters! Hardly any password shorter than 12, most 16 or 20 now.

 

The whole list of master passwords and passwords in the container is PRINTED on paper!! The paper is in a sealed envelope in the safe.

If safe broken I am ..... up

 

Edited May 25, 2022 by KhunBENQ