How Google Password Checkup Can Protect Your Data

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.

What Is Credential Management And Should I Have It?

Ron Cochran is a senior help desk technician for Tech Experts.

In the world today, we have many things to remember and passwords are one of those. We have alarm codes, website logins, usernames, passwords, passphrases, bank account information, and everything in between. However, if you’re on top of your password game, then none of your passwords match and that can be quite the chore to keep up on.

This brings me to a product called Passportal.

Passportal eliminates the need to remember all those different passwords, websites, and passphrases. With Passportal, once you have your account set up – and have entered your websites, usernames, passwords, and passphrases – you will only need to remember one password to sign into anything. There is also an extension for one of the most popular web browsers.

Once you create your account with Passportal, you’ll be able to enter your website of choice, username, and password; then, when you revisit that site, you will be notified that Passportal has saved your credentials for that site. You’ll click one button and Passportal will automatically enter your information in, then you’re logged in to your favorite websites, social media, or message boards.

While it may sound like you’re putting all of your eggs in one basket, Passportal’s main focus is password security. The website, application, and process was created with military-grade password data security in mind while maintaining ease of use for the end user.

In the event of a mugging or break-in, you can lock your Passportal account and disable your usernames and passwords, instead of trying to remember everything you need to change. It’s one less thing to worry about when recovering from identity theft.

Let’s say your credit card and bank information have been compromised. Once you receive your new card and password, you revisit the website. Passportal remembers your password, but it doesn’t work. You will be able to seamlessly add the new password to the Passportal extension with just a couple clicks and keystrokes. Passportal has saved many users countless extra clicks, time, and hassle by keeping their valuable personal information secure.

If you are the owner of a company, you can utilize Passportal and have control over the passwords and when/if they expire. If you have an employee that quits or is terminated, you can lock that username out of your company information with just ONE click of a button. This feature saves valuable time that a human resource manager would have used to track down all the user information, gain access to their workstation or laptop, and remove their profile, or gain access to the server to remove their Active Directory profile.

Passportal also has two-way syncing with Active Directory for Windows Server. With Passportal, there is even a mobile app and phone number you can text to get a password reset. This feature will save employees who are locked out of their accounts – and allow your IT department to focus on more in-depth issues.

If you’re the human resource manager, general manager, or owner of a company, your company will most likely be able to benefit. Ask your IT department or managed service provider about Passportal and how you can implement it within your company.

What Makes For A Good Password?

Luke Gruden is a help desk technician for Tech Experts.

It seems like every week we need to make a new password for a new account. When making a password, there is usually some colored bar letting you know if your password is strong or weak.

It is very important that we maintain strong passwords for our accounts, so no one uses a password generator to guess the password and gain access to our private information.

What actually makes a good password? Length is one of the best methods to making a stronger password as it’s harder for a computer to hack a longer password. For the length, it’s recommended to have at least 12 characters.

If your password consists of basic words, it’s recommend the password be even longer as a lot of password crackers out there auto-search dictionary words.

You can even make a sentence or sentences. There is no rule against something like this: “Hello! I am Luke with Tech Experts and I work on computers!” That was about 60 characters and would take significantly longer to crack than a simple 12 character password.

The next best factor to making a good password is complexity. Complexity is when a password uses special characters, numbers, random capitals, and contains few or no dictionary words. The more complex a password is, the far harder it is for a computer to crack the password. “s5df1K51lj!@# ^k5$#1#!!2 @” would be a really good password, but good luck remembering it. Too complex and it’s hard to remember, too short and it’s easy to crack.

However, using length and complexity, we can make a strong password that we can remember.

Adding a number and special character to each word you use will drastically increase the strength of the password without making it too complex “Hello$1 my$2 name$3 is$4 Luke!$5” is most likely a stronger password than the one I used earlier that contained 60 characters simply because the special characters aren’t in the dictionary.

Another important note about passwords is that you should keep every password different for each profile. It can be tempting to use the same password for every account online, but at least try to make variations of your passwords.

The main reason why is that if a website is leaked or hacked, your password can be out there in the public and can be attempted on your other accounts, so even if you have the best password in the world, using the same password for every account can make your accounts vulnerable.

The last good practice for passwords is to change your password every 6 months or so, so even if your password was leaked without your knowledge, changing the password would end the issue. Also, some computers will try to crack a password 24/7 and, with enough time, it will eventually guess the right password. Changing your password every so often will thwart those computers that endlessly guess at your password.

Another way to ensure you have different strong passwords is to use a password manager. A password manager is a type of program that stores your different passwords for different accounts, but that itself still needs a good password to protect your collection. With a password manager, you can use a generator to create very long complex passwords and not have to worry about remembering them as long as you have accesses to your manager.

If you need any help with passwords or with setting up a password manager, you can count on your Tech Experts to help you on your way. Contact us with any questions at (734) 457-5000.

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Wire Fraud: How An Email Password Can Cost You $100,000

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Wire fraud is one of the most financially damaging threats to people and businesses today. Victims can lose hundreds of thousands of dollars in the blink of an eye.

What is wire fraud? Let’s start with the basics:

A wire transfer is an electronic transfer of funds between entities, usually a bank and someone else.Wire fraud utilizes this system to steal money. Typically, this is done by fooling a financial institution into wiring money to a fraudulent account.

The process often begins with the theft of personal data or email credentials, which means data security is paramount to preventing this threat.

Here’s an overview of wire fraud so you can better protect your business and clients. [Read more…]

Better Passwords: Keep Your Information Secure!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It could be your email, your pictures, or your company documents and files – whatever you have on your computer needs to protected from hackers, identity thieves, nosy employees and other cyber troublemakers.

Imagine if all of your private, personal and company information were available on the public Internet. And then, take a few minutes to follow the steps below and help make your systems more secure.

Use a different password for each important service
Make sure you have a different password for every important account you have. Hackers will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account.

Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account.

Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them – including potential attackers.

Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you.

Complex and lengthy passwords can be a pain – the average password is shorter than eight characters, and many just contain letters. Analysis shows that only 54 percent of passwords include numbers, and only 3.7 percent have special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password.

For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”.

Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Keep your password somewhere safe
Research shows that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services.

But don’t worry – if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it.

If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Many web browsers have free password managers built into them, and there are many independent options as well.

Secure Online Accounts Without Sacrificing Ease Of Use

by Jeremy Miller, Technician
The Internet allows us to do so much, such as: buy things, research information, and share just about anything. There is and will always be someone out there that is going to take advantage of Internet users in one way or another.

Keeping that in mind, most places on the Internet use password authentication, this is both good and bad. It is good because you are required to enter credentials that you originally provided to enter a protected area of a website.

This may keep your data safe from most people with malicious intent. However, most people are not perfect at remembering passwords, especially complex passwords, so most people end up using the same password for many websites. This is a bad choice.

If a hacker obtains your password, they may be able to access any site on which you use that password or a similar password. The best Internet practices are to use a different complex password for each website.

Complex passwords are passwords that contain upper and lower case letters, numbers, special characters, and they must not resemble any dictionary word.

An example of a bad password is: love, password, P@ssw0rd. A good example of a complex password would be: ”n$)M1@x{1_5” 65”.

Password cracking has come a long way from brute-force dictionary based attacks, which allow a hacker to guess your password using a computer and wordlists. The use of complex passwords has become a necessity for anyone wanting to keep their information secure.

The best way to solve this conundrum is to implement a password manager. I have tried many password managers and have found the best results to be with LassPass password manager.

It is a feature rich password manager that is very secure. LassPass does not store or even know what your password is.

You can add LassPass as a browser extension or an app on your computers or mobile devices. You will only have to remember your password to LassPass to access any password protected websites.

Once LassPass is installed you simply visit a website that requires a login, such as your webmail or Facebook. Once you enter your username and password LassPass will ask if you would like to remember it.

If you choose yes it will auto fill out the information required to automatically login to the website the next time you visit it.

LassPass can also store secure encrypted notes that work great for bank logins. Most banks have a multi-stage login which is where you enter your username and password on different pages.

You can store your usernames, passwords, account numbers, and card numbers in secure notes for ease of access. All of your passwords can be accessed from any platform and any device.

LassPass also provides users with many tools that make using the LassPass password manager better such as: password generators, automatic form filling with the ability to have multiple identities, easily backup the data to local storage, on-screen keyboard to prevent key loggers, ability to share information via email, and most importantly two-factor authentication.

A two–factor authentication device allows you to use a password and a device such as a USB flash drive, YubiKey©, or Google Authenticator App to authenticate.

This improves your security because you have to have the second credential. Since that is in your possession, a cyber criminal would have to actually steal your device to hack your passwords.

Once you start to use LassPass as a password manager you will not want to return to remembering passwords or creating weak password that are easy to remember.

Give us a call to talk about improved security for your online accounts. We can help you setup the password manager and teach you how to use it. This is another way to make sure that your identity does not get compromised.

Strong Passwords Keep Your Personal Information Secure

A recent ZoneAlarm survey revealed that 79 percent of consumers use risky password construction practices, such as including personal information and words.

The survey also revealed that 26 percent of respondents reuse the same password for important accounts such as e-mail, banking or shopping and social networking sites.

In addition, nearly 8 percent admit to copying an entire password found online in a listing of “good” passwords.

Given these numbers, it’s no wonder that 29 percent of respondents had their own e-mail or social network account hacked, and that over half (52 percent) know someone who has had a similar problem.

The first step a hacker will take when attempting to break into a computer or secure account is try to guess the victim’s password.

Automated programs are available to repeatedly guess passwords from a database of common words and other information.

Once a hacker gains access to one account, almost 30 percent of the time that information can be used to access other sites that contain financial data such as bank account numbers and credit card information. To ensure you stay safe online, here are a few tips for creating a strong password.

Use Unique Passwords For Each Account
Choose different and unique passwords for each account.

Passwords Should Be Eight To Ten Characters Long
Choose a password that is at least eight to 10 characters long. This should be long enough to prevent brute force attacks, which consist of trying every possible combination of a password until the right one is found.

Avoid Using Personal Information
Make sure your password is difficult for someone to guess. Do not use names of any kind, including your login name, family member’s name or a pet’s name. Also avoid using personal information such as a phone number, birthday or place of birth.

Avoid Words In The Dictionary
Avoid words that can be found in the dictionary. With the availability of online dictionaries, it is easy for someone to write a program to test all of the words until they find the right one.

Avoid Repeating Characters Or Sequences
Stay away from repeated characters or easy to guess sequences. For example: 77777, 12345, or abcde.

Use Numbers, Letters And Special Characters
Choose a password that is a mixture of numbers, letters and special characters. The more complex and random it is, the harder it will be to crack.

Use Word Fragments
Use fragments of words that will not be found in a dictionary. Break the word in half and put a special character in the middle.

Frequently Change Your Passwords
Change your passwords often. Even if someone cracks the system password file, the password they obtain is not likely to last long.

Cyber crime is on the rise. Taking the time to actively choose secure passwords will protect your identity, banking information and personal information. And remember, writing your password on a sticky note on your monitor isn’t secure!

Do You Keep Critical Passwords On A Sticky Note Next To Your PC?

We constantly struggle to get our clients to stop writing down their passwords on sticky notes by the computers. Obviously this is a security risk. Another bad habit is choosing  really easy-toremember passwords such as “password.”

But admittedly, it CAN be hard remembering all of those passwords that are always changing. To solve this little dilemma, we’re suggesting to our clients to stop using passwords and use “pass-phrases.”

What is a “pass-phrase” you ask? They are letters and numbers put together in an easy-toremember phrase such as “!YEAHGoBlue!”

These are MUCH easier to remember than a random cluster of letters and numbers, which means you won’t have to write them down on a post-it note anymore! Plus, they’re much more secure than using a birthday or child’s name.

Pass-phrases can be built from anything, such as favorite quotes, lines from movies, sports team names, a favorite athlete’s name and jersey number, kids’ names and birthdates, pets, and so on.

Here’s some other examples that would be easy for you to remember, but hard for a hacker or criminal to guess:

ILike!ceTea

T&lkingOnTh3Phone

d3tro1tHockey

goneWithth3w!nd

Git-r-don3!!

Detroit-R3D-Wings

All you need to do is be a little creative to get numbers, letters and punctuation into the phrase. All of the normal suggestions remain the same – don’t make a password  exclusively a birthday or child’s name, and always include special letters and punctuation.

Since introducing this to our clients, we’ve found (believe it or not) they actually have fun doing this, and at the same time, are making their networks more secure!

How To Pick A Good Password

What’s the most common password? You guessed it…”password.” Obviously this is not the best way to protect yourself against hackers and online thieves. But even if you don’t use the word “password,” you might be using an equally easy password to decipher.
We suggest you DON’T use the following passwords for really important web sites, such as your online banking web site or other financially related sites.
• Your name or your spouse’s name.
• Your children’s names.
• Your pet’s name.
• Your birth date.
• The last four digits of your Social Security number.
• Your phone number.
• Your address.
• A series of consecutive numbers, such as “1, 2, 3, 4.”
• A single word that would appear in a dictionary.
Your best bet for creating a strong password: Use combinations of letters, numbers and special characters.