Make Remembering Passwords A Thing Of The Past

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too.

This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the
Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a password manager
Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager.

The best password managers let you customize how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

We can set you up with an Enterprise Password Manager (the one we use) and train you and your team on how to best use it – simply get in touch!

Turn on multi-factor authentication (MFA)
As well as setting up a password manager, turn on multi factor authentication (MFA) wherever possible. When you log in to your accounts, you’ll need to enter an additional security code as second means of keeping your account secure.

These codes can be sent to you by text message or email. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds. Some applications also support a hardware security key that you plug into your computer or that displays security codes that rotate every 60 seconds.

Multi-factor authentication is available on most software and is considered a highly effective tool against hackers.

Even if they’ve got your login details they can’t get in without your phone.

We recommend you implement this for all apps your staff use.

After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process – just give us a call!

Password Versus Passphrase… Which Is Best?

Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.

However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself.

However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.

Passphrases
Passphrases are a simpler way to create and remember strong passwords.

The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess.

An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type.

Instead, we recommend you use passphrases-a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack.
Here are two different examples:
Sustain-Easily-Imprison
Time for tea at 1:23

What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type.

You can make your passphrase even stronger if you want to by replacing letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero.

If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.

Using Passphrases Securely
You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it.

Use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, your other accounts are still safe.

If you have too many passphrases to remember (which is very common), consider using a password manager.

This is a special program that securely stores all your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer or device and the password manager program. Never share a passphrase or your strategy for creating them with anyone else, including coworkers or your supervisor. Remember, a passphrase is a secret; if anyone else knows your passphrase, it is no longer secure.

If you accidentally share a passphrase with someone else, or believe your passphrase may have been compromised or stolen, change it immediately. The only exception is if you want to share your key personal passphrases with a highly trusted family member in case of an emergency.

Do not use public computers, such as those at hotels or Internet cafes, to log in to your accounts. Since anyone can use these computers, they may be infected and capture all your keystrokes. Only log in to your accounts on trusted computers or mobile devices.

Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even on your Facebook page.

Make sure that if you answer personal questions you use only information that is not publicly available or fictitious information you have made up.

Can’t remember all those answers to your security questions? Select a theme like a movie character and base your answers on that character. Another option is, once again, to use a password manager. Most of them also allow you to securely store this additional information.

Many online accounts offer something called two-factor authentication, also known as two-step verification.

This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always enable and use these stronger methods of authentication.

Mobile devices often require a PIN to protect access to them. Remember that a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase or use a biometric, such as your fingerprint.

If you are no longer using an account, be sure to close, delete, or disable it. (This article is reprinted with permission from the SANS Security Center OUCH! newsletter.)

How Google Password Checkup Can Protect Your Data

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.

What Is Credential Management And Should I Have It?

Ron Cochran is a senior help desk technician for Tech Experts.

In the world today, we have many things to remember and passwords are one of those. We have alarm codes, website logins, usernames, passwords, passphrases, bank account information, and everything in between. However, if you’re on top of your password game, then none of your passwords match and that can be quite the chore to keep up on.

This brings me to a product called Passportal.

Passportal eliminates the need to remember all those different passwords, websites, and passphrases. With Passportal, once you have your account set up – and have entered your websites, usernames, passwords, and passphrases – you will only need to remember one password to sign into anything. There is also an extension for one of the most popular web browsers.

Once you create your account with Passportal, you’ll be able to enter your website of choice, username, and password; then, when you revisit that site, you will be notified that Passportal has saved your credentials for that site. You’ll click one button and Passportal will automatically enter your information in, then you’re logged in to your favorite websites, social media, or message boards.

While it may sound like you’re putting all of your eggs in one basket, Passportal’s main focus is password security. The website, application, and process was created with military-grade password data security in mind while maintaining ease of use for the end user.

In the event of a mugging or break-in, you can lock your Passportal account and disable your usernames and passwords, instead of trying to remember everything you need to change. It’s one less thing to worry about when recovering from identity theft.

Let’s say your credit card and bank information have been compromised. Once you receive your new card and password, you revisit the website. Passportal remembers your password, but it doesn’t work. You will be able to seamlessly add the new password to the Passportal extension with just a couple clicks and keystrokes. Passportal has saved many users countless extra clicks, time, and hassle by keeping their valuable personal information secure.

If you are the owner of a company, you can utilize Passportal and have control over the passwords and when/if they expire. If you have an employee that quits or is terminated, you can lock that username out of your company information with just ONE click of a button. This feature saves valuable time that a human resource manager would have used to track down all the user information, gain access to their workstation or laptop, and remove their profile, or gain access to the server to remove their Active Directory profile.

Passportal also has two-way syncing with Active Directory for Windows Server. With Passportal, there is even a mobile app and phone number you can text to get a password reset. This feature will save employees who are locked out of their accounts – and allow your IT department to focus on more in-depth issues.

If you’re the human resource manager, general manager, or owner of a company, your company will most likely be able to benefit. Ask your IT department or managed service provider about Passportal and how you can implement it within your company.

What Makes For A Good Password?

Luke Gruden is a help desk technician for Tech Experts.

It seems like every week we need to make a new password for a new account. When making a password, there is usually some colored bar letting you know if your password is strong or weak.

It is very important that we maintain strong passwords for our accounts, so no one uses a password generator to guess the password and gain access to our private information.

What actually makes a good password? Length is one of the best methods to making a stronger password as it’s harder for a computer to hack a longer password. For the length, it’s recommended to have at least 12 characters.

If your password consists of basic words, it’s recommend the password be even longer as a lot of password crackers out there auto-search dictionary words.

You can even make a sentence or sentences. There is no rule against something like this: “Hello! I am Luke with Tech Experts and I work on computers!” That was about 60 characters and would take significantly longer to crack than a simple 12 character password.

The next best factor to making a good password is complexity. Complexity is when a password uses special characters, numbers, random capitals, and contains few or no dictionary words. The more complex a password is, the far harder it is for a computer to crack the password. “s5df1K51lj!@# ^k5$#1#!!2 @” would be a really good password, but good luck remembering it. Too complex and it’s hard to remember, too short and it’s easy to crack.

However, using length and complexity, we can make a strong password that we can remember.

Adding a number and special character to each word you use will drastically increase the strength of the password without making it too complex “Hello$1 my$2 name$3 is$4 Luke!$5” is most likely a stronger password than the one I used earlier that contained 60 characters simply because the special characters aren’t in the dictionary.

Another important note about passwords is that you should keep every password different for each profile. It can be tempting to use the same password for every account online, but at least try to make variations of your passwords.

The main reason why is that if a website is leaked or hacked, your password can be out there in the public and can be attempted on your other accounts, so even if you have the best password in the world, using the same password for every account can make your accounts vulnerable.

The last good practice for passwords is to change your password every 6 months or so, so even if your password was leaked without your knowledge, changing the password would end the issue. Also, some computers will try to crack a password 24/7 and, with enough time, it will eventually guess the right password. Changing your password every so often will thwart those computers that endlessly guess at your password.

Another way to ensure you have different strong passwords is to use a password manager. A password manager is a type of program that stores your different passwords for different accounts, but that itself still needs a good password to protect your collection. With a password manager, you can use a generator to create very long complex passwords and not have to worry about remembering them as long as you have accesses to your manager.

If you need any help with passwords or with setting up a password manager, you can count on your Tech Experts to help you on your way. Contact us with any questions at (734) 457-5000.

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Wire Fraud: How An Email Password Can Cost You $100,000

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Wire fraud is one of the most financially damaging threats to people and businesses today. Victims can lose hundreds of thousands of dollars in the blink of an eye.

What is wire fraud? Let’s start with the basics:

A wire transfer is an electronic transfer of funds between entities, usually a bank and someone else.Wire fraud utilizes this system to steal money. Typically, this is done by fooling a financial institution into wiring money to a fraudulent account.

The process often begins with the theft of personal data or email credentials, which means data security is paramount to preventing this threat.

Here’s an overview of wire fraud so you can better protect your business and clients. [Read more…]

Better Passwords: Keep Your Information Secure!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It could be your email, your pictures, or your company documents and files – whatever you have on your computer needs to protected from hackers, identity thieves, nosy employees and other cyber troublemakers.

Imagine if all of your private, personal and company information were available on the public Internet. And then, take a few minutes to follow the steps below and help make your systems more secure.

Use a different password for each important service
Make sure you have a different password for every important account you have. Hackers will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account.

Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account.

Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them – including potential attackers.

Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you.

Complex and lengthy passwords can be a pain – the average password is shorter than eight characters, and many just contain letters. Analysis shows that only 54 percent of passwords include numbers, and only 3.7 percent have special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password.

For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”.

Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Keep your password somewhere safe
Research shows that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services.

But don’t worry – if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it.

If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Many web browsers have free password managers built into them, and there are many independent options as well.

Secure Online Accounts Without Sacrificing Ease Of Use

by Jeremy Miller, Technician
The Internet allows us to do so much, such as: buy things, research information, and share just about anything. There is and will always be someone out there that is going to take advantage of Internet users in one way or another.

Keeping that in mind, most places on the Internet use password authentication, this is both good and bad. It is good because you are required to enter credentials that you originally provided to enter a protected area of a website.

This may keep your data safe from most people with malicious intent. However, most people are not perfect at remembering passwords, especially complex passwords, so most people end up using the same password for many websites. This is a bad choice.

If a hacker obtains your password, they may be able to access any site on which you use that password or a similar password. The best Internet practices are to use a different complex password for each website.

Complex passwords are passwords that contain upper and lower case letters, numbers, special characters, and they must not resemble any dictionary word.

An example of a bad password is: love, password, P@ssw0rd. A good example of a complex password would be: ”n$)M1@x{1_5” 65”.

Password cracking has come a long way from brute-force dictionary based attacks, which allow a hacker to guess your password using a computer and wordlists. The use of complex passwords has become a necessity for anyone wanting to keep their information secure.

The best way to solve this conundrum is to implement a password manager. I have tried many password managers and have found the best results to be with LassPass password manager.

It is a feature rich password manager that is very secure. LassPass does not store or even know what your password is.

You can add LassPass as a browser extension or an app on your computers or mobile devices. You will only have to remember your password to LassPass to access any password protected websites.

Once LassPass is installed you simply visit a website that requires a login, such as your webmail or Facebook. Once you enter your username and password LassPass will ask if you would like to remember it.

If you choose yes it will auto fill out the information required to automatically login to the website the next time you visit it.

LassPass can also store secure encrypted notes that work great for bank logins. Most banks have a multi-stage login which is where you enter your username and password on different pages.

You can store your usernames, passwords, account numbers, and card numbers in secure notes for ease of access. All of your passwords can be accessed from any platform and any device.

LassPass also provides users with many tools that make using the LassPass password manager better such as: password generators, automatic form filling with the ability to have multiple identities, easily backup the data to local storage, on-screen keyboard to prevent key loggers, ability to share information via email, and most importantly two-factor authentication.

A two–factor authentication device allows you to use a password and a device such as a USB flash drive, YubiKey©, or Google Authenticator App to authenticate.

This improves your security because you have to have the second credential. Since that is in your possession, a cyber criminal would have to actually steal your device to hack your passwords.

Once you start to use LassPass as a password manager you will not want to return to remembering passwords or creating weak password that are easy to remember.

Give us a call to talk about improved security for your online accounts. We can help you setup the password manager and teach you how to use it. This is another way to make sure that your identity does not get compromised.

Strong Passwords Keep Your Personal Information Secure

A recent ZoneAlarm survey revealed that 79 percent of consumers use risky password construction practices, such as including personal information and words.

The survey also revealed that 26 percent of respondents reuse the same password for important accounts such as e-mail, banking or shopping and social networking sites.

In addition, nearly 8 percent admit to copying an entire password found online in a listing of “good” passwords.

Given these numbers, it’s no wonder that 29 percent of respondents had their own e-mail or social network account hacked, and that over half (52 percent) know someone who has had a similar problem.

The first step a hacker will take when attempting to break into a computer or secure account is try to guess the victim’s password.

Automated programs are available to repeatedly guess passwords from a database of common words and other information.

Once a hacker gains access to one account, almost 30 percent of the time that information can be used to access other sites that contain financial data such as bank account numbers and credit card information. To ensure you stay safe online, here are a few tips for creating a strong password.

Use Unique Passwords For Each Account
Choose different and unique passwords for each account.

Passwords Should Be Eight To Ten Characters Long
Choose a password that is at least eight to 10 characters long. This should be long enough to prevent brute force attacks, which consist of trying every possible combination of a password until the right one is found.

Avoid Using Personal Information
Make sure your password is difficult for someone to guess. Do not use names of any kind, including your login name, family member’s name or a pet’s name. Also avoid using personal information such as a phone number, birthday or place of birth.

Avoid Words In The Dictionary
Avoid words that can be found in the dictionary. With the availability of online dictionaries, it is easy for someone to write a program to test all of the words until they find the right one.

Avoid Repeating Characters Or Sequences
Stay away from repeated characters or easy to guess sequences. For example: 77777, 12345, or abcde.

Use Numbers, Letters And Special Characters
Choose a password that is a mixture of numbers, letters and special characters. The more complex and random it is, the harder it will be to crack.

Use Word Fragments
Use fragments of words that will not be found in a dictionary. Break the word in half and put a special character in the middle.

Frequently Change Your Passwords
Change your passwords often. Even if someone cracks the system password file, the password they obtain is not likely to last long.

Cyber crime is on the rise. Taking the time to actively choose secure passwords will protect your identity, banking information and personal information. And remember, writing your password on a sticky note on your monitor isn’t secure!