Why Should You Use Different Passwords For Different Accounts?

March 20, 2023

It’s common to have multiple online accounts for social media, online shopping, banking, and more. While having different accounts makes our lives more convenient, it also presents a security risk if we use the same password for all of them.

This is because if a hacker gains access to one of our accounts, they can potentially gain access to all of them if we use the same password. This is why it’s crucial to have different passwords on different accounts.

Having different passwords on different accounts is one of the most basic but important steps you can take to protect your online security.

By using unique passwords, you reduce the risk of a hacker gaining access to all of your accounts if they manage to crack one password. This is particularly important for accounts that contain sensitive information, such as online banking or medical records.

One reason why people tend to use the same password for multiple accounts is because it’s easier to remember.

However, there are ways to create strong and unique passwords without having to remember them all. One option is to use a password manager.

A password manager is a tool that generates and stores unique passwords for each of your accounts. All you have to do is remember one master password to access the password manager. Some popular password managers include BitWarden, Dashlane, and 1Password.

Another way to create strong and unique passwords is to use a passphrase instead of a single word. A passphrase is a combination of several words that are easy for you to remember, but difficult for others to guess. For example, instead of using the password “password123” you could use a passphrase like “MyDogate2BonesToday!”

It’s important to note that having different passwords is not enough to ensure complete security. It’s also important to use strong passwords that are difficult to guess or crack.

This means avoiding common words, phrases, or personal information that could be easily guessed.
Instead, use a combination of upper and lowercase letters, numbers, and symbols.

In addition to having different and strong passwords, it’s also important to update them regularly. This is because if a hacker gains access to an old password that you no longer use, they can still potentially use it to gain access to other accounts if you’ve used the same password for multiple accounts. It’s recommended to update your passwords every six months to a year.

One thing to keep in mind is that while having different passwords on different accounts is important, it’s not the only step you should take to protect your online security. It’s also important to enable two-factor authentication whenever possible.
Two-factor authentication adds an extra layer of security by requiring a second form of authentication, such as a code sent to your phone or an app.

While it may seem daunting to remember multiple passwords, password managers can help significantly.

By taking these basic steps, you can greatly reduce the risk of a security breach and protect your sensitive information online.

Filed Under: Online Security Tagged With: , , ,

Are You Still Using That Same Old Password?

February 5, 2023

We talk a lot about strong passwords. It’s kind of our job. But they’re really important if you want to protect your online accounts and keep your data safe.

So why are we hearing that ‘123456’ is still the most common password? Researchers found it used more than 100,000 times in a recent study.

‘Admin’ is another popular choice, found 17,000 times, followed by the highly creative ‘root’ and ‘guest’. Often these are pre-set default passwords which you’re supposed to change when you first login – but too many people don’t bother.

Names – personal names, celebrities, even football teams – are also common, as are profanities. One swearword cropped up 300,000 times in the study (we’ll let you guess which word it was).

But popular choices make for weak passwords. A brute force attack involves throwing thousands of passwords at a system.

So if you’re using any of these examples, it wouldn’t take long for an attacker to gain access to your account.

A good solution is to use a password manager. This will create long, strong, random passwords that are impossible to guess. It also stores them securely and auto fills them, saving you time.

An even safer solution is Passkeys. These could take over from passwords entirely – Apple and Microsoft are already rolling them out across their apps and accounts. Passkeys consist of two ‘keys’: One on your device and one within the application.

When they connect and recognize each other as the right fit, you gain access to your account… all without clicking a button.

The best part is that you never have to remember a password. It’s all done within your device and the application, so it’s unlikely that a cyber criminal will ever be able to get their hands on your log in credentials. And there are 123456 reasons why that’s a good thing.

Need help to find the right password manager? Get in touch.

Filed Under: Password Security Tagged With:

Do You Know Exactly What Services Your Staff Are Signing Up For?

October 28, 2022

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whatever problem, need, or want you have… there’s a cloud application out there that can help you.

We’ve never lived in a such a rich time for problem solving. Every day, hundreds of new services launch to make our lives easier and help us be more productive.

These applications all live in the cloud. They’re known as Software as a Service – or SaaS – because you don’t load any software onto your device. You use them in your browser.

We would argue this SaaS revolution over the last 15 to 20 years has played a critical part in shaping the way we work today.

However, there’s an issue. Many businesses aren’t 100% aware of what new services their staff have signed up for. And this problem isn’t a financial one; it’s a security one. [Read more…]

Filed Under: Online Security Tagged With: , ,

The Way We Use Passwords Is Finally Changing

July 27, 2022

Passwords are a problem that companies are always trying to fix, but they are still essential for accessing pretty much anything online. And even now people aren’t changing them after a breach and then still use the same password to access multiple sites.

Reused passwords are a potential security problem because if a password has been compromised once, then hackers can use it to access other accounts if it’s been used as the sign-in for another site.

Truth be told, passwords are annoying for most people. If you look at the best practice password advice, it’s creating work for everyone:

  • Generate long random character passwords rather than using everyday words that can be guessed by cyber criminals’ automated software
  • Use a different password for every single application
  • Never write passwords down or share with a colleague

This is why we tell our clients to use a password manager. It’s a safe way to generate highly secure passwords, store them, and fill in login boxes so you don’t have to.

Recently we’ve heard that tech giants Microsoft, Apple and Google have joined forces to kill off the password and introduce its replacement.

That’s called a passkey.

It’s very simple. To login to something, you’ll use your phone to prove it’s really you.

Your computer will use Bluetooth to verify you’re sat nearby. Because Bluetooth only works a short distance, this should stop many phishing scams.

Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN.

And that’s it. You’re logged in.

We could see this new no-password login being introduced to some of the world’s biggest websites and applications over the coming year. Exciting!

Filed Under: Password Security Tagged With: ,

How To Protect Your Online Accounts From Being Breached

July 27, 2022

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media. For example, hacked social media accounts will go for between $30 to $80 each.

The rise in reliance on cloud services has caused a big increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.

Having either a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft, and more.

To make matters more challenging, users are still adopting bad password habits that make it all too easy for criminals. For example:

  • 34% of people admit to sharing passwords with colleagues
  • 44% of people reuse passwords across work and personal accounts
  • 49% of people store passwords in unprotected plain text documents

Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.

Use multi-factor authentication (MFA)

Multi-factor authentication (MFA) is the best method there is to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.

When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you significantly increase account security. In most cases, a hacker is not going to have access to your phone or another device that receives the MFA code, thus they won’t be able to get past this step.

The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.

Use a password manager for secure storage

One way that criminals get their hands on user passwords easily is when users store them in unsecured ways, such as in an unprotected Word or Excel document or the contact application on their PC or phone.

Using a password manager provides you with a convenient place to store all your passwords that is also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.

Password managers can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.

Review your privacy settings

Have you taken time to look at the security settings in your cloud tools? One of the common causes of cloud account breaches is misconfiguration. This is when security settings are not properly set to protect an account.

You don’t want to just leave SaaS security settings at defaults, as these may not be protective enough. Review and adjust cloud application security settings to ensure your account is properly safeguarded.

Don’t enter passwords when on public Wi-Fi

Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out on public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive data, such as login passwords.

You should never enter a password, credit card number, or other sensitive information when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app, which encrypts the connection.

Use good device security

If an attacker manages to breach your device using malware, they can often breach your accounts without a password needed. Just think about how many apps on your devices you can open and already be logged in to.

To prevent an online account breach that happens through one of your devices, make sure you have strong device security. Best practices include:

  • Antivirus/anti-malware
  • Up-to-date software and OS
  • Phishing protection (like email filtering and DNS filtering)
Filed Under: Online Security Tagged With: , ,

If You’ve Ever Reused A Password To Sign Up For Something New, You Have A Problem…

November 24, 2021

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s something many people admit to doing: they reuse the same password across a few different services.

Not judging you if you’ve done it. It’s easy to see why thousands of people do this every day. It feels like an easy way to get signed up to something.

If you reuse a password, you won’t have to go through the hassle of trying to remember it and needing to reset the password in the future. However, you only have to do this once, and you’re at big risk of something called credential stuffing.

This is where hackers get hold of millions of real usernames and passwords. These typically come from the big leaks we hear about in the news.

Once leaked, information from databases from major companies like Facebook, Twitter and LinkedIn can be bought on the dark web for pennies each. [Read more…]

Filed Under: Password Security Tagged With: ,

An Easier Way To Secure Your Password

September 28, 2021

Mark Funchion is a network technician at Tech Experts.

Between new threats and new tech, security is something that can always be improved upon to make sure your systems are as secure as possible. Passwords are the first level of security, and the area that seems to cause the most headache for end users and IT managers.

In an ideal world, every password would be super complex. For example, a 32-character randomized password with capital letters, lowercase letters, special characters, and numbers. This is possible with a password manager – or if you’re really skilled at memorizing random character strings (unlikely).

The reality is that this does not occur, leading to most of us using a password that is not as secure as hoped. There are a few ways that attackers gain access to our passwords, and the most common methods are an algorithm that “cracks” the password and guessing. Usually, these two are combined, creating databases that nefarious individuals can use for gaining access to your accounts.

The biggest issue with passwords is the human factor. We like things to be simple, so we use things that are familiar. When we have to change a password, we change it in predictable ways, and usually write it on a sticky note.

Let’s look at “Password” as a password. Yes, it’s terrible, but really, it’s eight characters with one capital letter. A password cracker will break “Password” the same as it will break “ushtGsgt.” The second example will just take a little longer to crack because programs try common words and phrases first, then start brute-forcing every combination.

Again, looking at human nature, if one hundred people are asked to make the word “Password” harder to guess, most will swap the “o” for a zero. That’s then added to the list of words and phrases checked first. If the same one hundred people are asked to add a special character and a number, most will probably create something like “Password1!”

Why? Because it is easy to remember, and the “1” and “!” are convenient. Since so many of us will use the same variations of passwords, these become common and therefore are more easily broken.

These reasons are why it’s recommended to use three uncommon, unassociated words as a password (and to not use that combination for all your passwords). For example: “GiraffeDiamondCoffee.” An algorithm will still crack this eventually, but it’s easier to remember and not easily guessed so it will take a while to crack.

The longer it takes, the less likely they will actually get to your data. By using three different random words for your passwords, it is much less likely that your combination of words ends up in the frequently used list, adding more security. You can also easily add numbers and special characters to meet security requirements as needed.

The best practice is to use a password manager and use super complex passwords. Otherwise, using three-word passwords like “GiraffeDiamondCoffee” can boost your security. It may look easy – but it is a 20-character password, so it’s more secure than “P@$$w0rd1!”

Computers that are cracking passwords will try every combination and can test over 100-million per second, so a 10-character password (even with numbers and special characters) only has so many combinations. However, a 20-character password using only capital and lowercase letters like “GiraffeDiamondCoffee” has even more. While the second password seems much easier to crack to the human eye, it’s much more complex in reality.

Do yourself a favor: change how you create your passwords and make your information that much more secure – without making it impossible for you to login to your applications and websites.

Filed Under: Password Security Tagged With: , ,

Changing Your Password Has Changed

September 28, 2021

If you didn’t know, changing your password regularly is so 2018. No, as ever in the world of tech, things have moved on and there are better, easier ways of doing it now.

We’re not suggesting you stick with the same password you’ve been using for the last 10 years. And certainly not suggesting you use the same password across multiple apps.

Today, the most secure way to keep your passwords un-hackable is to utilize a random generator for each new password. And then use a password manager to keep them all safe for you.

A random generator will create passwords you couldn’t possibly remember yourself – even if you could recite pi to 100 digits. They’re really… random. Which is perfect for keeping your accounts secure.

The password manager comes in and stores these passwords safely for you. So no more jotting down random characters in the back of a notebook.

Together, they make the perfect team. And we suggest that you get your own team to use them, now.

If you’re unsure how to set this up, or you would like some help to find the password manager that would be best for your business, call us at 734-457-5000. We’d love to help.

Filed Under: Password Security Tagged With: , ,

Make Remembering Passwords A Thing Of The Past

March 31, 2021

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too.

This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the
Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a password manager
Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager.

The best password managers let you customize how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

We can set you up with an Enterprise Password Manager (the one we use) and train you and your team on how to best use it – simply get in touch!

Turn on multi-factor authentication (MFA)
As well as setting up a password manager, turn on multi factor authentication (MFA) wherever possible. When you log in to your accounts, you’ll need to enter an additional security code as second means of keeping your account secure.

These codes can be sent to you by text message or email. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds. Some applications also support a hardware security key that you plug into your computer or that displays security codes that rotate every 60 seconds.

Multi-factor authentication is available on most software and is considered a highly effective tool against hackers.

Even if they’ve got your login details they can’t get in without your phone.

We recommend you implement this for all apps your staff use.

After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process – just give us a call!

Filed Under: Password Security Tagged With: , , ,

Password Versus Passphrase… Which Is Best?

October 18, 2019

Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.

However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself.

However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.

Passphrases
Passphrases are a simpler way to create and remember strong passwords.

The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess.

An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type.

Instead, we recommend you use passphrases-a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack.
Here are two different examples:
Sustain-Easily-Imprison
Time for tea at 1:23

What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type.

You can make your passphrase even stronger if you want to by replacing letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero.

If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.

Using Passphrases Securely
You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it.

Use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, your other accounts are still safe.

If you have too many passphrases to remember (which is very common), consider using a password manager.

This is a special program that securely stores all your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer or device and the password manager program. Never share a passphrase or your strategy for creating them with anyone else, including coworkers or your supervisor. Remember, a passphrase is a secret; if anyone else knows your passphrase, it is no longer secure.

If you accidentally share a passphrase with someone else, or believe your passphrase may have been compromised or stolen, change it immediately. The only exception is if you want to share your key personal passphrases with a highly trusted family member in case of an emergency.

Do not use public computers, such as those at hotels or Internet cafes, to log in to your accounts. Since anyone can use these computers, they may be infected and capture all your keystrokes. Only log in to your accounts on trusted computers or mobile devices.

Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even on your Facebook page.

Make sure that if you answer personal questions you use only information that is not publicly available or fictitious information you have made up.

Can’t remember all those answers to your security questions? Select a theme like a movie character and base your answers on that character. Another option is, once again, to use a password manager. Most of them also allow you to securely store this additional information.

Many online accounts offer something called two-factor authentication, also known as two-step verification.

This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always enable and use these stronger methods of authentication.

Mobile devices often require a PIN to protect access to them. Remember that a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase or use a biometric, such as your fingerprint.

If you are no longer using an account, be sure to close, delete, or disable it. (This article is reprinted with permission from the SANS Security Center OUCH! newsletter.)

Filed Under: Password Security Tagged With: ,
Next Page »