Passwords

If You’ve Ever Reused A Password To Sign Up For Something New, You Have A Problem…

November 24, 2021

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It’s something many people admit to doing: they reuse the same password across a few different services.

Not judging you if you’ve done it. It’s easy to see why thousands of people do this every day. It feels like an easy way to get signed up to something.

If you reuse a password, you won’t have to go through the hassle of trying to remember it and needing to reset the password in the future. However, you only have to do this once, and you’re at big risk of something called credential stuffing.

This is where hackers get hold of millions of real usernames and passwords. These typically come from the big leaks we hear about in the news.

Once leaked, information from databases from major companies like Facebook, Twitter and LinkedIn can be bought on the dark web for pennies each. [Read more…] about If You’ve Ever Reused A Password To Sign Up For Something New, You Have A Problem…

An Easier Way To Secure Your Password

September 28, 2021

Mark Funchion is a network technician at Tech Experts.

Between new threats and new tech, security is something that can always be improved upon to make sure your systems are as secure as possible. Passwords are the first level of security, and the area that seems to cause the most headache for end users and IT managers.

In an ideal world, every password would be super complex. For example, a 32-character randomized password with capital letters, lowercase letters, special characters, and numbers. This is possible with a password manager – or if you’re really skilled at memorizing random character strings (unlikely).

The reality is that this does not occur, leading to most of us using a password that is not as secure as hoped. There are a few ways that attackers gain access to our passwords, and the most common methods are an algorithm that “cracks” the password and guessing. Usually, these two are combined, creating databases that nefarious individuals can use for gaining access to your accounts.

The biggest issue with passwords is the human factor. We like things to be simple, so we use things that are familiar. When we have to change a password, we change it in predictable ways, and usually write it on a sticky note.

Let’s look at “Password” as a password. Yes, it’s terrible, but really, it’s eight characters with one capital letter. A password cracker will break “Password” the same as it will break “ushtGsgt.” The second example will just take a little longer to crack because programs try common words and phrases first, then start brute-forcing every combination.

Again, looking at human nature, if one hundred people are asked to make the word “Password” harder to guess, most will swap the “o” for a zero. That’s then added to the list of words and phrases checked first. If the same one hundred people are asked to add a special character and a number, most will probably create something like “Password1!”

Why? Because it is easy to remember, and the “1” and “!” are convenient. Since so many of us will use the same variations of passwords, these become common and therefore are more easily broken.

These reasons are why it’s recommended to use three uncommon, unassociated words as a password (and to not use that combination for all your passwords). For example: “GiraffeDiamondCoffee.” An algorithm will still crack this eventually, but it’s easier to remember and not easily guessed so it will take a while to crack.

The longer it takes, the less likely they will actually get to your data. By using three different random words for your passwords, it is much less likely that your combination of words ends up in the frequently used list, adding more security. You can also easily add numbers and special characters to meet security requirements as needed.

The best practice is to use a password manager and use super complex passwords. Otherwise, using three-word passwords like “GiraffeDiamondCoffee” can boost your security. It may look easy – but it is a 20-character password, so it’s more secure than “P@$$w0rd1!”

Computers that are cracking passwords will try every combination and can test over 100-million per second, so a 10-character password (even with numbers and special characters) only has so many combinations. However, a 20-character password using only capital and lowercase letters like “GiraffeDiamondCoffee” has even more. While the second password seems much easier to crack to the human eye, it’s much more complex in reality.

Do yourself a favor: change how you create your passwords and make your information that much more secure – without making it impossible for you to login to your applications and websites.

Changing Your Password Has Changed

September 28, 2021

If you didn’t know, changing your password regularly is so 2018. No, as ever in the world of tech, things have moved on and there are better, easier ways of doing it now.

We’re not suggesting you stick with the same password you’ve been using for the last 10 years. And certainly not suggesting you use the same password across multiple apps.

Today, the most secure way to keep your passwords un-hackable is to utilize a random generator for each new password. And then use a password manager to keep them all safe for you.

A random generator will create passwords you couldn’t possibly remember yourself – even if you could recite pi to 100 digits. They’re really… random. Which is perfect for keeping your accounts secure.

The password manager comes in and stores these passwords safely for you. So no more jotting down random characters in the back of a notebook.

Together, they make the perfect team. And we suggest that you get your own team to use them, now.

If you’re unsure how to set this up, or you would like some help to find the password manager that would be best for your business, call us at 734-457-5000. We’d love to help.

Make Remembering Passwords A Thing Of The Past

March 31, 2021

Using weak passwords is risky. So is using the same password across different services.

If you do this, it means that once somebody has your email address and password, they’ll find it incredibly easy to access your other accounts.

This can wreak havoc on your digital life and within your business. And the damage can spill over into serious real-world inconvenience too.

This is especially true if identity theft is involved, or if they’ve managed to break into your social media or bank accounts.

Data breaches happen every day. And once your passwords and email addresses are out there, you never know whose hands they’ll end up in (many get sold on something called the
Dark Web, a kind of hidden internet for criminals).

But what can you do to keep your passwords safe and your digital accounts secure?

Use a password manager
Instead of scratching your head to come up with a new password for each account, use a password manager to automatically generate long, random, strong passwords.

It’ll also remember them for you. You only need to remember one password… the master password to access the password manager.

The best password managers let you customize how long your passwords are, and what kind of characters they should include. And will keep them 100% safe while still giving you easy access across all your devices.

We can set you up with an Enterprise Password Manager (the one we use) and train you and your team on how to best use it – simply get in touch!

Turn on multi-factor authentication (MFA)
As well as setting up a password manager, turn on multi factor authentication (MFA) wherever possible. When you log in to your accounts, you’ll need to enter an additional security code as second means of keeping your account secure.

These codes can be sent to you by text message or email. Better still, you can set up an authentication app on your phone that refreshes with unique codes every few seconds. Some applications also support a hardware security key that you plug into your computer or that displays security codes that rotate every 60 seconds.

Multi-factor authentication is available on most software and is considered a highly effective tool against hackers.

Even if they’ve got your login details they can’t get in without your phone.

We recommend you implement this for all apps your staff use.

After an initial bit of discomfort, they’ll soon get used to it. We can guide you and your team through the whole process – just give us a call!

Password Versus Passphrase… Which Is Best?

October 18, 2019

Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.

However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity. That is why strong passwords are essential to protecting yourself.

However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.

Passphrases
Passphrases are a simpler way to create and remember strong passwords.

The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess.

An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type.

Instead, we recommend you use passphrases-a series of random words or a sentence. The more characters your passphrase has, the stronger it is. The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack.
Here are two different examples:
Sustain-Easily-Imprison
Time for tea at 1:23

What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type.

You can make your passphrase even stronger if you want to by replacing letters with numbers or symbols, such as replacing the letter ‘a’ with the ‘@’ symbol or the letter ‘o’ with the number zero.

If a website or program limits the number of characters you can use in a password, use the maximum number of characters allowed.

Using Passphrases Securely
You must also be careful how you use passphrases. Using a passphrase won’t help if bad guys can easily steal or copy it.

Use a different passphrase for every account or device you have. For example, never use the same passphrase for your work or bank account that you use for your personal accounts, such as Facebook, YouTube, or Twitter. This way, if one of your accounts is hacked, your other accounts are still safe.

If you have too many passphrases to remember (which is very common), consider using a password manager.

This is a special program that securely stores all your passphrases for you. That way, the only passphrases you need to remember are the ones to your computer or device and the password manager program. Never share a passphrase or your strategy for creating them with anyone else, including coworkers or your supervisor. Remember, a passphrase is a secret; if anyone else knows your passphrase, it is no longer secure.

If you accidentally share a passphrase with someone else, or believe your passphrase may have been compromised or stolen, change it immediately. The only exception is if you want to share your key personal passphrases with a highly trusted family member in case of an emergency.

Do not use public computers, such as those at hotels or Internet cafes, to log in to your accounts. Since anyone can use these computers, they may be infected and capture all your keystrokes. Only log in to your accounts on trusted computers or mobile devices.

Be careful of websites that require you to answer personal questions. These questions are used if you forget your passphrase and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even on your Facebook page.

Make sure that if you answer personal questions you use only information that is not publicly available or fictitious information you have made up.

Can’t remember all those answers to your security questions? Select a theme like a movie character and base your answers on that character. Another option is, once again, to use a password manager. Most of them also allow you to securely store this additional information.

Many online accounts offer something called two-factor authentication, also known as two-step verification.

This is where you need more than just your passphrase to log in, such as a passcode sent to your smartphone. This option is much more secure than just a passphrase by itself. Whenever possible, always enable and use these stronger methods of authentication.

Mobile devices often require a PIN to protect access to them. Remember that a PIN is nothing more than another password. The longer your PIN is, the more secure it is. Many mobile devices allow you to change your PIN number to an actual passphrase or use a biometric, such as your fingerprint.

If you are no longer using an account, be sure to close, delete, or disable it. (This article is reprinted with permission from the SANS Security Center OUCH! newsletter.)

How Google Password Checkup Can Protect Your Data

March 28, 2019

Jason Cooley is Support Services Manager for Tech Experts.

While the terminology between a data breach and data leak may not seem very important, being prepared to react to compromised data is. Let’s start with knowing the difference between a breach and a leak.

A data breach is an unauthorized intrusion into any private system to access any sensitive data. Data breaches are typically the work of hackers.

A data leak may result in the same end game scenario, but differs greatly in that a leak is data left exposed or accessible, often accidentally.

While the hope is that you are protected and that your passwords are all secure, this realistically isn’t the case. You can have the strongest password possible, but depending on what information may be sold or accessible, the security can be entirely out of your hands.

Worse, a breach or leak won’t always make national news or show signs of unauthorized access.

If you see an out of state charge on your debit card, you’ll have a good idea that you didn’t make the purchase and suspect that you’ve been compromised. In the case of seeing unauthorized charges, the issue is clear.

However, say your email is compromised. It isn’t so obvious.

Perhaps the person with your credentials will monitor for a time in order to find valuable information on you or others.

There are so many ways to be compromised and so many types of information that someone with access to your account may be looking for.
In the past, I have used a few different websites to periodically check. This is obviously problematic, as reputable sources for compiling breached information are not overly abundant.

Being an IT professional, I felt comfortable looking for these sources. I do not recommend the same for just anyone.

Luckily, you no longer have to search to find any potentially compromised accounts. Google’s new extension “Password Checkup” is here to help.

Google Password Checkup is a browser extension that alerts you to any potentially compromised accounts.

While the browser extension is installed and enabled, it checks any account you log into using Google Chrome.

Now, this is not a foolproof protection blanket. While this is a great tool, it only checks against any data breaches that Google is aware of.

These are the same type of searches I mentioned earlier. While I would have to search before, Google Chrome can handle the work here.

If there is potential that your account is compromised, you should ensure you take steps to recover the account and change the passwords.

While there is no surefire way to remain safe, stay diligent. Remember to make sure your computer isn’t compromised by regularly running your anti-virus software.

Much like you lock your door at home, make sure you are taking care of your personal information.

Using Google’s Password Checkup is a great start, but it’s only a start. Change your passwords regularly and keep them unique.

A passphrase is a great way to have a password that is easy to remember but difficult to guess.

What Is Credential Management And Should I Have It?

August 24, 2017

Ron Cochran is a senior help desk technician for Tech Experts.

In the world today, we have many things to remember and passwords are one of those. We have alarm codes, website logins, usernames, passwords, passphrases, bank account information, and everything in between. However, if you’re on top of your password game, then none of your passwords match and that can be quite the chore to keep up on.

This brings me to a product called Passportal.

Passportal eliminates the need to remember all those different passwords, websites, and passphrases. With Passportal, once you have your account set up – and have entered your websites, usernames, passwords, and passphrases – you will only need to remember one password to sign into anything. There is also an extension for one of the most popular web browsers.

Once you create your account with Passportal, you’ll be able to enter your website of choice, username, and password; then, when you revisit that site, you will be notified that Passportal has saved your credentials for that site. You’ll click one button and Passportal will automatically enter your information in, then you’re logged in to your favorite websites, social media, or message boards.

While it may sound like you’re putting all of your eggs in one basket, Passportal’s main focus is password security. The website, application, and process was created with military-grade password data security in mind while maintaining ease of use for the end user.

In the event of a mugging or break-in, you can lock your Passportal account and disable your usernames and passwords, instead of trying to remember everything you need to change. It’s one less thing to worry about when recovering from identity theft.

Let’s say your credit card and bank information have been compromised. Once you receive your new card and password, you revisit the website. Passportal remembers your password, but it doesn’t work. You will be able to seamlessly add the new password to the Passportal extension with just a couple clicks and keystrokes. Passportal has saved many users countless extra clicks, time, and hassle by keeping their valuable personal information secure.

If you are the owner of a company, you can utilize Passportal and have control over the passwords and when/if they expire. If you have an employee that quits or is terminated, you can lock that username out of your company information with just ONE click of a button. This feature saves valuable time that a human resource manager would have used to track down all the user information, gain access to their workstation or laptop, and remove their profile, or gain access to the server to remove their Active Directory profile.

Passportal also has two-way syncing with Active Directory for Windows Server. With Passportal, there is even a mobile app and phone number you can text to get a password reset. This feature will save employees who are locked out of their accounts – and allow your IT department to focus on more in-depth issues.

If you’re the human resource manager, general manager, or owner of a company, your company will most likely be able to benefit. Ask your IT department or managed service provider about Passportal and how you can implement it within your company.

What Makes For A Good Password?

October 25, 2016

Luke Gruden is a help desk technician for Tech Experts.

It seems like every week we need to make a new password for a new account. When making a password, there is usually some colored bar letting you know if your password is strong or weak.

It is very important that we maintain strong passwords for our accounts, so no one uses a password generator to guess the password and gain access to our private information.

What actually makes a good password? Length is one of the best methods to making a stronger password as it’s harder for a computer to hack a longer password. For the length, it’s recommended to have at least 12 characters.

If your password consists of basic words, it’s recommend the password be even longer as a lot of password crackers out there auto-search dictionary words.

You can even make a sentence or sentences. There is no rule against something like this: “Hello! I am Luke with Tech Experts and I work on computers!” That was about 60 characters and would take significantly longer to crack than a simple 12 character password.

The next best factor to making a good password is complexity. Complexity is when a password uses special characters, numbers, random capitals, and contains few or no dictionary words. The more complex a password is, the far harder it is for a computer to crack the password. “s5df1K51lj!@# ^k5$#1#!!2 @” would be a really good password, but good luck remembering it. Too complex and it’s hard to remember, too short and it’s easy to crack.

However, using length and complexity, we can make a strong password that we can remember.

Adding a number and special character to each word you use will drastically increase the strength of the password without making it too complex “Hello$1 my$2 name$3 is$4 Luke!$5” is most likely a stronger password than the one I used earlier that contained 60 characters simply because the special characters aren’t in the dictionary.

Another important note about passwords is that you should keep every password different for each profile. It can be tempting to use the same password for every account online, but at least try to make variations of your passwords.

The main reason why is that if a website is leaked or hacked, your password can be out there in the public and can be attempted on your other accounts, so even if you have the best password in the world, using the same password for every account can make your accounts vulnerable.

The last good practice for passwords is to change your password every 6 months or so, so even if your password was leaked without your knowledge, changing the password would end the issue. Also, some computers will try to crack a password 24/7 and, with enough time, it will eventually guess the right password. Changing your password every so often will thwart those computers that endlessly guess at your password.

Another way to ensure you have different strong passwords is to use a password manager. A password manager is a type of program that stores your different passwords for different accounts, but that itself still needs a good password to protect your collection. With a password manager, you can use a generator to create very long complex passwords and not have to worry about remembering them as long as you have accesses to your manager.

If you need any help with passwords or with setting up a password manager, you can count on your Tech Experts to help you on your way. Contact us with any questions at (734) 457-5000.

Major Password Breach Uncovered

June 27, 2016

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Wire Fraud: How An Email Password Can Cost You $100,000

August 31, 2015

Wire fraud is one of the most financially damaging threats to people and businesses today. Victims can lose hundreds of thousands of dollars in the blink of an eye.

What is wire fraud? Let’s start with the basics:

A wire transfer is an electronic transfer of funds between entities, usually a bank and someone else.Wire fraud utilizes this system to steal money. Typically, this is done by fooling a financial institution into wiring money to a fraudulent account.

The process often begins with the theft of personal data or email credentials, which means data security is paramount to preventing this threat.

Here’s an overview of wire fraud so you can better protect your business and clients. [Read more…] about Wire Fraud: How An Email Password Can Cost You $100,000

« Previous Page