TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Passwords

Better Passwords: Keep Your Information Secure!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

It could be your email, your pictures, or your company documents and files – whatever you have on your computer needs to protected from hackers, identity thieves, nosy employees and other cyber troublemakers.

Imagine if all of your private, personal and company information were available on the public Internet. And then, take a few minutes to follow the steps below and help make your systems more secure.

Use a different password for each important service
Make sure you have a different password for every important account you have. Hackers will steal your username and password from one site, and then use them to try to log into lots of other sites where you might have an account.

Even large, reputable sites sometimes have their password databases stolen. If you use the same password across many different sites, there’s a greater chance it might end up on a list of stolen passwords. And the more accounts you have that use that password, the more data you might lose if that password is stolen.

Giving an account its own, strong password helps protect you and your information in that account.

Make your password hard to guess
“password.” “123456.” “My name is Inigo Montoya. You killed my father. Prepare to die!” These examples are terrible passwords because everyone knows them – including potential attackers.

Making your passwords longer or more complicated makes them harder to guess for both bad guys and people who know you.

Complex and lengthy passwords can be a pain – the average password is shorter than eight characters, and many just contain letters. Analysis shows that only 54 percent of passwords include numbers, and only 3.7 percent have special characters like & or $.

One way to build a strong password is to think of a phrase or sentence that other people wouldn’t know and then use that to build your password.

For example, for your email you could think of a personal message like “I want to get better at responding to emails quickly and concisely” and then build your password from numbers, symbols, and the first letters of each word—“iw2gb@r2eq&c”.

Don’t use popular phrases or lyrics to build your password—research suggests that people gravitate to the same phrases, and you want your password to be something only you know.

Keep your password somewhere safe
Research shows that worrying about remembering too many passwords is the chief reason people reuse certain passwords across multiple services.

But don’t worry – if you’ve created so many passwords that it’s hard to remember them, it’s OK to make a list and write them down. Just make sure you keep your list in a safe place, where you won’t lose it and others won’t be able to find it.

If you’d prefer to manage your passwords digitally, a trusted password manager might be a good option. Many web browsers have free password managers built into them, and there are many independent options as well.

Secure Online Accounts Without Sacrificing Ease Of Use

by Jeremy Miller, Technician
The Internet allows us to do so much, such as: buy things, research information, and share just about anything. There is and will always be someone out there that is going to take advantage of Internet users in one way or another.

Keeping that in mind, most places on the Internet use password authentication, this is both good and bad. It is good because you are required to enter credentials that you originally provided to enter a protected area of a website.

This may keep your data safe from most people with malicious intent. However, most people are not perfect at remembering passwords, especially complex passwords, so most people end up using the same password for many websites. This is a bad choice.

If a hacker obtains your password, they may be able to access any site on which you use that password or a similar password. The best Internet practices are to use a different complex password for each website.

Complex passwords are passwords that contain upper and lower case letters, numbers, special characters, and they must not resemble any dictionary word.

An example of a bad password is: love, password, P@ssw0rd. A good example of a complex password would be: ”n$)M1@x{1_5” 65”.

Password cracking has come a long way from brute-force dictionary based attacks, which allow a hacker to guess your password using a computer and wordlists. The use of complex passwords has become a necessity for anyone wanting to keep their information secure.

The best way to solve this conundrum is to implement a password manager. I have tried many password managers and have found the best results to be with LassPass password manager.

It is a feature rich password manager that is very secure. LassPass does not store or even know what your password is.

You can add LassPass as a browser extension or an app on your computers or mobile devices. You will only have to remember your password to LassPass to access any password protected websites.

Once LassPass is installed you simply visit a website that requires a login, such as your webmail or Facebook. Once you enter your username and password LassPass will ask if you would like to remember it.

If you choose yes it will auto fill out the information required to automatically login to the website the next time you visit it.

LassPass can also store secure encrypted notes that work great for bank logins. Most banks have a multi-stage login which is where you enter your username and password on different pages.

You can store your usernames, passwords, account numbers, and card numbers in secure notes for ease of access. All of your passwords can be accessed from any platform and any device.

LassPass also provides users with many tools that make using the LassPass password manager better such as: password generators, automatic form filling with the ability to have multiple identities, easily backup the data to local storage, on-screen keyboard to prevent key loggers, ability to share information via email, and most importantly two-factor authentication.

A two–factor authentication device allows you to use a password and a device such as a USB flash drive, YubiKey©, or Google Authenticator App to authenticate.

This improves your security because you have to have the second credential. Since that is in your possession, a cyber criminal would have to actually steal your device to hack your passwords.

Once you start to use LassPass as a password manager you will not want to return to remembering passwords or creating weak password that are easy to remember.

Give us a call to talk about improved security for your online accounts. We can help you setup the password manager and teach you how to use it. This is another way to make sure that your identity does not get compromised.

Strong Passwords Keep Your Personal Information Secure

A recent ZoneAlarm survey revealed that 79 percent of consumers use risky password construction practices, such as including personal information and words.

The survey also revealed that 26 percent of respondents reuse the same password for important accounts such as e-mail, banking or shopping and social networking sites.

In addition, nearly 8 percent admit to copying an entire password found online in a listing of “good” passwords.

Given these numbers, it’s no wonder that 29 percent of respondents had their own e-mail or social network account hacked, and that over half (52 percent) know someone who has had a similar problem.

The first step a hacker will take when attempting to break into a computer or secure account is try to guess the victim’s password.

Automated programs are available to repeatedly guess passwords from a database of common words and other information.

Once a hacker gains access to one account, almost 30 percent of the time that information can be used to access other sites that contain financial data such as bank account numbers and credit card information. To ensure you stay safe online, here are a few tips for creating a strong password.

Use Unique Passwords For Each Account
Choose different and unique passwords for each account.

Passwords Should Be Eight To Ten Characters Long
Choose a password that is at least eight to 10 characters long. This should be long enough to prevent brute force attacks, which consist of trying every possible combination of a password until the right one is found.

Avoid Using Personal Information
Make sure your password is difficult for someone to guess. Do not use names of any kind, including your login name, family member’s name or a pet’s name. Also avoid using personal information such as a phone number, birthday or place of birth.

Avoid Words In The Dictionary
Avoid words that can be found in the dictionary. With the availability of online dictionaries, it is easy for someone to write a program to test all of the words until they find the right one.

Avoid Repeating Characters Or Sequences
Stay away from repeated characters or easy to guess sequences. For example: 77777, 12345, or abcde.

Use Numbers, Letters And Special Characters
Choose a password that is a mixture of numbers, letters and special characters. The more complex and random it is, the harder it will be to crack.

Use Word Fragments
Use fragments of words that will not be found in a dictionary. Break the word in half and put a special character in the middle.

Frequently Change Your Passwords
Change your passwords often. Even if someone cracks the system password file, the password they obtain is not likely to last long.

Cyber crime is on the rise. Taking the time to actively choose secure passwords will protect your identity, banking information and personal information. And remember, writing your password on a sticky note on your monitor isn’t secure!

Do You Keep Critical Passwords On A Sticky Note Next To Your PC?

We constantly struggle to get our clients to stop writing down their passwords on sticky notes by the computers. Obviously this is a security risk. Another bad habit is choosing  really easy-toremember passwords such as “password.”

But admittedly, it CAN be hard remembering all of those passwords that are always changing. To solve this little dilemma, we’re suggesting to our clients to stop using passwords and use “pass-phrases.”

What is a “pass-phrase” you ask? They are letters and numbers put together in an easy-toremember phrase such as “!YEAHGoBlue!”

These are MUCH easier to remember than a random cluster of letters and numbers, which means you won’t have to write them down on a post-it note anymore! Plus, they’re much more secure than using a birthday or child’s name.

Pass-phrases can be built from anything, such as favorite quotes, lines from movies, sports team names, a favorite athlete’s name and jersey number, kids’ names and birthdates, pets, and so on.

Here’s some other examples that would be easy for you to remember, but hard for a hacker or criminal to guess:

ILike!ceTea

T&lkingOnTh3Phone

d3tro1tHockey

goneWithth3w!nd

Git-r-don3!!

Detroit-R3D-Wings

All you need to do is be a little creative to get numbers, letters and punctuation into the phrase. All of the normal suggestions remain the same – don’t make a password  exclusively a birthday or child’s name, and always include special letters and punctuation.

Since introducing this to our clients, we’ve found (believe it or not) they actually have fun doing this, and at the same time, are making their networks more secure!

How To Pick A Good Password

What’s the most common password? You guessed it…”password.” Obviously this is not the best way to protect yourself against hackers and online thieves. But even if you don’t use the word “password,” you might be using an equally easy password to decipher.
We suggest you DON’T use the following passwords for really important web sites, such as your online banking web site or other financially related sites.
• Your name or your spouse’s name.
• Your children’s names.
• Your pet’s name.
• Your birth date.
• The last four digits of your Social Security number.
• Your phone number.
• Your address.
• A series of consecutive numbers, such as “1, 2, 3, 4.”
• A single word that would appear in a dictionary.
Your best bet for creating a strong password: Use combinations of letters, numbers and special characters.

Do You Roll Out The Red Carpet For Identity Thieves?

Just about every web site you visit these days wants you to register and choose a password, especially when making a purchase.

However, if you do this carelessly, you may be setting yourself up as an easy prey for online criminals.

Although we know we should choose unique and hard to decipher passwords that contain both numbers and letters, most people still use easy to remember passwords and words for their convenience.

Below are the top 10 passwords used online according to PC Magazine. If you are using any of the following, you’re putting a big red bullseye on your account for identity theft:

  1. password
  2. 123456
  3. qwerty
  4. abc123
  5. letmein
  6. monkey
  7. myspace1
  8. password1
  9. link182
  10. [your first name]

If you want to avoid having to remember dozens of hard-to-remember passwords, Robo Form is a great FREE software you can download without having to fear adware or spyware. RoboForm was named PC Magazine Editor’s Choice, and CNET Download. com’s Software of the Year.

After you download the software, it memorizes your passwords and logs you in automatically to every web page with one click.

Best of all, it encrypts your passwords and generates random passwords that hackers cannot guess. You can even back up your passwords so you can copy them to another computer.

Nine Easy Steps To Protect Your Computer From Viruses, Trojans and Infections

Here are some helpful suggestions from the experts at TechExperts on how to protect your computer and network.

Step 1: Protect your personal information.
Be suspicious of any email with urgent requests for personal financial information, and never respond to unsolicited requests for confidential information.

Beware of phishing. Phishing is an Internet scam where a message is sent out via email asking you to provide or verify certain information.

Typically these requests are designed to look like they came from a bank or other service provider. Usually there is a link to the bank’s website. But in fact the link doesn’t go to the bank; it goes to a computer controlled by fraudsters. Once armed with your data, thieves take out cash advances from your accounts or may try to steal your identity.

Step 2: Use an anti-virus program and take steps minimize computer virus risks.
Make certain that good, commercial-quality anti-virus software has been installed on your computer. New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. Many free anti-virus programs don’t provide for automatic updating.

Your anti-virus software should be set to automatically update, and should always be running.

Step 3: Install anti-spyware software and enable Windows Firewall.
Spyware is software that is usually downloaded from the Internet, either intentionally under the guise of a service or utility, or without your knowledge as a result of browsing malicious Web sites. Spyware gathers information about how you use your computer, and poses a threat to your privacy.

A firewall is a piece of software or hardware that helps guard computers against hackers as well as many computer viruses and worms.

Windows XP has a built-in firewall product, but it may not be enabled. Give us a call for more information on how to enable Windows Firewall.

Step 4: Be careful with email attachments.
Attachments are files, such as a document or picture that can be sent along with an email. Viruses spread by hijacking an infected computer’s email address book. The virus sends copies of itself as email attachments to everyone in the victim’s email address book. This gives the appearance that your friend is emailing you a joke or a document, but it’s really the virus attempting to spread itself.

If you receive an unexpected email attachment, even if you know the sender, do not open the attachment.

Step 5: Use strong passwords, and change them often.
A strong password is one that is not obvious or easy to guess, it should be 8 – 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols such as punctuation marks and special characters.

Step 6: Stay updated.
As flaws are discovered, software makers such as Microsoft release software updates. To ensure that your computer is secure, install the appropriate updates. There are a few circumstances where you might not want to, but generally, always enable Windows Update to automatically install updates to your system.

Step 7: Be careful about downloading.
Tons of no-cost programs are available with more becoming available each day. If a program is written with malicious intent, the author/intruder will not tell you that it will harm your system.

Many no-cost programs collect data about you and then sell that data to advertisers. These types of programs are called “spyware” (see step 3 above).

Step 8: Backup, backup, backup!
In case of emergencies, such as a hard drive crash, documents and data files stored only on your local hard drive need to be backed up and backups need to be periodically tested. If you are not sure if your files are being backed up, give us a call – we’ll be happy to help.

You may also want to consider encrypting and/or password-protecting files so that data will be unusable if stolen. Note that conventional passwords, such as Windows passwords, do not secure your data.

Step 9: Know where to go when you need help with your computer.
Keep our 24 hour computer emergency hotline telephone number available: (734) 240-0200. We’re always here to help with your computer problems!