Passwords

How to Best Manage Passwords

How to Best Manage Passwords

The average person can have nearly 100 passwords (or more!) when combining professional and personal accounts and services. That is a lot to remember! Many often use the same email and password for many (if not all) accounts, so they have less to remember. This is the number one liability for accounts online: password reuse. If a popular streaming service suffers a security breach, you may not be too concerned with someone watching a show on your account. However, if your log in information for this service is the same for your banking or other sensitive accounts, the damage can be much more severe. When sites suffer a breach, the hackers immediately try those credentials on banking, email and other sites to see how many areas they can log into with one password. So, it is vitally important to have a different password for every account. In addition, to be really secure, your passwords should all be at least 15 characters (some cybersecurity analysts recommend 25 characters.) How is it humanly possible to remember up to 100 unique lengthy passwords? It’s not! That’s where password managers come into play. A password manager will become your best friend, because it takes care of three critical tasks for you:
  1. It generates lengthy, complex passwords for each of your accounts or logins
  2. It stores these complex passwords in a digital “vault”
  3. It automatically fills in this complex password every time you log into a site
People often say “I’m already using my Internet browser to save my passwords – isn’t that the same thing?” No! Browsers are designed for us to surf the Internet, and although they can store passwords, it doesn’t mean that your passwords are secure. It also means your passwords would be in one browser, so they wouldn’t be available if you use a different browser. Whereas with a password manager, you could log into your personal vault from any browser, making them much more versatile. What if the Password Manger is compromised? Great question! LastPass has been hacked multiple times, but the number of compromised passwords? ZERO. LastPass encrypts all passwords, so the company never sees your passwords, keeping your passwords secure even if a security incident occurs. To find the best password managers for you, your family, and/or your business, we recommend Googling “Best Password Managers”, and you will see a number of reviews of the top password managers available today. Also, please contact your Program Manager to ensure your organization is enrolled in designDATA’s complimentary Dark Web Scan offering which will notify you if any account in your organization has shown up on the Dark Web. Stay safe out there! by Imran Khan

Why autocomplete passwords are risky

Many people use auto-fill passwords for their convenience. What you might not know is that hackers and advertisers can use them to get access to websites and other applications and gather sensitive information. Learn more about the risks of using autocomplete passwords.

Why auto-fill passwords are so dangerous

Certain web browsers have integrated features that enable usernames and passwords to be automatically entered into a web form. There are also password manager applications that have made it easy to access login credentials. But these aren’t completely safe. They can become a liability if hackers gain access to computers or browsers.

For example, if a hacker gains access to just one account, it’ll be easier for them to obtain access to other accounts because the autocomplete feature will fill in all other saved credentials.

Tricking a browser or password manager into giving up saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do users know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to monitor the sites that users visit. AdThink and OnAudience track people based on the usernames in hidden auto-fill forms and sell the information they gather to advertisers. While the intention is not to steal passwords, there’s always the likelihood of exposure.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

  • If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
  • If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

Being cautious about your password security habits can go a long way in protecting your sensitive data. For managed, 24/7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

The dangers of autocomplete passwords

Hackers have found a new way to track you online. Aside from using advertisements and suggestions, they can now use autocomplete passwords to track you down. Feeling unsecure? Here are some ways to keep you out of harm’s way.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.
Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.
Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

  • If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
  • If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

IT security policies your company needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

Published with permission from TechAdvisory.org. Source.

The risks of auto-complete passwords

If you’re disturbed by advertisements and “helpful” suggestions that are based on your internet browsing habits, recent research has found yet another source of online tracking. It’s a sneaky tactic that also comes with serious security concerns. Let’s take a look at what you can do to stop it from targeting you.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

  • If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
  • If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.