Using Alternatives to Passwords

We have harped…and harped ad infinitum…about having strong passwords simply because those strings of upper- and lower-case letters, numbers and special characters offered the best chances of staying ahead of the hackers. But we’ve always reminded you that something better is needed because the bad guys have a vested interest in developing better systems to crack passwords and in finding more ways to exploit vulnerabilities in anybody’s electronic vaults that store vital personal and corporate info.

When one of our clients got hacked, we installed a password-less system to offer them better security. Our solution, which uses Microsoft Azure, is one of the emerging technologies to replace passwords with biometrics, one-time codes, hardware tokens and other multi-factor authentication options. What they do is exchange tokens and certificates without users – you, your employees and your customers – needing to remember anything. The new pathway to better protection even bypasses the password managers that many of you use.

IT industry figures show that more than 80 percent of security breaches involve stolen passwords and credentials. We all pick passwords that are too simple and easy to guess, or we store and reuse a few complex passwords that we can remember. That problem is exacerbated by forcing regular password changes even without evidence of breach. If password reset systems rely on people, they can be fooled by social engineering. Password-less technologies can combine certificates with contextual security policies that require less from you. They rely more on trusted devices and connections, and they can add layers of complexity as risks rise. New security can be based on the value of the content and factors such as user behavior, device location and connection, or the state of the device.

You can already set up password-less access using Microsoft’s Azure AD Conditional Access. Many of you who use our backup services already have Azure accounts, and you can use the technology to manage:

  • Sign-in risk to identify who’s signing in and determine who’s a risk.
  • Network location to determine if access is being attempted from a network location that is not under your control or the control of your IT department.
  • Device management for accessing cloud apps from a broad range of devices including mobile and personal devices.
  • Client application to manage cloud access using different app types, such as web-based, mobile, or desktop.

There are some cross-platform technologies available for going password-less, but it all starts with the Microsoft Authenticator app. It uses key-based authentication to create a user credential that’s tied to a device and uses a PIN or biometric. Instead of using a password to sign in, users see a number code to enter into the Authenticator app, where they have to enter their PIN or provide a biometric.

Password-less sign-in for Microsoft accounts with the Microsoft Authenticator app is already available, and support for signing into Azure AD is now in public preview. Right now, the app can only cover a single account registered with Azure AD in one tenant, but support for multiple accounts is planned in the future. It covers Office 365 and Azure and works with a variety of other apps.

If you’re ready to go password-less, we can help you decide what’s right for you and set up your accounts and devices. Just give us a call – 973-433-6676 – or email us to set up an appointment.

Choose the Right Router

As we add more traffic to our Wi-Fi networks in the office and at home, choosing the right router is critical for performance and security. If your router is more than a few years old, the combination of improved technology and the probable loss of full power due to wear and tear means you should consider investing in a new system. The good news is that you don’t have to spend a fortune.

How do you know it’s time for a new router? The first sign is sluggish performance, and it’s a subjective call. Whether you use your router for business or home entertainment, you can notice that data just isn’t moving throughout your location as fast as you’d like. With today’s demands for moving more data faster, your router could be worn out or not have the capacity to meet your needs.

Routers do wear out over time. Heat can damage internal components, and that slows them down. Newer routers have fresher components, and they meet better performance protocols. This is especially true when it comes to dual-band routers. Older routers tend to operate on the 2.4 GHz wireless band, where they share space with your other household products, such as cordless phones and even your garage-door opener. That creates a lot of interference that affects network performance. This problem is more likely to affect home offices and small retail systems. In some homes, whether used for home offices or as converted office space, multiple stories and thicker walls require more powerful routers to send signals where needed.

Dual-band routers work on both the 2.4 and 5 GHz wireless bands, and that gives you options. You can set some systems to run on the 2.4 GHz band and use the 5GHz band for managing bigger data capacities. Some routers even allow you to run on two 5GHz bands. For a home office, a home with multiple devices (computers, mobile devices and smart TVs), a business in a converted home, or a small retail space, this allows you to dedicate bands to specific uses. Think of it as having a slow lane, an express lane, and a lane dedicated to buses and trucks.

For a home or small office or retail use, look for a router with at least four 10/100/1000 (Gigabit) Ethernet ports to connect wired devices such as desktop PCs, network-attached storage drives and home-automation hubs. A USB port makes it easy to plug in a printer or a USB drive and share it across the network, but with two ports you can do both.

You can manage how your Wi-Fi network is being used with parental controls, Quality of Service (QoS) options, and a guest-network feature. Parental controls and QoS are for home use. The latter helps you assign network priorities for applications and clients, such as downloading files, running printers or managing streaming to TVs or devices. You can also manage priorities for gaming systems.

A guest network for a home or business lets you create a separate network to offer Wi-Fi connectivity to guests without leaving your entire network vulnerable. This lets them connect to the Internet, but doesn’t give them access to your files, printers, and other connected devices.

Wireless routers for businesses have improved tremendously. To meet the complexity and requirements of running a wireless network these days, routers now have a much more varied feature set, including hardware that is often found in computers. You can find systems with dual- and triple-band connectivity, as well as a slew of other features usually found on far more expensive enterprise-grade models.

Priorities for business users differ from most consumer users. Security, support, remote access, business-grade VPN, WAN redundancy, connectivity options and scalability are critical. However, this doesn’t mean that some consumer routers cannot be used as business routers, especially in a home office environment.

We can help you find a router that meets your networking needs and help you find the best location and configurations to maximize performance. Call us – 973-433-6676 – or email us to answer your questions about router selection and help you with setup and settings configurations.

Hack Attack Continues vs. Businesses and People

While government-sponsored hacking and disinformation makes big news, don’t take your eye your eye off the ball when it comes to protecting your personal and corporate data. A report from a consulting firm, Positive Technologies, painted a dark, dark picture, saying the second quarter of 2018 showed a 47 percent increase over 2017. You need to remain vigilant, even when events are beyond your control. Nobody is immune.

As reported in Tech Republic, Positive Technologies said the most common methods of cyberattack are:

  • Malware (49%), with spyware or remote administration malware being the most widely used forms of infection.
  • Social engineering (25%) is the term for manipulating users into believing a message, link, or attachment is from a trusted source, and then infecting targeted systems with malware, stealing money, or accessing confidential information.
  • Hacking (21%) exploits vulnerabilities in software and hardware, causing the most damage to governments, banks, and cryptocurrency platforms.
  • Credential compromise (19%) targets password managers used for storing and keeping track of passwords.
  • Web attacks (18%) are online racketeering attempts to extort website operators for profit, sometimes by threatening to steal client databases or shut down the website.
  • DDoS (5%) tends to be the weapon of choice for business rivals, disgruntled clients, and hacktivists. Political events can drive attacks on government institutions. Criminals can use DDoS attacks to take websites offline and demand payment from the victims.

Attacks can be made in tandem, such as the common duo of using phishing emails to trick users into downloading malware.

Financial and healthcare institutions, retailers, and government databases remain prime targets, but higher education institutions and even school districts are being attacked. Wired reports that this past March, the Department of Justice indicted nine Iranian hackers in alleged attacks on 144 US universities and 176 in 21 other countries. They were also cited for attacking 47 private companies.

Hackers are homing in on the money. Positive Technologies said targeted attacks are outnumbering mass campaigns, with attacks directed at companies and their clients, as well as cryptocurrency exchanges. Data theft is driving an increasing number of attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). To steal this data, hackers are compromising online platforms, including e-commerce websites, online ticketing systems, and hotel booking sites.

The scary part for us is the report you can never be sure that criminals don’t have your credit card number from one source or another. Even a brand-new smartphone in a store can have pre-installed malware.

People and businesses can take steps to keep their data safe by installing updates for operating systems and application software and installing antivirus protection on all systems and endpoints and keeping it up to date.

Businesses can encrypt all sensitive information, perform regular backups, minimize the privileges of users and services as much as possible, and use two-factor authentication. Enforcing a password policy with strict length and complexity requirements, and requiring password changes every 90 days, can also help protect systems.

We offer security audits for businesses, and we can answer any questions individuals have about protecting themselves from cyberattacks. Call us – 973-433-6676 – or email us to set up an appointment.