Generated Passwords Resolve Two Issues

During the recent holidays, I decided to get around to that one project I’d been meaning to do: change all my passwords. I have 241 unique passwords, and even though my password manager at the time gave them strong scores, I just wasn’t happy with the whole situation. So, I dived into a project for the generations.

As you should expect, I’ve read all the security alerts and everything I could find out about layers of security at the websites I visit for personal matters and those I use to serve clients. Each site is different, and that includes the two-factor authentication steps. It should give you comfort to know that using website passwords can be as complex as nuclear-launch codes – though it’s not comforting to think that any code can be cracked.

Randomly generated passwords that are frequently changed offer the best protection against cracking, which is why nuclear-launch codes always change – and why codes for keyless-entry systems for homes, cars and garages are essentially one-time codes designed to thwart anyone with a code scanner who sits near your car or home. Some password managers can change random passwords automatically when a website requires. No matter which one you use, you’ll need to have a master password – and that’s the only password you’ll need to remember.

Changing all of your passwords is not a task for the faint-of-heart. You’ll need to have a password manager program, such as Dashlane, LastPass or 1Password, and you’ll need to pay attention to details. I happen to like Dashlane for two of its features: random password generation and its integration with all browsers and operating systems. I consider those features to be critical.

When you use a password manager to generate random passwords, you need to pay attention to the requirements of each website. Some websites require the use of symbols, but many of them restrict you to certain symbols. Some require upper- and lower-case letters, and some require numerals. Many websites specify a certain number of characters in a password, such as 8 to 12 or 12 to 16. Just be mindful of all requirements when you set up the random password generator for each website.

One of the steps I took – and something highly recommended for financial websites – was to create a randomly generated password, log in to the site to make sure it worked, and then change it almost immediately. Each randomly generated password should be impossible to remember because it should lack any kind of pattern. For example, there doesn’t appear to be anything meaningful to me in FdXKCX9ZKsw. When a website requires you to change the password, you should have a password manager that does this automatically. Dashlane and LastPass do this, but they handle the process differently.

If you want to change your password manager, you can download all of your passwords so that you can re-enter them in your new password manager.

You should also know that your master password resides locally on your computer or mobile device. If you change computers, phones or tablets, you’ll need to re-enter your master password manually, not all your passwords – and it’s probably a good idea to do so to protect your data.

There are two keys to making a password manager and randomly generated passwords work. One is to make sure that the password manager itself is the latest version available and that you install all updates. Remember, as we’ve said so many times before, updates almost always include security patches and bug fixes.

The other key is to have a strong master password – really a passphrase. An effective passphrase should be something long – 20 to 30 characters – that you can remember and that doesn’t contain any information about you that’s available in public records. It should include upper- and lower-case letters, at least one number and at least one special character. Even if you change it every two or three months, it’s the only one you need to remember.

We can help you evaluate password managers and help you with the installation process. We think passwords have to become extinct as other security measures take hold, but for now, passwords are deeply ingrained in our online lives. Call us – 973-433-6676 – or email us for password manager help.

Inside the World of Updates

Facetime updates got a lot of face time recently with all the reports about how a 14-year-old discovered a bug that left a mic open even if a recipient didn’t answer a group Facetime call. It was shocking but not surprising, based on how updates are developed and implemented.

Apple, Microsoft, Google and other technology companies are huge corporations and, as such, are highly compartmentalized. When I visit trade shows and conferences and can find an engineer or software developer to discuss very specific issues related to hardware, firmware or software, the conversations very technical and very tightly focused. They are brilliant people, but they operate in silos.

So, when a problem like the Facetime issue surfaces, it’s likely to involve a piece of code that only one person or a small team worked on – based on instructions that may have come down through several layers of command. That person or team didn’t talk the public or get any feedback based on a personal interaction. Further, the amount of code needed to implement a feature such as a group Facetime session is massive. It’s written in sections and assembled in sections, and even though they are tested, errors can occur each time lines of code from various teams are put together. The people involved do a great job, and the percentage of errors to lines of code written is practically microscopic.

The bottom line is that bugs will show up in the real world, and they need to be found and fixed before any catastrophic consequences show up. But code is not the only factor in updating software for use on a computer or device. We see a lot of old computers and devices with old operating systems that simply cannot handle updates.

We were reminded of the technology gap that opens up when working with older systems. It involved a family business, and technical challenges arose as some family members wanted capabilities that were requested by others. The challenges came as we had to work with computers and devices with a wide range of ages and with differences between Windows 7 and Windows 10. We had to be mindful that Windows 7 is 12 years old and that we are six versions into Windows 10.

Our common thread in the solution had to be sealing up security breaks. We can’t emphasize enough that security patches are the biggest improvements in upgrades and updates, although we all get excited about new features and capabilities. And the problem is that an older system can only handle a limited number of security and feature updates.

At some point, it doesn’t pay for a software or hardware provider to support older systems. Their developers have to jump from one issue to another like playing Whac-A-Mole, and then there is a smaller universe of real-world users to provide feedback on the new code and then use it.

One of our missions is to make the most efficient use of your money. We’ll always do our best to avoid having you buy new equipment or software by trying to find a good workaround. But sometimes, buying new technology can give you a better return on your investment, and one of the reasons to do so is to take advantages of upgrades and updates that are used by a larger universe of people and businesses. That can be especially beneficial based on the how the update world lives.

We can help you install, configure and test updates, and we can advise you on whether to upgrade or keep your current technology. Call us – 973-433-6676 – or email us for a consultation.

Office 365 and The Cloud

The recent Office 365 outage highlighted reasons why using the cloud exclusively is not always the ideal solution for everyone. It’s great to be able to pull data from anywhere in the world, but if you can’t place an order or send out an invoice, the cloud has rained on your parade.

Most of you likely didn’t notice effects from a recent Office 365 outage that affected getting email on your computer or mobile device. You have had trouble getting and sending email, but hey, we always seem to have problems. Still, it’s no reason to give up on Office 365, which we like a lot, or give up on the cloud. The cloud enables a business of any size to access records and all sorts of data files, use applications, and collaborate to conduct business from anywhere. It’s the engine that drives virtual offices and connects a company’s workers and clients or customers in the same way, regardless of whether you’re in 2 or 200 locations and cover 2 or 2 million people.

When you’re at the smaller end of the spectrum, Office 365, for example, gives Microsoft a large enough customer base to provide the same resources that you’d find in an international conglomerate. By leveling the technology field, it gives more people access to the world of commerce.

To break it down and probably oversimplify the technology, Microsoft Azure makes it all happen. In a company of any size – or even a family of home users – it syncs everyone’s passwords to access email, applications and data. It provides multiple layers of security, and through a process known as SSO (single sign on), Azure makes all of those levels of security talk to each other. That communication, which is transparent to non-technical users, is what makes it so easy and convenient to use the internet.

As the tech industry develops better artificial intelligence, Azure and similar services will also drive innovations that will lead to the elimination of passwords while increasing security. AI looks at patterns and can analyze whether an abnormality is a one-time event or if there are multiple occurrences that demand a quicker, harder examination.

For all those reasons, we believe a hybrid computing environment may make sense for small offices and home users. Office 365 with a backup of data files to Azure puts a vast amount of resources to work for you to maximize your efficiency for work or play – and to keep your identity and data secure.

But if you are a business that requires a lot of employees to access sensitive data, you may want to keep the data and applications local – on a server – to keep access away from the internet. Keeping it all inside minimizes the risk that one person’s carelessness or mistake will open a breach in your security. You can still have your server send data to the cloud as an effective backup process, and you can still allow certain employees to access files on your server or in the cloud from remote locations, but strict controls will minimize opportunities to breach your security.

We can advise you on whether to implement a cloud-based technology system, a hybrid system or a strictly on-site system and help you implement it. Call us – 973-433-6676 – or email us to talk about it.