Double Check, Triple Check

In times of crisis, cybercriminals know how to take advantage of our generosity with online scams. They come in all shapes and forms. You need to double check and triple check every email you get requesting money or action, and you need to do the same for every link you have an impulse to click.

At this point, I think we’re all sophisticated and careful enough to take a close look at the emails we get. We know to hover over a name we know to see the email address from where the message was sent. You know, for example, that you likely won’t get an email from me generated from a service in Russia – and you know to call me to see if I really did send you an email from a Russian address. You’ve got to step up your vigilance. Don’t be afraid to question anything – and never open an email or click a link in an email if are not completely sure it’s legit. A cybercriminal can use the link you click or the file you download to get into your computer and hold your data for ransom or steal vital personal or corporate financial data.

This is important because you can expect a lot of emails from people and organizations purporting to be charities to help victims of the Covid-19 crisis and hardship from civil unrest. There are many good, legitimate organizations helping good causes, but there are bad ones, too. While a specific “charity” may not plant a virus or ransomware in your computer, they will get your credit card info (bet they didn’t offer a mailing address to send a check), which they can sell many times over on the dark web.

This goes beyond email. We’re too click happy when it comes to news and entertainment sites, clicking away at any headline or teaser that sparks our interest. In our time of crisis, news sites get our attention, especially if there’s something outrageous regardless of whether it supports our beliefs or not. Aside from whether it’s true and from a reliable news source, it could also be a way for a cybercriminal to hijack your computer. The same goes for pop-ups on less-than-reputable websites.

We’re getting a lot of calls to clean up infected computers, and one incident illustrates the problem. After we cleaned a client’s computer of a problem generated by clicking on a questionable site, the client immediately clicked another piece of clickbait and had an immediately re-infected computer. We all need to use good judgment when we click on something we find – or something sent by a friend.

You can further protect yourself by making you have up-to-date antivirus and malware software installed and running on your computer. We also recommend you regularly check for updates for all your application software and hardware firmware and make sure you install and run them. We can help you with fixing problems and preventing them. Turn off your computers or technology infrastructure if you find something behaving strangely or performing slowly and call us – 973-433-6676. Call us or email us if you need help with selecting, installing or updating antivirus or malware protection software and to set up an automated system to handle software and firmware updates.

The Death of 99 Cents

We sometimes get so hung up on not paying one cent or a few dollars more for a service that we don’t see the forest for the trees. As we make more use of technology for our business and personal lives, it’s helpful to put the economics into perspective.

We have some truly amazing technology available to us, and we’ve grown to appreciate it as we spend more time at home. But we sometimes get too hung up on keeping our costs low, and in the process, we lose performance or entertainment joys because we didn’t want to spring for more RAM, a bigger hard drive, a newer phone or better TV or content streaming plans.

The time I spend discussing the benefits of a 99-cents-per-month iCloud storage plan – at an hourly rate that’s a lot more money – is sometimes mind-boggling. That said, the plethora of choices always boggles the mind.

A lot of our consternation comes from the marketplace. Within most of our lifetimes, we had cable TV, which was provided by a carrier that won the right (or franchise) to serve a community. It was that or watch over-the-air, which in metro New York was mostly seven VHF channels and a handful of UHF channels. Cable gave you all those channels plus others, such as ESPN, CNN and a host of out-of-town TV stations, especially those that carried local baseball teams. The Atlanta Braves became “America’s team” because Turner Broadcasting System was ubiquitous. You also could add two premium services, HBO and Showtime. TV was separate from your telephone service. Your local phone company provided your internet service.

Through regulatory changes, phone companies entered the cable TV market, and cable companies entered the phone market. Satellite TV entered the market, and then the cable and phone companies each offered TV, internet and phone service, followed by home alarm systems. That led to the “triple play,” which offered bundled services at “discounted” prices. Even with packages, prices continued to rise – and keep that in mind as we go along.

When package prices rose, customers questioned the concept of paying for channels (or content) they didn’t want. At the same time, it seems like content providers decided to start their own premium channels, and many services have popped up to offer some of their own content plus “skinny bundles” of channels offered by the cable companies.

Now, you need to be selective about these factors:

  • What content do I want to watch?
  • What content can I give up?
  • What quality levels am I willing to pay for?

Let’s unpack and repack these questions.

There is a lot of programming overlap. You need to look at what each content provider offers – and that’s an exhausting search – to see which providers have the most of what you want to watch and when you want to watch it. You can keep your cable either as a service or as streamed content, or you can subscribe to services that offer combinations of live programming, including TV programs, news and sports in addition to their own premium programming. You could wind up paying more than you pay for your cable service, and you may or may not have the same choices within your budget.

You can save some money if you are willing to give up some of your choices. If you never watch sports, for example, you can find packages without them. But if you’re getting Disney Plus, you’re likely going to need to take the ESPN package as part of it. If you want sports, that’s good. But you may also be paying for it as part of another package, such as YouTube TV or Fubo TV. You can research all the combinations until you drop, or you can just jump into the water. Most every service offers a trial period, and the best advice we can offer is sign up, try it and make sure you cancel it before recurring charges start.

Then, there’s quality. Netflix, as you know has three levels: $8.99 as of this writing for a single device, $12.99 for two devices and $15.99 for four. If you want HD quality, you need the $12.99 package. If you want 4K, you need the $15.99. If you just bought a new TV with the latest bells and whistles, why would you not spend an extra $4 per month?

Along with programming quality, remember, too, that you need to have adequate internet service to handle the bandwidth you’ll require to enjoy your content. And, you’ll need to have a good network infrastructure to handle it all, whether it’s strictly for entertainment or for business and school, too.

We’re happy to educate you about the economics of technology to help you make a smart decision. We’re also happy to work with you on the installation and configuration of whatever technology you choose. But ultimately, it’s up to you to decide on your comfort level with whatever you spend. Our advice is don’t cheap out on the hardware because it’s much more expensive and difficult to change.  For online photo and video storage and TV or streaming content, you can adjust up or down as you see what you need. Call us – 973-433-6676 – or email us to help make sure you have the technology you need to enjoy life during these tough times.

Making ‘Work from Home’ Work

As the “shelter-in-place” orders rapidly clamped down on our mobility, the massive and sudden shift in how we worked forced employers and employees to scramble. Equipment and security became the key issues to address.

Most of the equipment issues our clients faced revolved around laptop computers. Because of last year’s chip shortage, computer manufacturers were already behind in building enough machines to meet the market’s needs. Those needs shot up as COVID-19 hit, making computers as scarce as toilet paper. Simply, there are just not enough business-grade laptops to go around. In some cases, our clients have gone to consumer electronics stores to buy home-use laptops for employees and have us set them up.

In our view, that’s better than just having employees use their personal devices to log onto a business network and access files and apps. Unless an employer knows exactly how a computer is set up for security and how secure the employee’s home network is, that employer is rolling the dice.

Many employers have VPNs (virtual private networks) to protect the security of computing from the office to their servers or cloud servers. But that only covers the traffic between their covered computers and the server. Those who regularly work remotely use the VPN, but their computers and devices should have security measures installed, and the users should have been trained in internet security.

When your employee sets up a computer or device at home and logs into your network, here’s the worst-case scenario. Your employee may not have up-to-date anti-virus and malware protection software installed and running. Your employee may not have an adequate firewall – or any firewall – installed and running. Your employee may not have a secure Wi-Fi network. If your employee’s security system is like Swiss cheese, you can be sure a hacker will find a way to tunnel into your corporate data.

Fortunately, we have found a workaround.

Working with your employees, we can install VPNs and we use your ISP’s (internet service provider) IP address as an external IP address when your employee logs into your work network from home. That helps keep the connection secure. Then, we use Microsoft’s Remote Desktop to connect the home computer to your office network and the employee’s office computer. That allows employees to work just like they were in the office.

The keys to making this workaround successful are making sure that all the office computers are on and that someone can monitor the office computer system to make sure everything is functioning properly.

If you haven’t taken these steps yet, call us – 973-433-6676 – or email us to schedule the work and to run through a checklist of things to be done before we begin.

Home Remodeling – Technology Style

Homes were caught short when everybody had to stay home to work, learn and entertain themselves. Wi-Fi networks and the internet had to carry much more traffic, and the rapid rise of new technology needs created holes for hackers to tunnel into systems. Here’s what you need to do.

First, shore up your security. Treat every device in your home that’s connected to the internet like it’s a block of gold in Fort Knox. Make sure your gateways, routers and firewalls have up-to-date security patches and bug fixes installed and running. Do the same for the firmware for every piece of hardware and software for every operating system and application that everyone in your household uses. That includes all of your smart-home devices and TVs – and make sure you have changed the default user names and passwords that came along with those devices.

We can’t emphasize this enough. That’s because between work, school and socializing, we all have more people coming in contact with our systems and every other system we’re connected to. If you have weakspots in your home system, the security of your personal financial and health data could be at risk, and so could the systems at your place of work.

In short, you may need to “remodel” the technical architecture of your home to make sure your systems and devices are airtight.

Second, make sure everyone in your home understands the security settings of all the new software you’re using for work, school and social interaction. We and our kids are all into using the latest and coolest collaboration tools, and the providers of those tools and the users need to pay special attention to how to set them up and use them safely.

Zoom is the collaboration tool that comes immediately to mind. Ever since stay-at-home orders went into effect some three weeks ago, very few people knew about Zoom, which is still considered a startup company. To encourage people to use it, Zoom quickly spread the word about its free service that allows 100 people to gather interactively online for up to 40 minutes. The two operative words here are both four-letter words: Zoom and free. You get what you pay for.

To make a long story short, Zoom rushed out the adaptation of a business application as a consumer app, and it left a lot of security holes. Two of the glaring issues, which were acted on by Zoom two weeks ago, were the sale of user data to partners for marketing purposes and the insidious “Zoombombing” incidents. The latter problem led to hackers placing porn material in school lessons and white-supremacist invasions of meetings, classes and chats sponsored by religious organizations.

Zoom stopped some of the data sales and reworked its privacy setup. It also ramped up the security requirements for people to join a Zoom session.

One other thing that home users likely have noticed is the drop-in internet speeds from their ISPs. That’s a consequence of the ISPs trying to manage the massive demand for data. As a result, you’ll all need to manage your internet use to optimize performance in your homes.

We can help you with security audits, setting up security software and automatic updates for firmware and software. We can also help you with security settings for apps like Zoom. Call us – 973-433-6676 – or email us for an appointment.

What Will Change When We’re Healthy Again?

Be careful of what you wish for. Employees have pushed to work at home, and employers – for the most part – resisted it. More remote working – and learning – will become the new norm as our coronavirus ends, and dynamics will change.

Our workplace and school dynamics are under scrutiny, for sure. People are adapting – at least for now – to the reality of not being able to gather and interact. Are they more productive? Our collective adrenalin is still pumping, and we’re all finding ways to make this new environment work. But what will happen as time goes on?

If working from home becomes more the norm, employers will add more tools to monitor the productivity of their remote workers. A lot of them are already available in the office, where the computer can be just like the boss sitting on a worker’s shoulder and recording every work-related and non-related movement. Will that kind of oversight extend to the home? Right now, an employee suddenly working at home can probably take a break to do some cooking or laundry, especially if they need to meet the needs of a family that’s suddenly at home all the time. What’s going to happen next?

My personal feeling is that everyone is going to miss the personal interaction of the office – and for kids, the interaction at school. There’s much to be gained from the social experience of collaborating in person – and it’s a huge part of a young person’s development. Yet, at the same time, I also think that working and learning through online channels will eventually become more stressful for people who have felt the need to be at the office or in the classroom.

We are social beings, and the people who need to mingle will want to return to an office. We see signs of it as we socially distance ourselves now. When we met some neighbors to walk together, we walked on one side of the street, and they walked on the other side. We came upon other neighbors who were having “picnics,” with their picnicking partners each on opposite sides of the street. Anyone with kids who go to school knows that the kids are trying to find more ways to connect and engage with their friends. Even homeschooled kids have needed social interaction.

The internet will continue to provide a way for people to gather, but it will always be a remote gathering. Will we be able to accept some of this as a new norm? I believe we’ll need to come to grips emotionally and politically with new ways of working, learning and socializing before we address the technology needed to make it happen. Once we decide on our direction, we’ll be able to add the required internet capacity and build the necessary security infrastructure.

Are there any insights into what may be our new way of life? If the observations of our neighborhood UPS driver are any indication, we’re setting up more home offices. He said his most-delivered items are boxes from Staples, monitors and office chairs. Once we have the means to work at home in place, the more likely we’ll all be to work at home exclusively or to a greater extent.

And what about our relationship with online shopping? We’ve taken Amazon and our entire package delivery system for granted; overnight delivery is the rule. Will next day become next week?

In the meantime, we can help you keep up with the technology you need now to meet your evolving everyday-living needs – and maybe help you map out what you might need going forward. Call us – 973-433-6676 – or email us to talk about it.

COVID-19 Crisis – Keeping Your Technology Safe and Productive

A letter to our Clients and Friends:

It’s time to step back and take a deep breath. Yes, breathe in. Exhale slowly. Relax.

We don’t know how long our public health crisis with the coronavirus will last nor how it will end. But we’re in it together, and we at Sterling Rose want to offer you a few guidelines to help make your work and home disruption a little less disruptive.

If you are an employer or partner in a small business and need to conduct business from home, here’s what you should be doing:

  • Make sure everyone with a laptop computer – whether company-issued or personally owned – can log into your cloud or server to access the apps and files that drive your business. If there’s a problem, contact us.
  • Make sure that all of your hardware has the latest firmware (it’s basically like app software for hardware) installed. Do the same for your employee’s personal computers if they are working from home and logging into your tech system.
  • Make sure all of your software – OS, apps, web browsers – has the latest updates and upgrades installed. While updates improve performance, they also have the latest security patches, and that will be most important. Hackers will be in high gear to try to penetrate your defenses.
  • Make double sure that any employees who use their personal computers to conduct your business have of their software up to date for the same reasons.
  • Make sure you and your employees have strong network passwords for Wi-Fi networks and that everyone has installed and activated antivirus and malware protection programs. We strongly encourage everyone to have a password management program in place, too, for convenience and security.
  • Train everybody and constantly remind them to be careful about emails they receive and respond to and links they click. This is like the holiday shopping season for hackers. They’ll prey on your trying to do many things in a short time while under stress. If something looks just the slightest bit out of place, don’t click. Make a phone call.

If you are working at home and/or have kids at home who need to learn online, here’s what you should be doing.

  • Make sure you have the internet and Wi-Fi capacity to handle multiple users at one time. You could have two people working and using cellphones while your kids are either online for classes or homework and/or streaming 4k content on HD TVs or other devices.
  • Make sure your network is secure with a strong password – complemented by antivirus and malware protection software for every device that comes on your network. If your Wi-Fi system has the capability, set up a guest network for family and friends who visit – even though we’re not supposed to have visitors. It will help keep your network secure.
  • Make sure everyone who is on your network has strong passwords for online activities, and make sure everyone in your home has up-to-date firmware, OS software and app software for every device and system they have.
  • Make sure everyone in your home understands the threats caused by hackers. If you’re working at home, you’ll be under stress, so be careful about the emails you open and the links you click. Your kids at home may be bored. Make sure they are careful about the emails they open, the chats they get involved in and the links they click.

Again, take a deep breath, exhale slowly and relax. Take an extra minute to make sure you have your technology safe and functioning and take two extra minutes to make sure everyone – at the office and at home – is aware of the need to practice good online health while we try to avoid getting sick.

Finally, know that we are available to help you, your employees and your family be happy and productive online. Call us – 973-433-6676 – for any problems you have with technology at home or work. We’ll do our best to solve your problems by remote, and we’re still available for onsite visits to solve your problems.

We can all get through this together. We just need to be careful with our personal health and technological health.

All the best,

Norman Rosenthal
Sterling Rose

Drowning in Disinfection

Be careful how you disinfect your tech equipment. One client’s cleaning solution wasn’t ideal, but we didn’t discover its effects until we made a service call.

We made the service call because an Excel file seemed to be going bonkers. When our client clicked on a cell, the file would start scrolling uncontrollably. It only happened with this file. We checked the computer for viruses, but none were detected.

However, the client had a problem with WordPress, too, and that looked like a problem with the mouse. We checked the mouse and found nothing wrong. With optical mouses, you may not be able to see the damage. However, the client mentioned in passing that they had washed the mouse because they feared exposure to poison ivy. We understood the concern because in very basic terms, sensitivity to poison ivy is an allergic reaction. If your allergy sensitivity is higher, you can break out more easily or more severely if you come in contact with poison ivy or its residue.

With today’s coronavirus concerns, we’re rightly becoming obsessed with keeping surfaces as germ-free as humanly possible, and that includes our electronics – especially those in offices or other public places. It’s a good idea to disinfect mouses, keyboards and telephones, but you need to keep moisture away from them. Liquids wreak havoc with all electronics.

We suggest you take the following steps in keeping your technology tools as clean and disinfected as you can.

  1. Unplug your device – mouse or keyboard – from the computer and remove the batteries if you have them.
  2. If you are using something like a Clorox wipe, put a microfiber cloth or some paper towel between the wipe and the device to minimize the moisture. The microfiber cloth is better, and you have probably have a lot of them if you wear eyeglasses.
  3. If you have a spray disinfectant, spray it on a microfiber cloth or some paper towel. Don’t spray it directly on the device.
  4. Make sure that any cloth or paper towel that comes in contact with your mouse or keyboard is only damp – not wringing wet.
  5. Dry your mouse or keyboard as thoroughly as you can with a microfiber cloth and then give your device some time for it to air dry.

Our devices are indispensable, and when damage occurs, the nature of the problem doesn’t always point to the mouse or keyboard. Just pay attention when you clean. In an office environment, we suggest you pass these cleaning tips along to everyone. If you have any questions, call us – 973-433-6676 – or email us.

Time to Reassess Your Email Provider

If you have your email with your internet service provider (ISP), it might be a good time to take a look at what you’re getting, what you could get, and what you might lose.

First, ISPs provide email as a loss-leader service to keep your internet (and maybe cable TV) business. That internet business is critical to their success because more small businesses, home offices and consumers are using more data to run their businesses or live their lives. They’ve built the infrastructure to connect to your home or office. Now, it’s mostly a matter of adding capacity at a central location and using a few keystrokes to provide you with more internet capacity for whatever you need. As a result, they pay only enough attention to your email to prevent a catastrophic failure.

We saw the ISP-email problem firsthand during the past holiday season. Our client had email from Microsoft Hot Mail, but it was through their ISP. We thought it would be an easy fix, but when the problem escalated, the ISP erroneously blamed our client’s computer. We knew it wasn’t the case because we got right down into the system’s basic commands and identified a back-end issue at the ISP. That’s one place we can’t go.

The ISP didn’t do anything, but somehow, the problem disappeared. We think it was fixed either by a reboot to fix a server problem or by someone who actually saw a problem and fixed it. We’ll never know, but regardless, our client is ready to switch ISPs and their email service.

The switch is a two-step process. The first step is to find a new provider. They abound and offer features and capabilities not found in many of the current ISP-based email programs. Here are some of the more popular and more capable choices:

  • Gmail from Google has a friendly conversation-focused interface, powerful search and top-notch spam and malware filtering, which is critical. It integrates with other Google services, including Google Drive, which lets you send attachments over Gmail’s 25-megabyte limit. You get 15 gigabytes of storage, and it’s free, unless you want to create your own email domain. A downside is Google’s proclivity for collecting personal data, but you get some control through its privacy settings.
  • Outlook.com is a web-based email service that’s separate from Outlook in Office. It’s the successor to Hotmail, with a better interface. It also provides 15 gigabytes of storage and integrates with Microsoft’s online Office tools. Microsoft makes a big deal about not scanning emails to serve you ads, but it does scan them to filter spam and malware.
  • iCloud, Apple’s free email service, integrates with Macs and iPhones and doesn’t contain any ads, though it isn’t as feature rich as other options. It comes with only 5 gigabytes of storage, which is shared with other Apple products. You can buy more storage.
  • Fastmail is a paid service that touts privacy and control. For $3 to $9 per month per user, there are no ads, and you can create an email account at any domain you want, which is great for a small business. It’s a great option if you don’t want to tie yourself to one of the big tech giants.
  • ProtonMail emphasizes privacy with end-to-end encryption. However, it requires a bit more work to setup and requires your recipient to jump through the same hoops. Just remember, though, your security is only as good as the security of the weakest link among all the people you communicate with.

No matter which provider you choose, you’ll need to do a lot of preparation. The most important step is to make sure you bring all the messages you want to save to your new email provider’s service. Some ISPs will delete your address and account as soon as you end your service. Others claim they’ll provide unlimited or generous storage and long-term to lifelong access, but there are no guarantees the messages will be kept or open to your access. If someone accidentally removes your messages from a server or removes your login credentials, you’ll have little or no recourse if you’re no longer a paying customer.

Copying all your old email from your old provider to your new one can be complicated. While we don’t want to say it’s something you can’t do at home, we strongly urge you to let us do it or walk you through the process. We want to make sure you get all the messages you want to keep – AND we can help you set up a forwarding mechanism so that people can still reach you after you make the change. (See Tech DIY: Our Equivalent of Calling the Plumber or Electrician.)

One thing you will need to do on your own is make sure you notify everyone of your email change – and do it with your new email address. That will make it easier for people to change their contact list, and it will add your new email to most autofill functions.

Call us – 973-433-6676 – or email us to discuss the best email options for you and to make an appointment to get you set up with your new email system.

Tech DIY: Our Equivalent of Calling the Plumber or Electrician

I can clean out a drain trap and change a light switch. But when I try to do something more, it usually winds up costing more than if I had called the plumber or electrician in the first place. It’s the same with your technology. There are some things you can do yourself, but there are things you shouldn’t touch.

To continue the plumber and electrician analogies, let’s look at some worst-case scenarios. When you do your own plumbing, you could break a pipe and flood all or part of your house – and maybe damage walls, floors and/or ceilings. But you’ll still have your house. With electricity, you could trip a circuit breaker – or shock or electrocute yourself or cause a short that starts a fire and…

In some ways, doing your IT can result in losing all your data, which is the electronic equivalent of burning down your home. Of course, you can back up your data in a secure, offsite location and replicate your system. You probably don’t have a full-size replica of your home or office stashed somewhere else.

So, what are some things you can do? You can download and set up apps, such as a password manager. You know all your passwords, and you can work your way through the setup process to take advantage of the random-generated passwords that make the apps work best. But if things look like they’re getting complicated, you can always call us for guidance or walk-through help.

What are some things we believe you should never do?

Never do anything that involves your website DNS, and don’t switch from one host company to another by yourself. The DNS info is at the heart of keeping your website on the internet, and one mistake can knock you offline. We can help you recover from a mistake, but in addition to the cost of our service, you’ll also pay the opportunity cost for lost business time. Another thing to keep in mind is that when you switch website hosting companies and something goes wrong, each party will claim it’s the other party’s fault. We can make sure that together we all follow the proper procedures to make the switch as seamlessly as possible.

Router changes are another task you shouldn’t do yourself. The biggest dangers are leaving open a port that can lead to security issues or not setting it up properly to manage other remote desktop capabilities.

Even buying a new computer can have pitfalls. With so many configurations available (processors, RAM, hard drive type and size, etc.), it can be difficult if not impossible to match up the right “package” for your needs.

One client experience illustrates the problems that can arise. Our client asked for help with transferring files from the old computer to the new one and assured us the hard drive had “more than enough space – more than I’d ever use.” It was a 128 GB hard drive, and after transferring app and data files, we had 30 GB of free space. However, the client also had 80 GB of music files to transfer. The problem could be fixed, but a lot of extra cost could have been avoided.

We can help make your technology life easier. Call us – 973-433-6676 – or email us when problems arise or if you want to change, add or reconfigure any part of your system. We can help you with advice or with doing the work you need. As the car mechanic said in that Fram oil filter commercial of many years ago, “You can pay me now or pay me later.” My plumber and electrician tell me the same thing.

Passwords’ Brave New World

While passwords need to go away, they won’t disappear overnight. So, we highly recommend you – and the internet world – follow some guidelines from the National Institute of Standards and Technology (NIST) in managing your online presence.

For individuals and small businesses, managing hundreds of passwords for all the websites and resources you need to access requires a concentrated effort. Every organization with which you interact online has to manage your password and everyone else’s. Website managers and administrators work hard to roll out security strategies, but piecemeal security strategies are ineffective and risky. There are too many cracks for passwords and other measures to fall through. Ad hoc strategies leave room for errors that could put customers’ data in jeopardy. This is where NIST comes into play and understanding what’s behind their guidelines can help you take some action for your online security. 

Part of the Department of Commerce, the NIST develops guidelines based on best practices from a diverse array of security organizations and publications. NIST guidelines are so well-respected that private sector organizations have adopted them to keep their entire infrastructures secure. They affect some of the requirements you get when creating your own passwords – which you need to follow because they are in response to newer, more powerful threats.

Here are some of the most important new guidelines that NIST has issued to those who provide the services that manage internet access. You can expect them to affect you.

  • Go long: The suggested minimum is 8 characters when a human sets a password and 6 when it’s set by automation. However, NIST encourages users to create passwords with 64 characters or more, including things like spaces and emojis. They’ll be harder to crack.
  • Remove reset requirements: As users struggle to drum up countless creative, strong new passwords each month, they end up creating weaker passwords. Password strength should be about quality, not quantity—one excellent password is better than 10 new, mediocre ones. 
  • Keep it simple: How often have you created a new account, for a new application, online store, or digital news outlet, and encountered the prompt, “your password must contain one lowercase letter, one uppercase letter, one number, and one symbol”? Overly complex passwords can lead to poor password behavior, just as with frequent resets.
  • Be more user-friendly affair: The “show password while typing” is a rare option that can let you use longer, stronger passwords because you don’t have to remember all those gyrations you created. Another friendly option is to allow users to copy and paste passwords. Users who are allowed to copy and paste their passwords are more likely to create and store stronger, lengthier passwords within password managers than those who are forced to type out their password every single time. 
  • Go clueless: Knowledge-based authentication clues can save time, but with all the personal data available today, it’s easier than ever for hackers to decode hint prompts and breach systems.
  • Limit attempts: NIST password standards recommend providing users with a maximum of 10 login attempts before they are turned away. That should be enough to aid a forgetful user but not assist brute-force attackers. 
  • Go hands-free: SMS texting services should not be a part of any two-factor authentication (2FA) process. It isn’t entirely secure, enabling cybercriminals to insert malware that can redirect text messages and facilitate attacks against the mobile phone network. 

NIST standards and the guidelines listed above are important because newer, more powerful cyberthreats will always be deployed. As a user, you need to be aware of newer and better security options. We continue to advocate for biometrics and other measures that are unique to you – and only you – to allow access to your online world.

For most of us, a password manager that works across all the platforms you and your family or businesses use is still a strong defense against hackers. We like Dashlane because its paid version covers an unlimited number of website passwords across multiple devices. For those of you with the right technology, you can start to take advantage of other techniques to access your protected websites. Contact us by phone – 973-433-6676 – or email to discuss your needs and see how we can make you more secure.