Generated Passwords Resolve Two Issues

During the recent holidays, I decided to get around to that one project I’d been meaning to do: change all my passwords. I have 241 unique passwords, and even though my password manager at the time gave them strong scores, I just wasn’t happy with the whole situation. So, I dived into a project for the generations.

As you should expect, I’ve read all the security alerts and everything I could find out about layers of security at the websites I visit for personal matters and those I use to serve clients. Each site is different, and that includes the two-factor authentication steps. It should give you comfort to know that using website passwords can be as complex as nuclear-launch codes – though it’s not comforting to think that any code can be cracked.

Randomly generated passwords that are frequently changed offer the best protection against cracking, which is why nuclear-launch codes always change – and why codes for keyless-entry systems for homes, cars and garages are essentially one-time codes designed to thwart anyone with a code scanner who sits near your car or home. Some password managers can change random passwords automatically when a website requires. No matter which one you use, you’ll need to have a master password – and that’s the only password you’ll need to remember.

Changing all of your passwords is not a task for the faint-of-heart. You’ll need to have a password manager program, such as Dashlane, LastPass or 1Password, and you’ll need to pay attention to details. I happen to like Dashlane for two of its features: random password generation and its integration with all browsers and operating systems. I consider those features to be critical.

When you use a password manager to generate random passwords, you need to pay attention to the requirements of each website. Some websites require the use of symbols, but many of them restrict you to certain symbols. Some require upper- and lower-case letters, and some require numerals. Many websites specify a certain number of characters in a password, such as 8 to 12 or 12 to 16. Just be mindful of all requirements when you set up the random password generator for each website.

One of the steps I took – and something highly recommended for financial websites – was to create a randomly generated password, log in to the site to make sure it worked, and then change it almost immediately. Each randomly generated password should be impossible to remember because it should lack any kind of pattern. For example, there doesn’t appear to be anything meaningful to me in FdXKCX9ZKsw. When a website requires you to change the password, you should have a password manager that does this automatically. Dashlane and LastPass do this, but they handle the process differently.

If you want to change your password manager, you can download all of your passwords so that you can re-enter them in your new password manager.

You should also know that your master password resides locally on your computer or mobile device. If you change computers, phones or tablets, you’ll need to re-enter your master password manually, not all your passwords – and it’s probably a good idea to do so to protect your data.

There are two keys to making a password manager and randomly generated passwords work. One is to make sure that the password manager itself is the latest version available and that you install all updates. Remember, as we’ve said so many times before, updates almost always include security patches and bug fixes.

The other key is to have a strong master password – really a passphrase. An effective passphrase should be something long – 20 to 30 characters – that you can remember and that doesn’t contain any information about you that’s available in public records. It should include upper- and lower-case letters, at least one number and at least one special character. Even if you change it every two or three months, it’s the only one you need to remember.

We can help you evaluate password managers and help you with the installation process. We think passwords have to become extinct as other security measures take hold, but for now, passwords are deeply ingrained in our online lives. Call us – 973-433-6676 – or email us for password manager help.

Inside the World of Updates

Facetime updates got a lot of face time recently with all the reports about how a 14-year-old discovered a bug that left a mic open even if a recipient didn’t answer a group Facetime call. It was shocking but not surprising, based on how updates are developed and implemented.

Apple, Microsoft, Google and other technology companies are huge corporations and, as such, are highly compartmentalized. When I visit trade shows and conferences and can find an engineer or software developer to discuss very specific issues related to hardware, firmware or software, the conversations very technical and very tightly focused. They are brilliant people, but they operate in silos.

So, when a problem like the Facetime issue surfaces, it’s likely to involve a piece of code that only one person or a small team worked on – based on instructions that may have come down through several layers of command. That person or team didn’t talk the public or get any feedback based on a personal interaction. Further, the amount of code needed to implement a feature such as a group Facetime session is massive. It’s written in sections and assembled in sections, and even though they are tested, errors can occur each time lines of code from various teams are put together. The people involved do a great job, and the percentage of errors to lines of code written is practically microscopic.

The bottom line is that bugs will show up in the real world, and they need to be found and fixed before any catastrophic consequences show up. But code is not the only factor in updating software for use on a computer or device. We see a lot of old computers and devices with old operating systems that simply cannot handle updates.

We were reminded of the technology gap that opens up when working with older systems. It involved a family business, and technical challenges arose as some family members wanted capabilities that were requested by others. The challenges came as we had to work with computers and devices with a wide range of ages and with differences between Windows 7 and Windows 10. We had to be mindful that Windows 7 is 12 years old and that we are six versions into Windows 10.

Our common thread in the solution had to be sealing up security breaks. We can’t emphasize enough that security patches are the biggest improvements in upgrades and updates, although we all get excited about new features and capabilities. And the problem is that an older system can only handle a limited number of security and feature updates.

At some point, it doesn’t pay for a software or hardware provider to support older systems. Their developers have to jump from one issue to another like playing Whac-A-Mole, and then there is a smaller universe of real-world users to provide feedback on the new code and then use it.

One of our missions is to make the most efficient use of your money. We’ll always do our best to avoid having you buy new equipment or software by trying to find a good workaround. But sometimes, buying new technology can give you a better return on your investment, and one of the reasons to do so is to take advantages of upgrades and updates that are used by a larger universe of people and businesses. That can be especially beneficial based on the how the update world lives.

We can help you install, configure and test updates, and we can advise you on whether to upgrade or keep your current technology. Call us – 973-433-6676 – or email us for a consultation.

Office 365 and The Cloud

The recent Office 365 outage highlighted reasons why using the cloud exclusively is not always the ideal solution for everyone. It’s great to be able to pull data from anywhere in the world, but if you can’t place an order or send out an invoice, the cloud has rained on your parade.

Most of you likely didn’t notice effects from a recent Office 365 outage that affected getting email on your computer or mobile device. You have had trouble getting and sending email, but hey, we always seem to have problems. Still, it’s no reason to give up on Office 365, which we like a lot, or give up on the cloud. The cloud enables a business of any size to access records and all sorts of data files, use applications, and collaborate to conduct business from anywhere. It’s the engine that drives virtual offices and connects a company’s workers and clients or customers in the same way, regardless of whether you’re in 2 or 200 locations and cover 2 or 2 million people.

When you’re at the smaller end of the spectrum, Office 365, for example, gives Microsoft a large enough customer base to provide the same resources that you’d find in an international conglomerate. By leveling the technology field, it gives more people access to the world of commerce.

To break it down and probably oversimplify the technology, Microsoft Azure makes it all happen. In a company of any size – or even a family of home users – it syncs everyone’s passwords to access email, applications and data. It provides multiple layers of security, and through a process known as SSO (single sign on), Azure makes all of those levels of security talk to each other. That communication, which is transparent to non-technical users, is what makes it so easy and convenient to use the internet.

As the tech industry develops better artificial intelligence, Azure and similar services will also drive innovations that will lead to the elimination of passwords while increasing security. AI looks at patterns and can analyze whether an abnormality is a one-time event or if there are multiple occurrences that demand a quicker, harder examination.

For all those reasons, we believe a hybrid computing environment may make sense for small offices and home users. Office 365 with a backup of data files to Azure puts a vast amount of resources to work for you to maximize your efficiency for work or play – and to keep your identity and data secure.

But if you are a business that requires a lot of employees to access sensitive data, you may want to keep the data and applications local – on a server – to keep access away from the internet. Keeping it all inside minimizes the risk that one person’s carelessness or mistake will open a breach in your security. You can still have your server send data to the cloud as an effective backup process, and you can still allow certain employees to access files on your server or in the cloud from remote locations, but strict controls will minimize opportunities to breach your security.

We can advise you on whether to implement a cloud-based technology system, a hybrid system or a strictly on-site system and help you implement it. Call us – 973-433-6676 – or email us to talk about it.

The 5G Promise

5G is just about here, and the telecom carriers are pushing it out. Android devices, made by numerous manufacturers, are about to come on the market – even if networks are in the development stage. Rumors abound that Apple will hold back until 2020 to introduce 5G devices, and that’s a good decision for a number of reasons.

Continue reading

It’s All About the Switch

As data pipelines and Wi-Fi networks get bigger and faster, you need to pay attention to the switch, the connector that brings the service into your office or home and sends it to your network. You may need a hybrid system that includes an up-to-date switch and some hardwiring to unleash the full power of the internet service that you pay for.

Continue reading

The Azure Workaround

When Azure, Microsoft’s storage cloud, was hit with a problem that rolled around the world, it affected some of our clients who use it for storing and accessing data and apps, especially with remote access such a key need. Microsoft hasn’t been the only cloud provider hit, and this won’t be the last problem. But nothing needs to shut you down.

The Azure problem essentially locked people and businesses out of their data and apps. In the most basic terms, any Azure customer using Dev Ops and Office 365 who depended on two-factor authorization to protect their Azure accounts couldn’t log in. We were affected as a customer of both services.

At the time we were affected, we were doing a setup at a client and needed to get a big file, which we store through Azure. When I logged in to get it, I got no access; I just got a message they would send a text. I had an external hard drive with an old version of the file, and that was not suitable. Transferring the file remotely from my office computer would have taken too long. We solved the immediate problem by transferring the file from my computer to my Dropbox account and then downloading it from there.

We worked around the problem, but we operated in a vacuum. As an IT service provider, we got no information about anything that was happening, and that was frustrating. We later learned – along with the rest of the world – the problem started in Asia and made its way westward as organizations in Europe, Africa and the Americas began their workdays.

It took a few days for explanations and suggestions to reach everyone, and it didn’t take long (in the grand scheme of things) to return to normal operations. The problem centered around a breakdown in the two-factor authentication process. We and our client were fortunate that I had the capability – files stored on a computer I could access and Dropbox – to initiate a solution. But not every user has the resources I had.

Two-factor authentication is one of the key ways we can protect our data and app security, and the technology is evolving as we move toward password-less access to cloud servers and other websites that house highly sensitive info, such as banks, shopping sites and healthcare organizations. As hackers get better, our industry needs to stay ahead of them.

We don’t believe that shutting off two-factor authentication is a good solution to a random-access problem, but when it comes to your Microsoft accounts, you can turn it on and off as needed. That might be an effective workaround.

Microsoft’s website has step-by-step instructions for all who have a Microsoft account.

  1. Login to https://account.live.com/
  2. On the home page, click “Security & Privacy”.
  3. On the “Security & Privacy” Page, click on “Manage advanced security” link.
  4. Look for a page where you will find a link to “Set up two-step verification” or “Turn Off” Two-step verification

If you have any questions about the process or need a walkthrough, contact us by phone – 973-433-6676 – or email. We can also help you with two-factor authentication with other systems and help you with other solutions to maximize your data and app access and security.

By the way, this is not a Microsoft-specific issue. Other cloud services, including Google and Amazon, have had access problems. Service outages will happen again because we will continue to use cloud-based services and because…stuff happens. Looking at big picture, the cloud has too many advantages, such as access from any internet connection and the best possible security measures available, to pull everything back to individual computers and servers

New Company, Old Stuff…Old Company, New Solutions

A recent acquisition of a company by one of our clients illustrates the problems you can face with old software as well as old hardware. And our onboarding of a new client illustrates the problems that compound each other after neglect and poor shortcuts. Here’s how we tackled them together.

The software issue, which involved an old, old version of QuickBooks, drove home the benefits of keeping applications up to date. Our client, an accounting firm, recently acquired another firm, and we knew the technology had lapsed, and we even developed a budget number to bring it all up to date. Our question was whether to implement our project now or wait until after the upcoming tax season.

Wanting to do it right, we decided to move forward. Based on the problems we encountered, we made the right decision – because it was not a simple file conversion process. The old version of QuickBooks was from 2008; 2019 is the current version. There was an interim version is 2012. As with Microsoft Windows updates, we had to go through numerous updates because each update was built on a previous update.

In addition to the QuickBooks updates, we had to work with various versions of Windows and aged computers that couldn’t run Windows 10 and the current QuickBooks. Complications arose when people didn’t know the administrative emails and passwords required to set codes and perform updates. We tried numerous combinations, but the problem was solved by talking to the owner of the acquired company, who recalled a Hotmail account for QuickBooks. We had to work through additional emails and passwords – and inconsistencies on security questions.

We finally got it all done after several extra hours of time and another access issue. Our client is set for tax season, but we can’t help but wonder about the cost difference between software updates and the time and expense of the extra work.

Similarly, with old and new, we recently added a client who had been disenchanted with the managed services (monthly fee) program of their previous IT provider. We bid against another company that also offered managed services.

We don’t offer managed services because we believe it shortchanges clients. They pay a monthly fee but never know what the provider is doing for them. When we bill for the hours we work, we always provide a detailed description of our services.

We also don’t like to scare new clients into buying and installing new equipment, such as a server, until we take a deep dive into their systems and their needs. The bidder said the client needed a new one ASAP, which was logical because the server was eight years old. But when we talked to people there and learned how they work, they hadn’t been using the server, which had an old firewall that had never been registered. We registered the firewall and upgraded the software, putting off their need for a new server, which they were using to scan files to send to their printer.

Going forward, we’ll show them a different way of doing things without a server, and it should save them several thousand dollars.

We pride ourselves on being trustworthy, and we build our business on that trait. If you know a company or individual who’s looking for a new IT service provider, we hope you’ll refer us. And if you need a look at your systems, you can rely on us for an assessment that will show you the most cost-effective options. Contact us by phone – 973-433-6676 – or email to set up an appointment for you or a referral.

Tech Upgrades for New Year

New technology is a great value. You can improve the performance and cost-efficiency of business and home systems by investing in new hardware and upgrading application software. Consider some of these upgrades.

December is always a good time for businesses to look at technology investments because it can affect your taxes. Your CPA or tax advisor can tell whether a year-end expense can help reduce your taxes while increasing your capabilities, and we can tell what might work best for you to make those capability increases a reality.

First, look at your operating system. If you are on Windows 7, remember that Microsoft’s support of this ancient OS will go away in a year. They’ll no longer provide security updates and bug fixes. Cybercriminals salivate when they see any outmoded system because they can likely pull a hacking technique off the shelf and get into your system.

Yes, there will be some workarounds for you to continue to use Windows 7, but why do it? Windows 10 is much more efficient and secure, and Microsoft is dedicated to supporting it. Most common business apps running Windows 7 are easily upgradeable to run on Windows 10. If you have customized software from a publisher that’s still supporting it, they should be able to help with a conversion to the newer OS. If not, you may want to move to a new app, especially for the security aspects.

You should also look at your hard drives for business and home computers. Solid state drives (SSDs) have come way down in price this year, and while they’re not necessarily Walmart specials, they are good values.

SSDs are faster and more reliable than mechanical hard drives. The mechanical drives have moving parts that can wear out and crash, putting your data in jeopardy. They also require more space to move files around, and as they become fuller, they are less efficient. SSDs have no moving parts and don’t physically move around files. That makes them immune from physical crashes, and you only need a drive half the size to hold the same amount of data.

Call us – 973-433-6676 – or email us with questions about technology upgrades or to help you install new technology. You can hit the ground running in 2019 or get up to speed early on in the new year.

Using Alternatives to Passwords

We have harped…and harped ad infinitum…about having strong passwords simply because those strings of upper- and lower-case letters, numbers and special characters offered the best chances of staying ahead of the hackers. But we’ve always reminded you that something better is needed because the bad guys have a vested interest in developing better systems to crack passwords and in finding more ways to exploit vulnerabilities in anybody’s electronic vaults that store vital personal and corporate info.

When one of our clients got hacked, we installed a password-less system to offer them better security. Our solution, which uses Microsoft Azure, is one of the emerging technologies to replace passwords with biometrics, one-time codes, hardware tokens and other multi-factor authentication options. What they do is exchange tokens and certificates without users – you, your employees and your customers – needing to remember anything. The new pathway to better protection even bypasses the password managers that many of you use.

IT industry figures show that more than 80 percent of security breaches involve stolen passwords and credentials. We all pick passwords that are too simple and easy to guess, or we store and reuse a few complex passwords that we can remember. That problem is exacerbated by forcing regular password changes even without evidence of breach. If password reset systems rely on people, they can be fooled by social engineering. Password-less technologies can combine certificates with contextual security policies that require less from you. They rely more on trusted devices and connections, and they can add layers of complexity as risks rise. New security can be based on the value of the content and factors such as user behavior, device location and connection, or the state of the device.

You can already set up password-less access using Microsoft’s Azure AD Conditional Access. Many of you who use our backup services already have Azure accounts, and you can use the technology to manage:

  • Sign-in risk to identify who’s signing in and determine who’s a risk.
  • Network location to determine if access is being attempted from a network location that is not under your control or the control of your IT department.
  • Device management for accessing cloud apps from a broad range of devices including mobile and personal devices.
  • Client application to manage cloud access using different app types, such as web-based, mobile, or desktop.

There are some cross-platform technologies available for going password-less, but it all starts with the Microsoft Authenticator app. It uses key-based authentication to create a user credential that’s tied to a device and uses a PIN or biometric. Instead of using a password to sign in, users see a number code to enter into the Authenticator app, where they have to enter their PIN or provide a biometric.

Password-less sign-in for Microsoft accounts with the Microsoft Authenticator app is already available, and support for signing into Azure AD is now in public preview. Right now, the app can only cover a single account registered with Azure AD in one tenant, but support for multiple accounts is planned in the future. It covers Office 365 and Azure and works with a variety of other apps.

If you’re ready to go password-less, we can help you decide what’s right for you and set up your accounts and devices. Just give us a call – 973-433-6676 – or email us to set up an appointment.