A password manager program going “passwordless?” Yup. Passwords are the bane of everyone’s existence, and the internet industry is looking to get rid of them.Continue reading
The next big update for Windows 10, coming to your computer next month or in May, will feature the ability to switch between two webcams. For many that will be toggling a built-in laptop camera and a second camera mounted on a separate monitor. It will help you make better eye contact during meetings. But remember, not all devices are created equal.
The “most equal” device for Windows Hello is the Microsoft Surface, which I use regularly along with another computer and multiple monitors. Its built-in camera is high resolution, but like with all built-in cameras, you get locked into a single direction and camera angle. If I’m video conferencing with a client through my Surface and need to look at data on another monitor, we lose eye contact. We all know eye contact is critical for effective personal communication. It’s why we are more aware of it now that the pandemic has forced us to work from remote locations.
By placing a second camera on the monitor I use for the extra data I need, I’m able to make better eye contact with the others on the video conference. With Windows Hello, the biometrics make it possible to use facial recognition to essentially “toggle” the camera I’m looking into directly. It can all be configured in the settings for my Surface and a Hello-compatible external camera. It’s all done through the Device Manager settings in Windows.
The key is to make sure your external camera is compatible with Hello. It gives you a plug-n-play setup, and once it’s configured, you can use its facial recognition to sign onto other devices connected through Hello. It’s faster and avoids the need to enter multiple passwords. The benefit of that, too, is that you can use a single, secure routine for logging in on everything. (Remember, one of the benefits of new technology we always push is eliminating the need for passwords.)
If you don’t have a computer or device that works with Windows Hello, you can still use multiple cameras or an external camera with Zoom, Microsoft Teams or other platforms. Most external webcams can be mounted on a monitor – or even a large flatscreen TV – and connected to your computer. A USB connection is most common, and we recommend using the fastest USB connection available. If you have Bluetooth capability in the device you’re using for your video conference, that will give you more flexibility in placing your camera. Either way, you also have the option to mount your webcam on a tripod, with Bluetooth most likely extending your range.
External webcams with Hello and Bluetooth compatibility are readily available for anywhere from $30 to $70. You should look for 1080p resolution because it will work much better for anyone who’s watching on a large TV. Just think of what you like to view when you’re watching a show or streaming content on a large TV. You can even go to 4K resolution, but for most of us, 1080p does very well.
If you don’t have Windows Hello, you can still connect an external camera – even with Bluetooth if your computer or device supports it. You’ll need to go into your Zoom settings and select the camera you want to use. Most people use the built-in camera as their default device. (It’s the same with their microphone and speakers.) However, you have several options with both an external camera and your built-in camera. These include setting the video ratio and – if your camera supports more adjustments – the ability to set a closer (zoom) or wider viewing angle.
Again, not all devices are created equal, so you’ll need to live with the technology you have or upgrade.
We can help you determine what hardware will provide the videoconferencing capabilities you want and help you configure your hardware to maximize its capabilities. Call us – 973-433-6676 – or email us to discuss your needs, your current technology and your budget. They’re all factors in making your system as “equal” as you want it to be.
We file our tax returns online. Our Social Security system is online. Businesses and financial institutions transfer billions of dollars online every day. Why can’t we vote online?
I know this is a politically charged issue, but we need to look at online voting to make our elections more accessible and more efficient. I say this as we wait for six states to reach a result, including Georgia, where my in-laws live, and neighboring Pennsylvania. We’re not complaining about the time-consuming, labor-intensive process required to count every vote, but it has given us time to think about how we can make the process better.
I’m casting a vote for online voting, and I am highly confident the many disciplines that make up our technology industry can make it happen. I know that fraud is a major concern, and while some may have overblown concerns, fraud is a valid worry. However, the industry does a good job of minimizing it.
On the personal level, we’ve already mentioned that we file our tax returns online – federal and state. Those who are part of Medicare and receive Social Security benefits can complete all transactions online, including paying their premiums and receiving their benefits by direct deposit. We can file for unemployment benefits online, access our medical records online and even re-enter the country using apps such as Global Entry, which relies on biometrics, and Mobile Pass, which relies on info accessed from a smart phone.
Businesses use all sorts of online systems to transfer money safely and securely. While government elections are sacred – as well they should be – there’s a lot of money at stake when companies and banks send billions of dollars through millions of transactions every day. When breakdowns occur, they can generally be traced back to the exploitation of someone’s sloppiness or ignorance. We know that one country’s government can have an interest in affecting another country’s government, but there’s a far larger universe of hackers looking for ways to get their hands on someone else’s money. There are more ways for them to access and monetize someone’s sensitive health information.
Therefore, if we focus just on elections, I believe we should be able to make those systems safe and secure. We have the tools in place; we just need to refine them and make them stronger. We constantly refine and strengthen tools as a general practice, so it’s not like we’re looking for something completely new.
We can also make better, more extensive use of two-factor authentication – as well as increased biometrics and other forms of password-replacement technology that can make our entire internet experience more secure.
Artificial intelligence (AI) and signature verification software has been used for years. We have systems for providing electronic signatures for financial transactions great and small. Why not apply this technology to elections? Technology can be used to verify or update many a person’s residence. We have driver’s license information and utility bills online, for example. When we change addresses, that information changes – and is recorded. In many states, we are automatically registered to vote or can register to vote when we get or renew driver’s licenses.
We have the technology to coordinate all this information. What we need now is the will to do it. Our COVID crisis has forced us to take long, hard looks at new ways of doing things we’ve always done. New processes and procedures are likely to stay as we emerge from the pandemic (we will at some point), and voting is one of them. States expanded early voting and mail-in or absentee voting to avoid larger lines and longer waits in crowded places. The overwhelming response likely means we’re not going back on that.
Going forward with online voting will require governments at all levels to change laws and requirements, and that won’t be easy. There’s a lot of passion and fears when it comes to politics and elections. The technology industry, too, will need to prove it can – beyond any doubt – provide a secure platform to hold elections.
But we, too, as individuals, will need to step up our game. We’ll need to make sure that our individual systems are secure by keeping our network and device firewalls, antivirus and malware software up to date and installed. We’ll need to make sure we have the latest operating systems – with security patches – installed, and the same goes for all the apps we use.
Online voting may not be the right option for everyone. We just think it’s time to add it to the other options already available.
And regardless of whether we have online voting, you should still take all the steps that are needed to keep your networks and devices safe and secure. If you have any questions, we can help. Call us – 973-433-6676 – or email us to discuss your online security needs – and talk about how we can promote effective online voting.
To take our discussion of vanishing passwords one step farther, some recent service calls for clients who’ve been hacked – some multiple times – have provided still more reasons to move on to newer technologies.
We are getting numerous calls from clients to help them set up Dashlane, including one client who has been hacked seven times. We tried to get them to use Dashlane or Password Keeper. Now, they’re ready to do it the right way. They’re ready to move beyond the annoyance of having to remember or look up passwords for security and type them into a website. For now, Dashlane or another password manager can resolve the issue for most people who are fearful of trading passwords for newer password-less technologies.
As we’ve noted, people set up passwords that are easy to remember or type. There’s generally enough repeatability that a code cracker can solve the puzzle you’ve tried to create. That happened with our client, whose bank account was hacked. As we were setting up Dashlane and downloading emails, we noticed the client had been getting alerts that the password had been changed. They had not made those changes. It took a phone call to resolve that issue, and it took Dashlane to ward off the hackers.
We should note here that there are a couple of important side lessons to learn from this experience. The first is on you: Call the company – and don’t necessarily use the phone number in the email; get one from their website. The second is on the companies: Make it easier to get a human on the phone when somebody has a security issue. We went through five layers of voice prompts before talking to a person.
Once the “alert” issue was resolved, we were able to fully install Dashlane. The process does take time. Installing any password manager requires you to pay attention to details and maybe some repetition. For financially sensitive accounts, you may want to generate another round of new random-pattern passwords as an extra layer of security. A password management program should allow you to print a copy of your database with all of your passwords – just in case there’s a mistake or if you decide to stop using the program. It should also work across all of your devices: computers, phones, tablets, etc. If you are one of the growing number of people who use an infotainment system in your car like a computer, you might want to change sensitive passwords frequently – as often as once a week.
Again, you only need to remember your master password for the password manager, and that can be a tremendous time saver, especially if you need to access a website from a mobile device.
But again, we believe you should use password-less technologies. They’re more secure, and they are easier to use than many perceive. For example, many Windows 10 computers have Windows Hello, and you can use that to add a fingerprint reader. The reader itself is about the size of a wireless mouse device and plugs into a USB port. Similarly, many mobile devices can use your fingerprint to verify you are the owner and user. If your computer or device has this capability, we strongly urge you to use it.
Many computers and devices also have built-in cameras that can be used for biometrics, and some advanced security measures use locations and usage patterns in place of passwords. As a backup, all of these measures have provisions for a PIN or a password if the biometric program can’t be used or if you don’t want to use it.
We can help you set up a password manager or – better still – go password-less. Call us – 973-433-6676 – or email us to get answers to your questions or to set up an appointment to manage your online security.
We have harped…and harped ad infinitum…about having strong passwords simply because those strings of upper- and lower-case letters, numbers and special characters offered the best chances of staying ahead of the hackers. But we’ve always reminded you that something better is needed because the bad guys have a vested interest in developing better systems to crack passwords and in finding more ways to exploit vulnerabilities in anybody’s electronic vaults that store vital personal and corporate info.
When one of our clients got hacked, we installed a password-less system to offer them better security. Our solution, which uses Microsoft Azure, is one of the emerging technologies to replace passwords with biometrics, one-time codes, hardware tokens and other multi-factor authentication options. What they do is exchange tokens and certificates without users – you, your employees and your customers – needing to remember anything. The new pathway to better protection even bypasses the password managers that many of you use.
IT industry figures show that more than 80 percent of security breaches involve stolen passwords and credentials. We all pick passwords that are too simple and easy to guess, or we store and reuse a few complex passwords that we can remember. That problem is exacerbated by forcing regular password changes even without evidence of breach. If password reset systems rely on people, they can be fooled by social engineering. Password-less technologies can combine certificates with contextual security policies that require less from you. They rely more on trusted devices and connections, and they can add layers of complexity as risks rise. New security can be based on the value of the content and factors such as user behavior, device location and connection, or the state of the device.
You can already set up password-less access using Microsoft’s Azure AD Conditional Access. Many of you who use our backup services already have Azure accounts, and you can use the technology to manage:
- Sign-in risk to identify who’s signing in and determine who’s a risk.
- Network location to determine if access is being attempted from a network location that is not under your control or the control of your IT department.
- Device management for accessing cloud apps from a broad range of devices including mobile and personal devices.
- Client application to manage cloud access using different app types, such as web-based, mobile, or desktop.
There are some cross-platform technologies available for going password-less, but it all starts with the Microsoft Authenticator app. It uses key-based authentication to create a user credential that’s tied to a device and uses a PIN or biometric. Instead of using a password to sign in, users see a number code to enter into the Authenticator app, where they have to enter their PIN or provide a biometric.
Password-less sign-in for Microsoft accounts with the Microsoft Authenticator app is already available, and support for signing into Azure AD is now in public preview. Right now, the app can only cover a single account registered with Azure AD in one tenant, but support for multiple accounts is planned in the future. It covers Office 365 and Azure and works with a variety of other apps.
If you’re ready to go password-less, we can help you decide what’s right for you and set up your accounts and devices. Just give us a call – 973-433-6676 – or email us to set up an appointment.