We’ve seen a lot of comments about the antivirus software from the Russian company Kaspersky. While we don’t want to appear paranoid about all things Russian, it’s worth noting that it’s not one of the top packages out there.
Continue readingTech Fallout from War in Ukraine
However, we will need to continue dealing with a technology fallout from the cyber weapons that generate misinformation and fraud. Here’s what we face:
Continue readingProblematic Patches
The second Tuesday of the month is Microsoft’s Patch Day – as well as the publication date for Technology Update. For the most part, the patches are bug-free and solve Microsoft’s most vexing problems, but sometimes…
Continue readingMFA and Insurance Forms
This has nothing to do with a graduate degree in fine arts. The problems of weak passwords have raised alarms for the insurance industry –
Continue reading(Don’t) DIY Project to Make Your Computer Compatible for Windows 11
Many computers that give useful service are not compatible with an upgrade to Windows 11. And as we know from seeing ships at anchor on TV news reports, your new computer – if it exists at all –
Continue readingTis the Season to be Wary
Hanukkah is some six weeks away, and Christmas is some two months away – but product shortages and rising prices already have put many people deep into their holiday shopping season. So, as you search for . . .
Continue readingPrivacy vs. Privilege
So, you want to block ads and pop-ups? That’s fine – because we’ve identified ads and pop-ups as gateways for hackers to penetrate your systems and networks. But even the safe ads and pop-ups can be annoying and an intrusion on your privacy.
Continue readingKaseya Ransomware Hack Sets off Holiday Fireworks
It took a perfect storm of cleverly written software, one weak link and a holiday weekend in the United States to launch the world’s largest ransomware hack to date. As this was written, some 1,500 businesses were being held up for a total of $70 million.
Continue readingDid We Learn Anything from Colonial Pipeline?
Today, the gasoline shortages caused by the ransomware hack of Colonial Pipeline are in our rearview mirror. Hopefully, the memories are not forgotten. There are things we can all do to make it harder to access and hold our data for ransom . . .
Continue readingPasswords’ Brave New World
While passwords need to go away, they won’t disappear overnight. So, we highly recommend you – and the internet world – follow some guidelines from the National Institute of Standards and Technology (NIST) in managing your online presence.
For individuals and small businesses, managing hundreds of passwords for all the websites and resources you need to access requires a concentrated effort. Every organization with which you interact online has to manage your password and everyone else’s. Website managers and administrators work hard to roll out security strategies, but piecemeal security strategies are ineffective and risky. There are too many cracks for passwords and other measures to fall through. Ad hoc strategies leave room for errors that could put customers’ data in jeopardy. This is where NIST comes into play and understanding what’s behind their guidelines can help you take some action for your online security.
Part of the Department of Commerce, the NIST develops guidelines based on best practices from a diverse array of security organizations and publications. NIST guidelines are so well-respected that private sector organizations have adopted them to keep their entire infrastructures secure. They affect some of the requirements you get when creating your own passwords – which you need to follow because they are in response to newer, more powerful threats.
Here are some of the most important new guidelines that NIST has issued to those who provide the services that manage internet access. You can expect them to affect you.
- Go long: The suggested minimum is 8 characters when a human sets a password and 6 when it’s set by automation. However, NIST encourages users to create passwords with 64 characters or more, including things like spaces and emojis. They’ll be harder to crack.
- Remove reset requirements: As users struggle to drum up countless creative, strong new passwords each month, they end up creating weaker passwords. Password strength should be about quality, not quantity—one excellent password is better than 10 new, mediocre ones.
- Keep it simple: How often have you created a new account, for a new application, online store, or digital news outlet, and encountered the prompt, “your password must contain one lowercase letter, one uppercase letter, one number, and one symbol”? Overly complex passwords can lead to poor password behavior, just as with frequent resets.
- Be more user-friendly affair: The “show password while typing” is a rare option that can let you use longer, stronger passwords because you don’t have to remember all those gyrations you created. Another friendly option is to allow users to copy and paste passwords. Users who are allowed to copy and paste their passwords are more likely to create and store stronger, lengthier passwords within password managers than those who are forced to type out their password every single time.
- Go clueless: Knowledge-based authentication clues can save time, but with all the personal data available today, it’s easier than ever for hackers to decode hint prompts and breach systems.
- Limit attempts: NIST password standards recommend providing users with a maximum of 10 login attempts before they are turned away. That should be enough to aid a forgetful user but not assist brute-force attackers.
- Go hands-free: SMS texting services should not be a part of any two-factor authentication (2FA) process. It isn’t entirely secure, enabling cybercriminals to insert malware that can redirect text messages and facilitate attacks against the mobile phone network.
NIST standards and the guidelines listed above are important because newer, more powerful cyberthreats will always be deployed. As a user, you need to be aware of newer and better security options. We continue to advocate for biometrics and other measures that are unique to you – and only you – to allow access to your online world.
For most of us, a password manager that works across all the platforms you and your family or businesses use is still a strong defense against hackers. We like Dashlane because its paid version covers an unlimited number of website passwords across multiple devices. For those of you with the right technology, you can start to take advantage of other techniques to access your protected websites. Contact us by phone – 973-433-6676 – or email to discuss your needs and see how we can make you more secure.