Better Attachment Options

Attached files are the bane of my existence, and they probably cause you a lot of problems, too. Microsoft’s New Outlook removes your option to drag an attachment to your desktop or a folder and forces you to choose a more specific action. It seems like a pain in the butt, but it could save your butt.

Hackers have long used attachments and links to bogus or dangerous websites to get into your system and compromise your data. Microsoft has added extra steps that seem really stupid at first. But they slow you down and force you to give your actions more forethought.

When you right-click on an attachment, you now see a dropdown menu of five actions you can take:

  • Preview
  • Edit in Browser
  • Edit in Word desktop app
  • Save to OneDrive
  • Download

Preview keeps the attachment in your inbox, but once you see what it is, you can choose any of the options in the dropdown menu directly from the preview.

One of those, Edit in Browser, lets you immediately work on a file as part of a collaborative team, a feature that’s becoming more common in offices because it’s much more efficient than editing a file, saving it with a version designation and resending it to everyone as another email attachment. How many times have you seen four collaborators open, edit, and resend the same version at different times? One of the team members invariably is left to sort through all the copies of the file and put all the changes into a new master document. And equally invariably, an edit is missed, misplaced, or misspelled.

Similarly, saving an attachment in OneDrive allows collaborators to edit it or view the changes without having to go through the process of resending and opening new attachments. With both OneDrive and a file edited in a browser, you only need to send a link. Anyone who opens the file by clicking the link will see the latest version. This is the same process used for Google Docs.

But if it’s better for you, the New Outlook allows you to download the file as you did before and save it to a folder – either on your computer or on your computer and OneDrive – if you have it.

New Outlook’s handling of attachments doesn’t mean it’s safe to open and edit a file no matter how you do it, especially when getting attachments or links to attachments from people you don’t know. As we’ve preached ad nauseam for years, you should closely examine a sender’s email address and other identifying factors. If something doesn’t look right, call the sender at a phone number you know is legitimate or look up a phone number by going to a new browser window and accessing a website independent of the email.

We can guide you through all the ins and outs of handling attachments through the New Outlook based on your personal or organizational needs. Call us – 973—433-6676 – or email us for an appointment.

 

 

The 2FA Police

Microsoft is enforcing requirements for 2FA (two-factor authentication) for many of its apps. The good news is that it protects your data better. The bad news is that you must use authenticator codes and messages. It’s time to ensure everyone in your office (or family for home users) is up to speed on using authenticators and other 2FA measures.

Microsoft’s Authenticator App gets downloaded onto your iPhone or Android phone and helps to verify it’s you when you log in to an online account using two-step or two-factor verification. It uses a second step, such as a code sent to your phone, to make it harder for others to break into your account. Two-step verification helps you use your accounts more securely because passwords can be forgotten, stolen, or compromised.

One common way to use the Authenticator app is through 2FA, where one of the factors is your password. After you sign in using your username and password, you can either approve a notification or enter a provided verification code. Options include:

  • Signing in by phone with a version of two-factor verification that lets you sign in without requiring a password. It uses your username and your mobile device with your fingerprint, face, or PIN.
  • Using a code generator for any other accounts that support authenticator apps.
  • Using it with any account that uses 2FA and supports the time-based one-time password (TOTP) standards.

Any organization can require using the Authenticator app to sign in and access its data and documents. Even if your username appears in the app, the account isn’t set up as a verification method until you complete the registration. The entire process can be done more efficiently with a mobile phone that can scan a QR code on a computer screen.

Remember that most authenticator apps still require a password in commercial use, and every user must know their password or risk being locked out. The consequences can be time-consuming and costly – if not fatal. Everyone should write their passwords on a piece of paper and store them in a safe place.

We had a case with a client who used a customized database that was never upgraded for 20 years. A former IT company did the last work on it. Nobody had the password to get into the account housing the database. They suggested calling the programmer, but the programmer had died. Nobody admitted to changing the password at any time. We spent a few hours trying to access the database to no avail. Finally, we called the former IT company, and they had a password for one file.

That was the password that worked, and we were able to perform the necessary work. But we can’t stop thinking about all the time – and money – that was wasted because nobody had a password.

In today’s world of hacking and cybercrime, it will become more and more challenging to try multiple passwords without severe consequences. It’s up to you to ensure that you and key employees have all your necessary passwords and 2FA to protect your data – and to insist that your employees have 2FA set up for their corporate login info.

We can help you ensure you have all the correct authentication and management systems. Call us – 973-433-6676 – or email us to discuss your needs and develop an action plan.