Passwords

Two Factor Authentication – What Is It and Do You Need It? | Fraser Valley Technology Consultants

beverage-blog-blogger-1799342.jpg

The world of digital security is a minefield, these days. It is now almost a daily occurrence to see companies either fall victim to (or be fined for) major data breaches. (The list of companies hit makes for some impressive reading!) In fact, there have been over 14 billion data breaches since 2013, and that number is fast increasing, with 75 data records are being stolen every second!

Not all breaches are caused by nefarious hackers. Believe it or not, they only amount for just over 40% of breaches. Other causes making up the remainder include technical glitches or employee error.

We’ve said it before. Passwords should be complicated and changed often. But can you do more? Yes, you can!

What is 2FA?

One snazzy concept that was introduced to thwart login hackers is two factor authentication (2FA). This is where, after you have entered your password, you add a 2nd way to tell the site that you are definitely you! (Like the way, in the movies, that the scientists entering the super-secret spy lab have to use a swipe card and then a retinal scanner to gain entry.) Since you need both to access the account, this extra layer of security seriously increases the protection of sensitive data from these cases of a password database being stolen or hacked.

Blank Diagram (3).png

This second layer can be biometric, like with face detection or fingerprint scanning software, or it can involve sending a one-time-use number code to another device you own, via a text or special app. The latter is probably the most commonly seen and used, at the moment .

Should I use it?

Yes! So many companies are now offering it as an option – Apple, Square, Intuit, Amazon, Google, Facebook, Microsoft, Dropbox, PayPal, GoDaddy…and so on. If a site gives you the option, take it! (Especially anywhere that will have any valuable ID info, financial records or payment details.) You can see who has it and who doesn’t at twofactorauth.org. If you are not sure how to turn on 2FA at those sites, Telesign have set up a website, with tutorials, to show you how!

What are Password Managers and Why You Need One! | Fraser Valley Tech Consultants

login screen mockup-3.JPG

Passwords, passwords, passwords. They are everywhere! With more and more software and platforms transferring to the ease and expanse of the cloud, the number of passwords we need on a daily basis has increased exponentially in the last few years.

Now, if you are following the golden rules of passwords (as you should be!), you should..

  • Never use the same password twice.

  • Use a password at least 8-12 characters long.

  • Use a mix of letters, numbers, uppercase/lowercase and symbols.

  • Do not store the password in your browsers or somewhere obvious like a sticky note.

This is where the average (busy!) human brain can run into some trouble. Bearing in mind that virtually everything we do requires a password – banking, office suite, social media, email, online shopping and so on - AND with the need for every single password to be unique, unpredictable and complicated, keeping track of them can be a bind for even the best memorising geniuses.

This is where having a password manager can be a lifesaver. Then you only need to remember 1 complicated password!

1 password to keep them all? That doesn’t sound safe!

Well, these programs are all about security, so they have to be! They employ techniques like multifactor authentication (meaning you need a password and a random code that it sends to a device of yours when logging in), and all data is encrypted at a local level.

So, what are your options?

There are a number of password managers out there, and you need to pick the one that best suits your needs and budget, but here are a few to get you going…

LASTPASS

LastPass is a great manager and has a number of package options for both business and personal clients, starting with a free version. It works on multiple devices, multiple browsers and has a variety of features such as strong password generators, digital file storage and auto form completing for online shopping.

KEEPER

Keeper is another leading password storage solution. Offers a wide variety of tailored package & feature options for personal (starting at $2.50/mo), family, business (starting at $2.50 per user/mo) or enterprise use. Again, works on multiple browsers and platforms.

DASHLANE

Dashlane also offers a free (but limited) version, as well as more feature-laden packages for business or personal use. This manager also comes with VPN protection and alerts you when a site’s security has been reported as compromised.

1PASSWORD

Popular manager, 1Password, has been protecting passwords for 13 years. No free version, but multiple options again, starting at $2.99/mo for personal or $3.99/mo for teams. Offers applications and extensions across a broad range of platforms and devices, with the usual menu of features on offer, plus a “watchtower” which keeps track of breaches and security issues.

Photo by  bruce mars  from  Pexels

Photo by bruce mars from Pexels

There are more password managers out there, but this is a list of the most popular to start you shopping around. With companies and websites reporting data breaches every single day, the important thing is to get your passwords protected as soon as you can, as best you can… and this step will take you a long way towards a better night’s sleep!

Massive New Data Breach Found! | Chilliwack IT Support Professionals

Troy Hunt, the man behind the popular data breach website, Have I Been Pwned, has recently reported a huge new collection of user data has been found on one of the hacking forums. Now, when I say huge, I mean massive… enormous… gigantic… colossus… well, I think you are probably getting the picture. So, exactly how big was it? This data breach contained 2.7 BILLION records, from over 770 MILLION compromised accounts!

IMG_0625-300x197.jpg

The breach is the largest single one ever to have been loaded onto the Have I Been Pwned website and contains a staggering 21+ million unique stolen passwords. The exact origins of where the data was taken from is a little harder to pinpoint, but experts believe that most are from a collection of older websites and breaches. So, if you are the smart sort of person, who regularly updates their passwords and uses lots of different ones, you shouldn’t be too concerned. However, it will still be a good idea to head to the Have I Been Pwned website and enter your email address. If it tells you that your address has been found in any data breach, it will list them for you. (So, you can then go to these sites, if you do still use them, and change your details.) This huge breach, mentioned above, will be named Collection #1.

Of course, as long as there are hackers, data breaches will continue to happen. The best way to protect yourself is follow these tips:

random-password-generator-300x230.png
  1. Use unobvious complicated passwords. The best ones are the ones made by random password generators. (Even some browsers like Chrome have these built in). Make them at least 8-12 characters, with a mix of letters, numbers and symbols.

  2. Use a different password for every place you need one! Sounds scary for anyone who can’t remember what they had for breakfast… but tip #3 will come to your rescue on this one.

  3. Keep your passwords somewhere safe like a digital password manager (LastPass, Sticky Password, Dashlane, 1Password etc). If you are “old school”, even a notebook works! (Hey, if your house or office ever gets broken, chances are that they will be skipping out with your TV or laptop and won’t give a scrappy notebook a second glance!)

  4. Update your passwords regularly. They say passwords are like underwear… keep them out of sight and change them often!

5 Ways to Help Your Business Be More Cyber-safe! | Chilliwack & Abbotsford IT Support

October is Cyber Security Awareness Month, and the need for awareness has never been higher! The stats are alarming...

stats about cyber security threats

For businesses, the situation is just as scary.

50% of small businesses don't think that they will be targets of cyber crime.

BUT 40% of all cyber attacks in 2011 were on small to medium sized businesses.

The cost of cybercrime is about to reach $6 TRILLION, with no signs of slowing down!!

Put simply, EVERYONE is a target for cyber crime - the bad guys are not picky about size of business or the industry. As with so many things in life, prevention is much better than cure... but in the business world, cyber crime prevention can save hassle, time AND a LOT of money.

This month, we are sharing tips and advice here and on our Facebook Page ... but to start, here are 5 ways you can help make your business a #cybersafebusiness !

app-browser-coffee-6335-300x200.jpg

1. Secure personal devices. Personal devices allow us to do business "on the road", but limit how much you use them, avoid public wifi for work use when you can, and make sure employees follow a security policy.

2. Train employees on the threats. If your staff are online at your business, include training on the latest threats, such as email scams, viruses, phishing and malware.

3. Teach smart clicking. Make yourself, and your staff, familiar with what a suspicious link and email looks like. Things to look out for include hyphens, numbers, spelling mistakes and symbols replacing regular characters. (We have a blog post illustrating some ways to safely spot bad links.)

cmdr-shane-610506-unsplash-300x196.jpg

4. Use strong passwords. Make your passwords obscure, long and a good mix of uppercase, lowercase, numbers and symbols. Use different passwords for different places and do not write them on scraps of paper where they can be taken or copied.

5. A have a good plan in place for when employees leave. When an employee leaves, make sure their account passwords are changed immediately, and documents are secure.

To celebrate Cyber Security Awareness Month, and to help give local businesses a leg-up on getting #cybersafe, we are offering 30% off our Tech Health Check-ups!  These check-ups do cover way more than just your security vulnerabilities. We look at all of your technology and the way you use it, to see where you can avoid future problems, and find out how you can work smarter while saving money.

Protecting Sensitive Data from Ex (or about to be Ex!) Employees.... | Fraser Valley Tech Security Support

office

office

Losing an employee is usually a sad day. It does not matter whether you may be losing a hard-working champion to a fabulous new adventure, or whether you have to fire a disgruntled slacker for misconduct, it is an emotional one for many. For a business owner, though, it can also be quite a dangerous day, especially if it is the latter scenario. That employee probably had access to all sorts of valuable company and/or customer data, before their dismissal.

Having a solid IT procedure in place to off-board an employee can save all kinds of headaches down the road. Long before you ever have need for it (ie today or tomorrow!), have a meeting with your IT department/service to discuss what areas of the company records would be vulnerable, and put together a solid procedure.

Here are a few things you may want to consider when putting together an off-boarding procedure.

  1. Use a least-access method with all employees – ie only give access to what the employee needs to do their job. For example, if they don’t need access to financial folders, don’t give them access to that location on the company servers. It means less to deal with later.

  2. When the day of a dismissal comes up, alert your IT department in advance, so they can be ready to begin the procedures as soon as (or just before) the employee is notified.

  3. Disable the employee’s access to their office account, but don’t delete it straight away, in case you need any files. Copy or relocate these files, and then you can delete the account. (Have this done and delete the account within 30 days.)

  4. Change the password to any remote or web tools that they used, along with passwords to shared accounts.

  5. Change the passwords/pin numbers to any other devices like copiers and alarm systems.

  6. Disable the employee’s email & voicemail and have them forwarded to a relevant employee or manager.

  7. Remove the employee from any group lists, such as email directories, company email groups, phone listings and your website (if you have an employee list on your website!).

Depending on your companies resources and working procedures, this list may cover everything you need to do, or there may be a few more areas to consider, but it is a good place to start.

If you need advice on what your company can do to prepare for this kind of scenario, or help in putting a procedure in place, feel free to email the Wild Frog Systems IT Support Team at info@wildfrogsystems.com or phone 778-771-0184.

Our Top 5 Tips to Protect Your Passwords Online | Fraser Valley Tech Support

OK… time to be honest… exactly how careful are you with your passwords?Are you one of those people who uses the same one for a few accounts?

Do you change them often? Do you change them at all?!

If you are that person... the one that uses the same password for everything, and never changes it... then you are certainly not alone.

A report found that more than 80% of people, over the age of 18, used the same password for multiple accounts, and 50% had not changed then in 5 years. So… it is not surprising to learn that almost half of those surveyed people had also experienced a security problem at some point in the previous year, like having an account hacked or data stolen.

Data breaches happen all over the place… from the comfort of your living room in Chilliwack BC, all the way up to some of the biggest (and supposedly secure) companies in the world, including Instagram, LinkedIn, Snapchat, Twitter, Adobe, Yahoo, Uber, Ebay, Home Depot, Target, Sony, Equifax…. woah, I could go on for a while! (Incidentally, if you are curious and want to be completely freaked out by how unsecure the world is, you can see a LOT more of that list here! )

Passwords are like underwear - don't let people see them and change them often!

Put simply, passwords are a little bit like underwear – they really shouldn’t be shared (euww), and REALLY should be changed often!  So... here, from our team of  wonderful clean-underwear-clad IT professionals, are a list of our top 5 tips to help you protect your accounts online, at the front door...

#1  - USE A DIFFERENT PASSWORD FOR EACH ACCOUNT

Yup... that does mean you'll have to think of more than 1... and even worse, REMEMBER more than that 1! You can do it! Cast your mind back 20 years, when we used to actually remember everyone's phone numbers, before we had them all stored in our phones. OK...OK... if you REALLY really can't, don't panic...we have help for you further down...

#2 - THE LONGER THE PASSWORD, THE BETTER!

When it comes to passwords, size really does matter! Your password should ideally be more than 10 characters... but 16 or more is even better!

#3 - USE TWO FACTOR AUTHENTICATION

Two Factor Authentication (or 2FA) is an extra layer of security where you not only need your username and password, but you also need some get an additional piece of info away from the place you are logging into. For example, you login with the username and password on your computer, but then you also need to get a verification code from your cell phone.

#4 - DON'T SAVE PASSWORDS IN THE BROWSER

Now that you have started using a bazillion different passwords, like your friendly IT guy told you to, having them saved and auto-filled in your browser would make life SO much easier and faster, when zipping around the net. BUT it'd also make it a whole lot easier for the dodgy dude who just stole your laptop too!

I know... we are back to this "I can't remember them all!" thing again. Well, instead of using your flimsy browser's cookie jar, you can use a nifty "password wallet" like LastPass or Keepass. FAR safer!

dog-in-disguise-300x300.jpg

#5 - MAKE SURE THE URL IS THE ONE YOU WERE LOOKING FOR

This is particularly important if you are online gift shopping and about to part with your credit card details at the check-out! The site you are on may LOOK like the site you intended to visit... but is it a phishing site in disguise?? Check that the URL in the address bar above, actually is the link for that website, and you haven't been inadvertently misdirected to some dodgy copy! (This can happen a lot in emails... never follow the link from an unexpected email... always type the link of the real site instead!)

So... change those passwords, change them often... and use your common sense to stay safe out there!! (After all, you can't pepper spray your screen!)