SECURITY: A password manager is essential today

Wednesday, February 14, 2018

https://www.lifewire.com/password-managers-4151868

Password Managers You Need
Online security can be stress-free with a password manager in your corner
by Tom Nelson
Updated October 02, 2017

*** begin quote ***

A password manager is an application that can generate, store securely, retrieve, and manage passwords and other login credentials. And it may well end up being the best friend you have when it comes to keeping your privacy safe while browsing the web and accessing your favorite online services.

Password managers let you collect and store all of your passwords and login information for various accounts in one easy-to-access app that can log you in to any service you have subscribed to with just a couple of clicks or taps.

The ease of access to your passwords usually puts an end to two of the most common security problems involving online services: using the same password for multiple sites, and using easy to remember, and thus easy to guess, login credentials.

It’s important to use different passwords for each and every site/service you use because if one of the sites or services you use is hacked and the hackers gain access to your name and password, they will start trying your name and password combination on lots of sites (think banks and social media sites). By having completely different passwords for each site/service leaves you far less vulnerable.

*** end quote ***

I am a lastpass fanboy.

https://lastpass.com/f?408336

Just this week, I had to help two people with “password problems”.

Both were with IOS, which makes me suspect that IOS screwed something up?

In any event, one was with Yahoo mail. Of course, the noob had never set anything up with “disaster recovery” in mind.

(And, the Sprint tech, who swap her phone out on an upgrade, never backed up any of her “stuff”. She was in tears until I suggested that she request photos from her friends with whom she probably shared them with. That got her back a lot but no one knows if it was all. I set up Google Photos to archive all of them and turned on her iCloud back up. Argh!)

Any way, I was able to get her phone to register with Yahoo as a recovery alternative. And, then recover her original password. Eventually, Yahoo “timed out” and “excessive recoveried” her. But it was good enough to get her mail flowing again.

I set up her LastPass and it began automatically capturing passwords for her.

But why does everything have to be done AFTER a disaster?

Argh!

Do these technology companies not realize that it has to be brain dead simple and that the average User has no concept of what is going on?

Argh!

# – # – # – # – #


SECURITY: Print Your Google Backup Verification Codes

Thursday, November 2, 2017

http://www.makeuseof.com/tag/print-google-backup-verification-codes-prevent-getting-locked/

Print Your Google Backup Verification Codes to Prevent Getting Locked Out
Saikat Basu October 26, 2017

*** begin quote ***

If you use Google’s two-step authentication system to protect your Google accounts, you could accidentally get locked out. It’s one of the biggest risks of two-factor authentication. And if you can’t get a mobile signal, then you can’t get the needed SMS messages in time.

*** end quote ***

The better question is WHY AREN’T you using two-step authentication anywhere it’s offered?

# – # – # – # – #  


SECURITY: Use a password manager PLEASE!

Saturday, October 14, 2017

https://www.lifewire.com/password-managers-4151868

I recommend and use LASTPASS. It makes it trivial to use long unique complex passwords

https://lastpass.com/f?408336 

# – # – # – # – #  

 

SECURITY: He was moving terabytes of data off Congress’s system — why?

Tuesday, October 10, 2017

http://www.foxnews.com/opinion/2017/10/10/democrats-it-scandal-just-got-even-more-bizarre.html

The Democrats’ IT scandal just got even more bizarre
By Frank Miniter, Fox News

*** begin quote ***

I’m referring to the strange case of Imran Awan, the IT aide Rep. Debbie Wasserman Schultz, D-Fla., kept on her congressional payroll even after it became known he and his wife, Hina Alvi Awan, were being investigated by the Capitol Police for possible theft, fraud, moving terabytes of data off Congress’s system and more.

*** end quote ***

Sounds like this is getting more interesting.

Wonder when, or if, the whole story will come out?

I hope all the IT security folks are watching carefully!

# – # – # – # – # 


SECURITY: Don’t reuse the same password at ANY site

Saturday, December 17, 2016

http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html

TECHNOLOGY
Yahoo Says 1 Billion User Accounts Were Hacked
By VINDU GOEL and NICOLE PERLROTHD
EC. 14, 2016

*** begin quote ***

SAN FRANCISCO — Yahoo, already reeling from its September disclosure that 500 million user accounts had been hacked in 2014, disclosed Wednesday that a different attack in 2013 compromised more than 1 billion accounts.

*** end quote ***

There are too many good password utilities that make this unnecessary. 

I have over three hundred sites where I have accounts and no site has the same password.

AND, my passwords are as long as the site allows and with whatever mix of character types they allow.

My financial sites (i.e., the banks and brokerage) have their passwords written down off line.

(Yeah, that a small PIA but I sleep better.)

Ask me if you need information security advice.

Otherwise, you’re just a target waiting for the random hacker or script kiddie.

Argh!

# – # – # – # – # 


SECURITY: TDAMERITRADE delayed reaction

Friday, July 1, 2016

2016-Jul-01

 

Dear Valued Client, 

The security of client information is a top priority for us. As part of routine monitoring, we have learned that client email addresses and passwords from a breach at LinkedIn® were compromised and recently published online. While the breach is not TD Ameritrade-related, we believe that the User ID on your TD Ameritrade Institutional account matches an email address from that breach. 

As a precaution, we have expired the password on your TD Ameritrade Institutional account. We know that many people reuse the same passwords on multiple websites, so it is important that we take this proactive step.* 

You will need to log in to your TD Ameritrade Institutional account to change your password. Please be sure that the new password you create is different from your previous one. 

If you have trouble accessing your account, or if you have any questions, please contact your Advisor or call TD Ameritrade Institutional at 800-431-3500 option 2. 

Sincerely,

John Tovar 
John V. Tovar 
Managing Director, Brokerage Services

 

# – # – # – # – # 

Argh!

So because they have Clients that are boobs, I have to be inconvenienced?

And, I hate to tell them the LinkedIn breech was a LONG time ago.

I guess they had to figure out how to expire all the old passwords OR they just heard about it.

Argh!

# – # – # – # – # 


SECURITY: Tell me that this is for MY benefit

Saturday, May 14, 2016
Dear Ferdinand,

As we move closer to joining together with Starwood®, we want you to continue taking advantage of everything the Marriott Rewards® program has to offer by making sure your account information is current and secure.

It is our ongoing priority to ensure your personal information is protected. For your continued security, we will be implementing enhanced password protections over the next few weeks. 

You are receiving this email because your account password needs to be updated to comply with our revised security measures. We encourage you to log in and follow the steps below as soon as possible to ensure uninterrupted access to your account when the new password requirements take effect.

As a reminder, experts recommend that you periodically change the passwords you use to access websites as a precaution. Changing your Marriott Rewards password is easy. All you will need to do is:

Log in to your Marriott Rewards account on your desktop or laptop
 
Select “My Account”
 
Select “Profile”
 
Select “Edit” in the Password section
 
Enter current and new password
 
Confirm your identity if you are not using a registered device
Log on now to your Marriott Rewards account to take action. Thank you very much for taking the time to update your password information. 

Sincerely,

Argh! I’m SURE that this id for MY benefit.

Argh! Laugh!

# – # – # – # – # 

 


%d bloggers like this: