Microsoft cautions against SMS 2FA

Microsoft have announced they will direct users away from SMS 2FA (‘text-based’ two-factor authentication) for security reasons.

Instead, the company will promote multi-factor authentication methods they consider to be more secure – including biometrics and secure authentication apps such as Microsoft Authenticator – for logging into Microsoft services such as Microsoft 365 and Azure.

SMS-based two-factor authentication, where the user typically receives a passcode text message to their smartphone that acts as a secondary confirmation of who they are, has been a staple of online banking and many other secure online services needing two-factor authentication (2FA) for over a decade.

However many now believes even SMS can be intercepted, and would rather sign users onto authenticator apps or issue secure keys with encoded passcode generation.

Official Microsoft statistics state that users who enable Multi-Factor Authentication (MFA) on their accounts to verify identity block 99.9% of all automated account breaches. Using SMS-based two-factor authentication should not ‘stop’ doing so (despite the flaws of SMS, any 2FA is better than none) but users should consider swapping to other methods.

We’ve talked before about the often-predicted ‘death of passwords’ – and possible scenarios for their phasing out, but in recent years a number of big tech firms, including Apple, Google and Microsoft have all suggested their long-term plans that seek to replace passwords with biometric or other forms of login.

However this modification to Microsoft’s advice will see more of a driving force behind MFA as specifically biometric, authenticator app or secure-key based, rather than relying on mobile networks for one-time passcodes.

 

For cybersecurity expertise and support, please contact out IT team today.


Lineal Becomes Keeper Partner

Lineal Software Solutions has become a managed servicer provider for Keeper Password Management.

We tested a number of different Password Management providers, including 1Password and LastPass, but were particularly impressed with Keeper.

Password management is increasingly recognised as a key pillar of cybersecurity: the UK National Cyber Security Centre admits it is ‘virtually impossible’ for users to use unique passwords for all their accounts without software assistance.

Password managers help users remember all their passwords – but can be a much more powerful tool for dramatically limiting the damage in the event of a single account being compromised.

Criminals increasingly use credential-stuffing attacks where automated tools use previously-breached account details to gain access to the user’s other accounts.

A good password manager ensures you can use a strong, randomly generated and distinct password across each of your accounts to prevent any single breach putting other data at risk.

Keeper can also notify users when breached passwords are identified online, integrate with single sign on tools such as Active Directory, and enforce multi-factor authentication – all important considerations for organisations needing to maintain cybersecurity standards across large teams.

For added convenience, Keeper is available via the web, Windows/MacOS desktop clients, browser extension and Android/iOS mobile app.

 

For Cybersecurity advice and expertise, please contact our team today.

 


Dropbox Trial New Password Manager

Cloud storage giant Dropbox is beta-testing a new password manager app – ‘Dropbox Passwords’ – by invitation only.

Password managers allow the user to generate and store encrypted, complex passwords for many user accounts inside a single piece of locked software and autofill them into websites and applications – making it easier to use diverse, complex passwords across all of your IT.

Password managers are measure increasingly recommended by respected cybersecurity authorities – including the UK National Cyber Security Centre. Options like 1Password, Lastpass and others are already well established, although Dropbox is likely to have significant reach to business customers considering using a password manager for the first time.

dropbox password manager google play

Unlike bigger rivals such as Microsoft’s Office 365 and Google’s G-suite, Dropbox do not offer workplace document editing apps – leading the company to explore new avenues for branching out beyond file-sharing and cloud-storage.

These plans have included Dropbox Paper (a collaboration and project management tool), integrations to other growing challenger-platforms such as Slack and Zoom, and now password management.

The rise of password managers have prompted some to speculate that the age of passwords (or at least – memorised key-string passwords) may be over – either replaced by biometrics or generated, encrypted, held and recalled by software.

Principally a cloud-storage company that helped establish file-sharing in the minds of those who had never used it before, only time will tell if Dropbox can establish a broader brand for securing a cloud-first IT business world.

Dropbox Passwords can be found by invitation only here: https://play.google.com/store/apps/details?id=com.dropbox.passwords_android

 

For cloud-software and cybersecurity expertise, please contact Lineal today.


Google Chrome Adds a Hacked Password Alarm

Google Chrome 79 will contain a Chrome hacked password alarm to notify at-risk users.

‘Password Checker’, which first appeared in October, will regularly compare user passwords saved in-browser against publicly-known data breaches.

The service will feel familiar to those who’ve tried the (often terrifying) but essential https://haveibeenpwned.com/ – which shows visitors where their email addresses have been compromised.

Chrome’s update is being gradually rolled out to new users, and is available within Settings > People > Sync and Google Services > Other Google Services, and is named ‘Warn you if passwords are exposed in a data breach.’

The alert mechanism is just the latest in a series of attempts to push users to safer browsing: 2019 also saw Google Chrome actively warn users of websites without valid security certificate, and penalise such websites in Google search rankings.

Chrome 79’s new hacked password alarm mechanism should prompt systematically when account credentials need password updates, and allow users to keep their accounts secure.

 

For IT support and cybersecurity expertise, contact Lineal today.


Cyber Crime hits the headlines

16844922351_ec30a1b111_z

Cyber crime is finally set to become the UK’s most common crime type, following inclusion in the latest crime figures from the Office for National Statistics (ONS).

This re-classification comes only days after news headlines emerged that an Eastern European crime group successfully used ‘Dridex’ malware to steal over £20m from UK bank accounts via thousands of infected PCs in the UK.

Cyber criminals are increasingly mounting more organised attacks on businesses, small and large – last year even U.S banking giant J.P Morgan suffered unfortunate press and a sudden plunge in its share price when digital thieves stole the personal information and contact details of more than 76 million customers.

The 2015 National Strategic Assessment from the National Crime Agency estimates that losses due to cyber crime in the UK now amount to a staggering £16 billion annually. The NCA also asserted that the theft of large amounts of private companies’ data still faces ‘considerable under reporting.’

Nowhere is this more threatening than for those in the financial services industry, where both reputations for reliability and access to funds make IT security of paramount importance, requiring compliance with the strictest procedures for identity validation, network safety and fraud detection.

All businesses need to be prepared for the future, where cyber crime is likely to become more sophisticated and UK companies may be expected to demonstrate greater data protection measures. This week Microsoft promoted it’s Financial Services Compliance program in connection with Office 365 – making assurances (aimed squarely at businesses in the financial sector) of direct access to staff and resources to ensure that Microsoft Office cloud services comply with financial security regulations.

Greater awareness of cyber crime amongst Government figures, the media and the public can only be a good thing, but ultimately it still remains very much up to the individual to ensure their IT systems are secure – before the worst happens.

 

More than 70% of businesses fail after significant data loss. Lineal can install a range of security measures to safeguard your business IT systems and data – enquire today via: http://www.lineal.co.uk/contact/

 

More from Lineal News

Flickr: GotCredit

Keeping your business IT secure – What’s the perfect password?

IT-Security

How to keep your IT Secure

Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?

Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.

Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!

Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.

Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!

Here at Lineal we’d also advise against ‘Remember Me’ automated sign-in functions, as well as Windows 10’s new Wi-Fi password sharing ‘Wi-Fi Sense’ Feature, as these make your chosen password redundant.

If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.

Lineal’s advice is to stick to the following basics:

Avoid physical theft:

  • Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.
  • Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.
  • Never tell anyone your password, and change your password if you suspect it has been compromised.

Ease of Access:

  • If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.
  • Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.
  • Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.

Preventing digital theft:

  • Use different passwords for your most important accounts, such as online banking.
  • Use two-stage authentication.
  • Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.
  • Consult IT specialists to ensure office networks are protected from outside attacks.

Your security should always be strong enough to give peace of mind. Lineal can provide expert advice and support for securing your IT systems: why not get in contact with us here?

More from Lineal News

Flikr: Jason Baker