Password managers help users remember all their passwords – but can be a much more powerful tool for dramatically limiting the damage in the event of a single account being compromised.
Criminals increasingly use credential-stuffing attacks where automated tools use previously-breached account details to gain access to the user’s other accounts.
A good password manager ensures you can use a strong, randomly generated and distinct password across each of your accounts to prevent any single breach putting other data at risk.
Keeper can also notify users when breached passwords are identified online, integrate with single sign on tools such as Active Directory, and enforce multi-factor authentication – all important considerations for organisations needing to maintain cybersecurity standards across large teams.
For added convenience, Keeper is available via the web, Windows/MacOS desktop clients, browser extension and Android/iOS mobile app.
For Cybersecurity advice and expertise, please contact our team today.
How secure is your password?… One of the biggest reasons for security breaches is weak passwords. People often choose passwords that are too short. Regardless of how tedious it seems, make it a point to update your passwords regularly; use upper and lower case letters along with symbols and numbers.
The key measurement of password security is entropy. This, in computer science terms, is a measurement of how unpredictable a password is, based on how long it would take an attacker to work it out by making a guess at each character. As a standard, longer passwords are by definition more secure and harder to crack. In the table below you can see how shorter/easier passwords, are quicker to crack.
What should a password look like
Strong, secure passwords have a lot in common; they are usually long, unique, random and involve a mixture of lowercase and uppercase letters as well as special characters and numbers. Trying to create passwords that comprised of all of these aspects, can sometimes be challenging.
Most insecure passwords are the result of our human behaviour. People do a lot of very predictable things and in general find it difficult to be random, especially when they are actively trying to be. For instance putting special characters only at the beginning or end rather than mixing them up in the middle, or using common phrases and keyboard patterns. So that we can remember we often try to use memorable pieces of information but we should always, where possible, avoid clues and references to our personal lives.
Where can I go for advice
There are many articles online to help assist with what a strong password looks like. At a recent event Lineal ran with the South West Police Regional Cyber Crime Unit, which focused on cyber security, password strength was highlighted as a high risk for many businesses and individuals.
To find out more, or if you require any help with ways to help protect your business, please contact the IT support team at Lineal.
Apple have issued a fix for yesterday’s severe security alert, after it emerged the tech giant’s High Sierra operating system would allow access to many users’ MacOS Root User without entering a password.
The story caused alarm around the world, as Mac users discovered full administrator control of their device was available to anyone within reach of the keyboard.
Discovered by a Turkish developer who tweeted it to Apple Support, Lemi Ergin, the widely publicised fault is believed to affect all Apple MacOS devices (such as the iMac and MacBook ranges) running version 10.13.1 or newer.
Mr Ergin has since published an article on Medium defending his decision to flag the vulnerability publicly, arguing that despite the security flaw being public knowledge on the Apple Developer Forum since 13th November, Apple had failed for resolve the issue.
Yesterday Lineal published guidance to all our Mac clients, advising caution over the physical security of Apple hardware, and explaining the need for users to set a new root password to temporarily secure their Mac while Apple worked on a security fix.
The failure to set a random default MacOS root password (a fundamental technical security feature) once again calls into question the recent competence of Apple’s historically excellent quality control and product testing, and may slow the adoption of the firm’s latest flagship operating system. The widespread media publicity surrounding the story is also likely to undermine Apple’s long-held reputation for security on Mac devices.
Apple issued an apology, stating ‘We greatly regret this error and apologise to all Mac users.”
Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?
Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.
Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!
Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.
Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!
If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.
Lineal’s advice is to stick to the following basics:
Avoid physical theft:
Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.
Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.
Never tell anyone your password, and change your password if you suspect it has been compromised.
Ease of Access:
If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.
Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.
Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.
Preventing digital theft:
Use different passwords for your most important accounts, such as online banking.
Use two-stage authentication.
Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.
Consult IT specialists to ensure office networks are protected from outside attacks.