At a client’s office this week, one of the IT Professionals had an interesting idea. He can configure two-step logon to contact him, not the consultant, for login verification.

If you configure this at your office, here is how it would work: First, the consultant would enter their username and password to login to your network. Then, an app on your smartphone would indicate that the outsourced consultant is trying to gain access. Then, you will be able to choose to allow or deny the consultant’s login attempt.

This IT Professional wants to know, in real-time, when someone is attempting to log on to his network. If you use this arrangement, you will have the capability to permit them or deny them access each and every time.

It is an interesting idea.

The post A Way to Control Consultant Access – Every Time appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

You’ll enter a username, and your phone will buzz to ask you if it is really you who is attempting to log in. Just keep your phone with you, and passwords may be a thing of the past.

But protect your phone so that an unauthorized person doesn’t gain access to it. Would you be willing to risk it? At least nobody thousands of miles away would come to steal your phone. But what about someone else in your office that gains access to your phone and approves a bogus logon so they could do you harm?

The obvious less convenient, but more secure, solution is two-step logon where you enter a user name and password, then your phone buzzes asking you to confirm. Someone else stealing your phone won’t help them at all, as long as they don’t know your password too.

The post No More Passwords appeared first on Foster Institute.