You assign your IT team the responsibility to secure and manage the keys to the vehicles, so you give each member of your IT team a copy of the master key.

Here is where it gets crazy: Suppose that there is a well-known tradition, in all companies, for IT professionals to store their master keys in the top drawer of their desks. Unfortunately, if someone wants to steal a vehicle, they know right where to find a master key. They can take all the cars once they gain access to the master, and they know exactly where to find it.

In the real world, your IT team has the responsibility to secure and manage your most sensitive data. In doing so, they have the master keys that unlock all the other keys. It is a tradition to give all IT professionals, and even outside consultants, keys to the master lockbox. The shocking part is that all IT professionals are encouraged to store the master keys in the same place, in the default well-known security groups named schema, enterprise, and domain admins.

Your IT team must create new security groups, with different names, in which to store the master keys. It is crucial that the new groups only provide specific privileges to member users on a need to know basis. It is ok if this strategy is new to them.

To measure this, ask your IT professionals to show you what users are members of those default security groups. Discuss moving those users into specific groups that provide the least amount of access they need to perform their work. Depending on the complexity of your system, this may take more time. IT professionals are always busy, so discuss with them their current projects, then prioritize this essential security improvement accordingly.

Storing master keys in a well-known location is absurd, and it is likely that you are doing that now.

The post The Insanity of Your Network – Storing Keys in the Same Place as Everyone Else appeared first on Foster Institute.

Using plain letters is enough; numbers and symbols are optional.

Passwords need to be long, at least 8 characters. 16 or more is better.

You don’t have to reset passwords unless you suspect a data breach. Wow!

However, passwords cannot match a database of stolen or easy to guess passwords. And, your login mechanism has to have a way to verify that.

That’s the basic gist. You can read the details in the NIST Special Publication 800-63 at https://pages.nist dot gov/800-63-3/sp800-63-3.html It covers secret questions, two step login, etc.

Now, hopefully PCI and other standards will update their rules too.

Please forward this to anyone who is sick of complicated passwords and having to change them every 90 days.

The post Make Life Easier – Go Back to Easy Passwords appeared first on Foster Institute.

Password managers are very helpful since they make it so convenient to be secure, and can greatly simplify and speed up the login process at websites. Many people feel password managers are worth the risks, especially when the risks can be minimized as summarized below:

First, as you can see, there is no guarantee that password managers are perfect. Never store super-sensitive passwords into your password manager. Store them in your head.

Second, enable two-step verification on all websites. Then, if an unauthorized person obtains your password, they will have a difficult time logging in, if they cannot perform the second step.

Third, one of the ways to launch the exploit involves tricking the user into clicking a link, such as a link in an email message, or getting a script to run on a web page as the user visits the page. Using click-to-play can greatly minimize those risks.

To learn more about the first two, see last week’s newsletter posted at www.fosterinstitute dot com/blog/your-iphone-and-ipad-are-in-danger. Never mind the title; the content addresses the first two steps listed above even if you use Windows or Android.

As for the third point, we’ll cover click-to-play next week, or you can simply google those terms and get started right away.

The announcement came from LastPass, and don’t panic if you use it. LastPass says the exploit is very difficult for an attacker to use, but not impossible. Resetting your passwords is not going to help, yet. Only after LastPass develops a patch, and then only when LastPass on your computers are patched. LastPass said this only affects users using the LastPass extension in Chrome, but that researchers have used the exploit in other browsers too. Email us if you want more technical details.

Please forward this to anyone you know who may use a password manager or lets their browsers remember their passwords.

The post Alert – A Popular Password Manager Has Serious Security Flaw Right Now appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

Visit two factor auth dot org (no spaces) for a list of services that already permit you to choose two step login. Each site will walk you through the process.

Google calls their service 2 step verification. Google that phrase to find instructions on Google’s site.

Forward this to everyone who you care about so that they can be more cyber-secure too.

The post Gmail Passwords Stolen, Possibly Millions of Them appeared first on Foster Institute.

Notice that, for the usernames most likely to exist on computers, the attacker tries more password guesses:

1398 different passwords attempted with this guessed username: Administrator
836 different passwords attempted with this guessed username: Admin
554 different passwords attempted with this guessed username: user
314 different passwords attempted with this guessed username: test
314 different passwords attempted with this guessed username: user1
160 different passwords attempted with this guessed username: user2
156 different passwords attempted with this guessed username: user3
156 different passwords attempted with this guessed username: admin1
155 different passwords attempted with this guessed username: test1
111 different passwords attempted with this guessed username: guest
91 different passwords attempted with this guessed username: sql
89 different passwords attempted with this guessed username: aspnet
87 different passwords attempted with this guessed username: support_388945a0
84 different passwords attempted with this guessed username: david
83 different passwords attempted with this guessed username: root
82 different passwords attempted with this guessed username: backup
80 different passwords attempted with this guessed username: sys
80 different passwords attempted with this guessed username: support
80 different passwords attempted with this guessed username: Other
80 different passwords attempted with this guessed username: a
78 different passwords attempted with this guessed username: test2
78 different passwords attempted with this guessed username: server
78 different passwords attempted with this guessed username: 1
78 different passwords attempted with this guessed username: john
78 different passwords attempted with this guessed username: test3
78 different passwords attempted with this guessed username: console
78 different passwords attempted with this guessed username: owner
78 different passwords attempted with this guessed username: actuser
78 different passwords attempted with this guessed username: 123
78 different passwords attempted with this guessed username: adm
78 different passwords attempted with this guessed username: admin2
78 different passwords attempted with this guessed username: user4
78 different passwords attempted with this guessed username: user5
32 different passwords attempted with this guessed username: surferquest
18 different passwords attempted with this guessed username: auditor
15 different passwords attempted with this guessed username: alilong
14 different passwords attempted with this guessed username: SCOTT
13 different passwords attempted with this guessed username: chirotouch
13 different passwords attempted with this guessed username: PEGGY
12 different passwords attempted with this guessed username: follow
12 different passwords attempted with this guessed username: CHERYL
12 different passwords attempted with this guessed username: TERRI
11 different passwords attempted with this guessed username: ETB User
10 different passwords attempted with this guessed username: system_backupDB
10 different passwords attempted with this guessed username: QBPOSDBSrvUser
10 different passwords attempted with this guessed username: xuhai
10 different passwords attempted with this guessed username: tu
9 different passwords attempted with this guessed username: mroot
9 different passwords attempted with this guessed username: manager
9 different passwords attempted with this guessed username: justin
8 different passwords attempted with this guessed username: iis
8 different passwords attempted with this guessed username: Linux
7 different passwords attempted with this guessed username: acs
7 different passwords attempted with this guessed username: vetvault
7 different passwords attempted with this guessed username: squirrel
7 different passwords attempted with this guessed username: user01
7 different passwords attempted with this guessed username: crsuser
6 different passwords attempted with this guessed username: saleslan
6 different passwords attempted with this guessed username: IUSR_SOR
6 different passwords attempted with this guessed username: scan
6 different passwords attempted with this guessed username: expedite
6 different passwords attempted with this guessed username: DSNVSUser
6 different passwords attempted with this guessed username: reception
6 different passwords attempted with this guessed username: hei
6 different passwords attempted with this guessed username: VNIAdmin_DoNotDelete
6 different passwords attempted with this guessed username: kaypro
6 different passwords attempted with this guessed username: payroll
6 different passwords attempted with this guessed username: mark
6 different passwords attempted with this guessed username: alex
6 different passwords attempted with this guessed username: linhai
6 different passwords attempted with this guessed username: ntsec_admin
6 different passwords attempted with this guessed username: lisa
6 different passwords attempted with this guessed username: oprrs
6 different passwords attempted with this guessed username: monster
5 different passwords attempted with this guessed username: Acsadmin
5 different passwords attempted with this guessed username: cli
5 different passwords attempted with this guessed username: awesen
5 different passwords attempted with this guessed username: aloha
5 different passwords attempted with this guessed username: micrologic
5 different passwords attempted with this guessed username: scanner
5 different passwords attempted with this guessed username: swentz
5 different passwords attempted with this guessed username: jacob
5 different passwords attempted with this guessed username: jordan
5 different passwords attempted with this guessed username: backoffice
5 different passwords attempted with this guessed username: amiga
5 different passwords attempted with this guessed username: pos
4 different passwords attempted with this guessed username: warehouse
4 different passwords attempted with this guessed username: rdspos
4 different passwords attempted with this guessed username: linda
4 different passwords attempted with this guessed username: copier
4 different passwords attempted with this guessed username: rds
4 different passwords attempted with this guessed username: acasey
4 different passwords attempted with this guessed username: mary
4 different passwords attempted with this guessed username: sapsupport
4 different passwords attempted with this guessed username: Post6
4 different passwords attempted with this guessed username: james
4 different passwords attempted with this guessed username: micros
4 different passwords attempted with this guessed username: spppse
4 different passwords attempted with this guessed username: possvr
4 different passwords attempted with this guessed username: apple_terminal
3 different passwords attempted with this guessed username: shipping
3 different passwords attempted with this guessed username: manw
3 different passwords attempted with this guessed username: MssqlUser
3 different passwords attempted with this guessed username: miass
3 different passwords attempted with this guessed username: receptionist
3 different passwords attempted with this guessed username: grace
3 different passwords attempted with this guessed username: iusr_qa
3 different passwords attempted with this guessed username: hk
3 different passwords attempted with this guessed username: fax
3 different passwords attempted with this guessed username: menw
3 different passwords attempted with this guessed username: sales
3 different passwords attempted with this guessed username: parts
3 different passwords attempted with this guessed username: Tsmotw
3 different passwords attempted with this guessed username: svc-netmon
3 different passwords attempted with this guessed username: staff
3 different passwords attempted with this guessed username: adminsc5
3 different passwords attempted with this guessed username: ssyyet
3 different passwords attempted with this guessed username: sysadmin
3 different passwords attempted with this guessed username: ashley
3 different passwords attempted with this guessed username: araxi
3 different passwords attempted with this guessed username: ccdrs
3 different passwords attempted with this guessed username: ava
3 different passwords attempted with this guessed username: Cat
3 different passwords attempted with this guessed username: Spectra
3 different passwords attempted with this guessed username: tech
3 different passwords attempted with this guessed username: voicemail
3 different passwords attempted with this guessed username: adm1n
3 different passwords attempted with this guessed username: terry
3 different passwords attempted with this guessed username: Administrador
2 different passwords attempted with this guessed username: laptop
2 different passwords attempted with this guessed username: lab
2 different passwords attempted with this guessed username: Astsm
2 different passwords attempted with this guessed username: larry
2 different passwords attempted with this guessed username: lee
2 different passwords attempted with this guessed username: billing
2 different passwords attempted with this guessed username: besadmin
2 different passwords attempted with this guessed username: bill
2 different passwords attempted with this guessed username: joshua
2 different passwords attempted with this guessed username: kathy
2 different passwords attempted with this guessed username: avery
2 different passwords attempted with this guessed username: beadmin
2 different passwords attempted with this guessed username: Kantech
2 different passwords attempted with this guessed username: keith
2 different passwords attempted with this guessed username: kiosk
2 different passwords attempted with this guessed username: aubrey
2 different passwords attempted with this guessed username: joseph
2 different passwords attempted with this guessed username: benjamin
2 different passwords attempted with this guessed username: lewis
2 different passwords attempted with this guessed username: alan
2 different passwords attempted with this guessed username: aiden
2 different passwords attempted with this guessed username: addison
2 different passwords attempted with this guessed username: lvellman
2 different passwords attempted with this guessed username: madison
2 different passwords attempted with this guessed username: manger
2 different passwords attempted with this guessed username: accountant
2 different passwords attempted with this guessed username: mia
2 different passwords attempted with this guessed username: abigail
2 different passwords attempted with this guessed username: mason
2 different passwords attempted with this guessed username: matthew
2 different passwords attempted with this guessed username: adam
2 different passwords attempted with this guessed username: angela
2 different passwords attempted with this guessed username: andrew
2 different passwords attempted with this guessed username: andrea
2 different passwords attempted with this guessed username: liam
2 different passwords attempted with this guessed username: anthony
2 different passwords attempted with this guessed username: lillian
2 different passwords attempted with this guessed username: logmeinremoteuser
2 different passwords attempted with this guessed username: lori
2 different passwords attempted with this guessed username: lucas
2 different passwords attempted with this guessed username: amelia
2 different passwords attempted with this guessed username: alexander
2 different passwords attempted with this guessed username: logan
2 different passwords attempted with this guessed username: joe
2 different passwords attempted with this guessed username: cindy
2 different passwords attempted with this guessed username: chris
2 different passwords attempted with this guessed username: chloe
2 different passwords attempted with this guessed username: CorpOwner
2 different passwords attempted with this guessed username: evelyn
2 different passwords attempted with this guessed username: consult
2 different passwords attempted with this guessed username: front
2 different passwords attempted with this guessed username: frontdesk
2 different passwords attempted with this guessed username: gabriel
2 different passwords attempted with this guessed username: checkout
2 different passwords attempted with this guessed username: FranOwner
2 different passwords attempted with this guessed username: checkin
2 different passwords attempted with this guessed username: ethan
2 different passwords attempted with this guessed username: elijah
2 different passwords attempted with this guessed username: elizabeth
2 different passwords attempted with this guessed username: ella
2 different passwords attempted with this guessed username: doctor
2 different passwords attempted with this guessed username: don
2 different passwords attempted with this guessed username: donna
2 different passwords attempted with this guessed username: dennis
2 different passwords attempted with this guessed username: daniel
2 different passwords attempted with this guessed username: cs13368
2 different passwords attempted with this guessed username: emily
2 different passwords attempted with this guessed username: emma
2 different passwords attempted with this guessed username: eric
2 different passwords attempted with this guessed username: general
2 different passwords attempted with this guessed username: bruce
2 different passwords attempted with this guessed username: jack
2 different passwords attempted with this guessed username: jackson
2 different passwords attempted with this guessed username: buexec
2 different passwords attempted with this guessed username: isabella
2 different passwords attempted with this guessed username: bruno
2 different passwords attempted with this guessed username: bkupexec
2 different passwords attempted with this guessed username: jerry
2 different passwords attempted with this guessed username: jim
2 different passwords attempted with this guessed username: brian
2 different passwords attempted with this guessed username: jayden
2 different passwords attempted with this guessed username: jeff
2 different passwords attempted with this guessed username: intern
2 different passwords attempted with this guessed username: harper
2 different passwords attempted with this guessed username: charlie
2 different passwords attempted with this guessed username: chad
2 different passwords attempted with this guessed username: glenn
2 different passwords attempted with this guessed username: charlotte
2 different passwords attempted with this guessed username: grocery
2 different passwords attempted with this guessed username: canon
2 different passwords attempted with this guessed username: info
2 different passwords attempted with this guessed username: install
2 different passwords attempted with this guessed username: celerant
2 different passwords attempted with this guessed username: henry
2 different passwords attempted with this guessed username: carlos
2 different passwords attempted with this guessed username: remote
2 different passwords attempted with this guessed username: tim
2 different passwords attempted with this guessed username: tom
2 different passwords attempted with this guessed username: Ray
2 different passwords attempted with this guessed username: robert
2 different passwords attempted with this guessed username: roger
2 different passwords attempted with this guessed username: RETAIL
2 different passwords attempted with this guessed username: ricoh
2 different passwords attempted with this guessed username: Post4
2 different passwords attempted with this guessed username: Post7
2 different passwords attempted with this guessed username: trish
2 different passwords attempted with this guessed username: peter
2 different passwords attempted with this guessed username: production
2 different passwords attempted with this guessed username: tony
2 different passwords attempted with this guessed username: toshiba
2 different passwords attempted with this guessed username: tool
2 different passwords attempted with this guessed username: sophia
2 different passwords attempted with this guessed username: sqladmin
2 different passwords attempted with this guessed username: Tech01
2 different passwords attempted with this guessed username: sofia
2 different passwords attempted with this guessed username: steve
2 different passwords attempted with this guessed username: symantec
2 different passwords attempted with this guessed username: stanley
2 different passwords attempted with this guessed username: t1
2 different passwords attempted with this guessed username: samuel
2 different passwords attempted with this guessed username: scans
2 different passwords attempted with this guessed username: terasoma
2 different passwords attempted with this guessed username: temp
2 different passwords attempted with this guessed username: Silverx
2 different passwords attempted with this guessed username: skaner
2 different passwords attempted with this guessed username: security
2 different passwords attempted with this guessed username: shop
2 different passwords attempted with this guessed username: operator
2 different passwords attempted with this guessed username: olivia
2 different passwords attempted with this guessed username: natalie
2 different passwords attempted with this guessed username: zoey
2 different passwords attempted with this guessed username: mike
2 different passwords attempted with this guessed username: william
2 different passwords attempted with this guessed username: ospite
2 different passwords attempted with this guessed username: office
2 different passwords attempted with this guessed username: veronica
2 different passwords attempted with this guessed username: vismail
2 different passwords attempted with this guessed username: victoria
2 different passwords attempted with this guessed username: noah
2 different passwords attempted with this guessed username: ncrm
2 different passwords attempted with this guessed username: wand
2 different passwords attempted with this guessed username: nss256wendys
2 different passwords attempted with this guessed username: michael
2 different passwords attempted with this guessed username: microssvc
2 different passwords attempted with this guessed username: visitor
2 different passwords attempted with this guessed username: xerox
1 different passwords attempted with this guessed username: template
1 different passwords attempted with this guessed username: cia
1 different passwords attempted with this guessed username: cihan
1 different passwords attempted with this guessed username: cayetano
1 different passwords attempted with this guessed username: muhasebe
1 different passwords attempted with this guessed username: bruno1234
1 different passwords attempted with this guessed username: comercial
1 different passwords attempted with this guessed username: susan
1 different passwords attempted with this guessed username: vrfy
1 different passwords attempted with this guessed username: camilie
1 different passwords attempted with this guessed username: teresa
1 different passwords attempted with this guessed username: telnet
1 different passwords attempted with this guessed username: ted
1 different passwords attempted with this guessed username: tape
1 different passwords attempted with this guessed username: washington
1 different passwords attempted with this guessed username: web
1 different passwords attempted with this guessed username: taylor
1 different passwords attempted with this guessed username: tcp
1 different passwords attempted with this guessed username: tarragona
1 different passwords attempted with this guessed username: tanya
1 different passwords attempted with this guessed username: teds
1 different passwords attempted with this guessed username: acct1
1 different passwords attempted with this guessed username: t12010
1 different passwords attempted with this guessed username: tammy
1 different passwords attempted with this guessed username: www
1 different passwords attempted with this guessed username: ceyda
1 different passwords attempted with this guessed username: accounting
1 different passwords attempted with this guessed username: training
1 different passwords attempted with this guessed username: tracy
1 different passwords attempted with this guessed username: travis
1 different passwords attempted with this guessed username: transition
1 different passwords attempted with this guessed username: vance
1 different passwords attempted with this guessed username: tracey
1 different passwords attempted with this guessed username: appservadmin
1 different passwords attempted with this guessed username: appismo
1 different passwords attempted with this guessed username: vanschoor
1 different passwords attempted with this guessed username: trent
1 different passwords attempted with this guessed username: user02
1 different passwords attempted with this guessed username: tsadmin
1 different passwords attempted with this guessed username: user8
1 different passwords attempted with this guessed username: user7
1 different passwords attempted with this guessed username: truck
1 different passwords attempted with this guessed username: tricia
1 different passwords attempted with this guessed username: uwe
1 different passwords attempted with this guessed username: troisi
1 different passwords attempted with this guessed username: uucp
1 different passwords attempted with this guessed username: timc
1 different passwords attempted with this guessed username: thomas
1 different passwords attempted with this guessed username: timeclock
1 different passwords attempted with this guessed username: beer
1 different passwords attempted with this guessed username: therese
1 different passwords attempted with this guessed username: term
1 different passwords attempted with this guessed username: teri
1 different passwords attempted with this guessed username: theresa
1 different passwords attempted with this guessed username: texas
1 different passwords attempted with this guessed username: backupexec
1 different passwords attempted with this guessed username: vcs
1 different passwords attempted with this guessed username: toni
1 different passwords attempted with this guessed username: vargas
1 different passwords attempted with this guessed username: tonya
1 different passwords attempted with this guessed username: tommy
1 different passwords attempted with this guessed username: timothy
1 different passwords attempted with this guessed username: timeclock mails
1 different passwords attempted with this guessed username: todd
1 different passwords attempted with this guessed username: tina
1 different passwords attempted with this guessed username: perl
1 different passwords attempted with this guessed username: pentagon
1 different passwords attempted with this guessed username: piotr
1 different passwords attempted with this guessed username: Post2
1 different passwords attempted with this guessed username: Post1
1 different passwords attempted with this guessed username: paul1234
1 different passwords attempted with this guessed username: kevin
1 different passwords attempted with this guessed username: pcadmin
1 different passwords attempted with this guessed username: karen
1 different passwords attempted with this guessed username: pdf
1 different passwords attempted with this guessed username: posuser
1 different passwords attempted with this guessed username: postmaster
1 different passwords attempted with this guessed username: prepress
1 different passwords attempted with this guessed username: program
1 different passwords attempted with this guessed username: IUSR_SERVER
1 different passwords attempted with this guessed username: jimmy
1 different passwords attempted with this guessed username: Post3
1 different passwords attempted with this guessed username: Post5
1 different passwords attempted with this guessed username: poste2
1 different passwords attempted with this guessed username: Post8
1 different passwords attempted with this guessed username: paul
1 different passwords attempted with this guessed username: myhost
1 different passwords attempted with this guessed username: nasa
1 different passwords attempted with this guessed username: love
1 different passwords attempted with this guessed username: neil
1 different passwords attempted with this guessed username: micros1
1 different passwords attempted with this guessed username: michelle
1 different passwords attempted with this guessed username: miguel
1 different passwords attempted with this guessed username: marco
1 different passwords attempted with this guessed username: mode
1 different passwords attempted with this guessed username: parking
1 different passwords attempted with this guessed username: ospite1234
1 different passwords attempted with this guessed username: patrizia
1 different passwords attempted with this guessed username: kubik
1 different passwords attempted with this guessed username: patrizia2
1 different passwords attempted with this guessed username: lorenzo
1 different passwords attempted with this guessed username: netsis
1 different passwords attempted with this guessed username: network
1 different passwords attempted with this guessed username: orders
1 different passwords attempted with this guessed username: new
1 different passwords attempted with this guessed username: publish
1 different passwords attempted with this guessed username: socket
1 different passwords attempted with this guessed username: SmokinPremiums
1 different passwords attempted with this guessed username: solaris
1 different passwords attempted with this guessed username: documents
1 different passwords attempted with this guessed username: domain
1 different passwords attempted with this guessed username: scan123
1 different passwords attempted with this guessed username: expn
1 different passwords attempted with this guessed username: evan
1 different passwords attempted with this guessed username: silver
1 different passwords attempted with this guessed username: esmtp
1 different passwords attempted with this guessed username: station4
1 different passwords attempted with this guessed username: cscadmin
1 different passwords attempted with this guessed username: sue
1 different passwords attempted with this guessed username: supervisor
1 different passwords attempted with this guessed username: contract
1 different passwords attempted with this guessed username: spiceworks
1 different passwords attempted with this guessed username: soss
1 different passwords attempted with this guessed username: daniela
1 different passwords attempted with this guessed username: csi
1 different passwords attempted with this guessed username: SQLAgentCmdExec
1 different passwords attempted with this guessed username: salesman
1 different passwords attempted with this guessed username: reguser
1 different passwords attempted with this guessed username: rcpt
1 different passwords attempted with this guessed username: relay
1 different passwords attempted with this guessed username: guard
1 different passwords attempted with this guessed username: halt
1 different passwords attempted with this guessed username: qwerty
1 different passwords attempted with this guessed username: query
1 different passwords attempted with this guessed username: rad
1 different passwords attempted with this guessed username: radiant
1 different passwords attempted with this guessed username: IME_ADMIN
1 different passwords attempted with this guessed username: rupert
1 different passwords attempted with this guessed username: fuji1
1 different passwords attempted with this guessed username: FPUPDENGUSR
1 different passwords attempted with this guessed username: fbi
1 different passwords attempted with this guessed username: sales2
1 different passwords attempted with this guessed username: report
1 different passwords attempted with this guessed username: renteria
1 different passwords attempted with this guessed username: good
1 different passwords attempted with this guessed username: gans
1 different passwords attempted with this guessed username: richard

The post Anatomy of a Password Attack appeared first on Foster Institute.

First, never put your most sensitive passwords into any password manager. That means passwords to your banks, online trading accounts, and any other websites that aren’t worth exposing to any increased risk. More information here: Passwords are Difficult to Remember

Second, always enable the two-step login process on your password manager. An example of this solution: You enter a username and password into a website, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process. That way, even if an attacker learns your password, they will need to have the device you are using for two-step login. In this example, an attacker would likely need to steal your mobile phone too before they could log on, even if they know your username and password. Unless someone in close proximity to you is a member of the group that hacked LastPass, then they might need to travel a long way in order to steal your phone from you.

With the LastPass breach, as of this moment, LastPass thinks that the hackers stole passwords, but that the passwords are all encrypted. They think that, as long as an attacker doesn’t know your password to LastPass, then the attacker won’t be able to use your passwords at any of your protected sites. In addition, if you use two-step login on LastPass, you are quite possibly protected even if the attacker does learn your LastPass password.

If you receive an email that appears to be from LastPass instructing you to “Click Here to Reset Your Password”. Do not click; it might be a trick.

Password managers are very helpful. They speed up workflow and prevent problems such as a user using the same password at more than one website. When using a password manager, just be sure to follow the two steps above. Be selective when choosing what passwords to store, and enable two-step login. Find more information about how to handle passwords here: What to Do About Your Passwords

Forward this to everyone you know who uses a password manager. Additionally, forward it to everyone you know who is not using a password manager – they probably should be using one; just be sure they follow the guidelines above.  Thank you for helping keep the world a safer place to live and work!

Password Managers and Two Step Logins

After the LastPass announcement, many readers have reached out with questions about password managers and about two step login. Important points:
First: Just because LastPass discovered, and announced their breach, does not mean that other password managers aren’t breached as well.

Second: You enabling and configuring two step logon to LastPass, or any other password manager, is intended to make authenticating to that password manager more secure. That strategy is designed to make it more difficult for an attacker to be able to use your password manager to discover or use your passwords to websites.

Remember, a password manager’s function is to store your passwords for you so that you do not need to type those passwords into websites.

Password Managers are designed to be a tool that provides more of a convenience than security. A password manager also makes it easier for you to use secure password habits. For example, you can use different passwords for each of your websites rather than using the same password on multiple sites, without you needing to remember all of your passwords.

Keep in mind that an attacker could potentially learn your passwords in other ways too.

Therefore, you still need to enable 2-step logon on sites too. Websites such as PayPal, DropBox, GoogleApps, and the many others support two step logon. Now, no matter how an attacker learns your password, the two step login on specific sites is designed to help protect you from bad guys attempting to authenticate to those sites using your password.

Third: Configuring a password manager, or a website, for two-step logon will hopefully be an easy process. However, if you run into difficulty, don’t give up. Enlist the assistance of someone e-savvy who has experience setting up the two-step logon. Alternatively, you might choose to contact technical support.

Most likely, everything will go smoothly when you follow the instructions. If you decide to search Google for answers to any questions that you have about configuring two step logon on websites and for your password manager, be sure to use Google’s search tools to restrict the search to recent postings. Finding new instructions obviously works better than following instructions, without your being aware that they are old, outdated instructions that do not work.

Please post your comments below…

The post LastPass Password Manager Hacked appeared first on Foster Institute.