You’ll enter a username, and your phone will buzz to ask you if it is really you who is attempting to log in. Just keep your phone with you, and passwords may be a thing of the past.

But protect your phone so that an unauthorized person doesn’t gain access to it. Would you be willing to risk it? At least nobody thousands of miles away would come to steal your phone. But what about someone else in your office that gains access to your phone and approves a bogus logon so they could do you harm?

The obvious less convenient, but more secure, solution is two-step logon where you enter a user name and password, then your phone buzzes asking you to confirm. Someone else stealing your phone won’t help them at all, as long as they don’t know your password too.

The post No More Passwords appeared first on Foster Institute.

Dropbox says that they did not suffer a password breach. Instead, some users (I hope not you) actually use the same password for their Dropbox accounts as they do on other web sites. When hackers steal passwords for those sites, they’ll try the same password at Dropbox to see if that is the password there too. This underscores how important it is to use a different password at every website you visit.

Take these 3 steps right away:

First, read the short and plain English recommendations for using password managers, guidance about ways to protect yourself if the password manager is breached: What to Do About Your Passwords

Second, follow the instructions at Dropbox: Enable Two-step Verification

Third, send this to all of your friends and please post your comments below….

The post Did You Cause Your Own Dropbox Breach? appeared first on Foster Institute.

The reality is that you can have, contrary to what some people believe, both security and productivity at the same time.

Enforcing security policies that dictate strong passwords is a common problem and sometimes results in, understandably, executives responding something like, “That will make our salespeople angry and we can’t afford to slow down their workflow!  Let’s leave the passwords restrictions the way they are.”  As a result, some companies still allow two letter passwords that never have to be changed. Attackers love that!

The IT professionals are right about security being important. But the executives “have the final say.”

Sometimes the key is to discuss changes with the executives that meet two criteria:  First, the change will improve security, and second, the users may not even notice the change.

Here’s a common problem: Putting productivity too far ahead of security such that security gets nearly wiped out.

Password restrictions are a change that most users will notice. Hence, IT professionals may receive a great deal of push-back from users, including executives if the password restrictions have been lax for a long time.

However, users will never notice many, in fact the majority, of security settings.  An example may be, as long as your users aren’t  used to installing their own programs (which is a bad idea anyway), is making users “just plain users” on their own machine rather than having, (the most common way), users being something called “local administrators.”

That modification alone can make enormous improvements in security because it is more difficult for attackers to “trick users into installing viruses on their machines” since users can’t install anything on their machines anyway. And maybe the users won’t notice anyway.

The real issue: It is your role to talk with your IT professionals and ask them, “Are you implementing the protections that users won’t notice anyway?”.

Stay tuned for more about “What to ask your IT Professionals” so that you know the right questions to ask.

Please forward this to your friends and post your comments below…

The post Adding Security Makes Systems Unusable! appeared first on Foster Institute.

1. Passwords You Need to Keep Really Secure—write these down and enter them manually. Example: Bank passwords
2. Passwords that Protect what You Feel are Lower Security Resources. Example: Airline web site logins.

If you are going to use a password manager program to remember your passwords, only trust it with the second group of passwords. Remember your most important password in your mind.

I agree that having to enter the passwords is too much trouble! This is one of those risks vs. productivity quandaries.

Please post your comments, especially about password managers you like to use.

The post Passwords are Difficult to Remember appeared first on Foster Institute.