Immediately change your password on Facebook.

If you haven’t done so, and every Facebook user should do this, turn on login approvals.

Go to Facebook dot com slash help and find the box at the top of the page named: Ask a question. Enter these words: How do I turn on login approvals.
Then follow the instructions.

Next, again at Facebook dot com slash help and, in the search box, enter: report an imposter account. The guide literally walks you through the process of what to do.

Please forward this to anyone you know who uses Facebook.

The post If Someone Impersonates You on Facebook appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

Visit two factor auth dot org (no spaces) for a list of services that already permit you to choose two step login. Each site will walk you through the process.

Google calls their service 2 step verification. Google that phrase to find instructions on Google’s site.

Forward this to everyone who you care about so that they can be more cyber-secure too.

The post Gmail Passwords Stolen, Possibly Millions of Them appeared first on Foster Institute.

First, never put your most sensitive passwords into any password manager. That means passwords to your banks, online trading accounts, and any other websites that aren’t worth exposing to any increased risk. More information here: Passwords are Difficult to Remember

Second, always enable the two-step login process on your password manager. An example of this solution: You enter a username and password into a website, and then your mobile phone buzzes and tells you to enter the code such as 777888 to complete the login process. That way, even if an attacker learns your password, they will need to have the device you are using for two-step login. In this example, an attacker would likely need to steal your mobile phone too before they could log on, even if they know your username and password. Unless someone in close proximity to you is a member of the group that hacked LastPass, then they might need to travel a long way in order to steal your phone from you.

With the LastPass breach, as of this moment, LastPass thinks that the hackers stole passwords, but that the passwords are all encrypted. They think that, as long as an attacker doesn’t know your password to LastPass, then the attacker won’t be able to use your passwords at any of your protected sites. In addition, if you use two-step login on LastPass, you are quite possibly protected even if the attacker does learn your LastPass password.

If you receive an email that appears to be from LastPass instructing you to “Click Here to Reset Your Password”. Do not click; it might be a trick.

Password managers are very helpful. They speed up workflow and prevent problems such as a user using the same password at more than one website. When using a password manager, just be sure to follow the two steps above. Be selective when choosing what passwords to store, and enable two-step login. Find more information about how to handle passwords here: What to Do About Your Passwords

Forward this to everyone you know who uses a password manager. Additionally, forward it to everyone you know who is not using a password manager – they probably should be using one; just be sure they follow the guidelines above.  Thank you for helping keep the world a safer place to live and work!

Password Managers and Two Step Logins

After the LastPass announcement, many readers have reached out with questions about password managers and about two step login. Important points:
First: Just because LastPass discovered, and announced their breach, does not mean that other password managers aren’t breached as well.

Second: You enabling and configuring two step logon to LastPass, or any other password manager, is intended to make authenticating to that password manager more secure. That strategy is designed to make it more difficult for an attacker to be able to use your password manager to discover or use your passwords to websites.

Remember, a password manager’s function is to store your passwords for you so that you do not need to type those passwords into websites.

Password Managers are designed to be a tool that provides more of a convenience than security. A password manager also makes it easier for you to use secure password habits. For example, you can use different passwords for each of your websites rather than using the same password on multiple sites, without you needing to remember all of your passwords.

Keep in mind that an attacker could potentially learn your passwords in other ways too.

Therefore, you still need to enable 2-step logon on sites too. Websites such as PayPal, DropBox, GoogleApps, and the many others support two step logon. Now, no matter how an attacker learns your password, the two step login on specific sites is designed to help protect you from bad guys attempting to authenticate to those sites using your password.

Third: Configuring a password manager, or a website, for two-step logon will hopefully be an easy process. However, if you run into difficulty, don’t give up. Enlist the assistance of someone e-savvy who has experience setting up the two-step logon. Alternatively, you might choose to contact technical support.

Most likely, everything will go smoothly when you follow the instructions. If you decide to search Google for answers to any questions that you have about configuring two step logon on websites and for your password manager, be sure to use Google’s search tools to restrict the search to recent postings. Finding new instructions obviously works better than following instructions, without your being aware that they are old, outdated instructions that do not work.

Please post your comments below…

The post LastPass Password Manager Hacked appeared first on Foster Institute.