If you want to find out if your passwords were released, visit his site called https://haveibeenpwned.com. If you elect to enter your email address, he will tell you if it is in the collection and give you more details.

What do you do if you are on the list? Reset your passwords. Use a password manager that will remember your passwords for you to make your life easier when you use a different password at each website from now on.

Now is a great time to enable two-step verification. A basic form of two-step verification is when you enter a username and password, and you receive a text message code to type in. Enable two-step verification on PayPal, LinkedIn, Dropbox, Facebook and every other web service you use. On each website, look for Settings > Security. You may need to dig down, but more reputable sites now support two-step verification, but you must enable the feature.

Some bad news is that, about a week ago, a tool called Modlishka shows how to break two-step verification so it isn’t that secure, but two-step verification is still more secure than a simple username password combination. If it allows, have a website use some other method than texting you a password. Using an app on your phone or calling you via a voice call are options that are often more secure than the text message. Microsoft, Google, and a service called Duo offer these options and more. Having a hardware key is even better unless your laptop users leave the key stored in the laptop case, and their password written on the bottom of the laptop.

The post 773 Million Passwords Exposed – Were You Exposed? appeared first on Foster Institute.

Password managers are very helpful since they make it so convenient to be secure, and can greatly simplify and speed up the login process at websites. Many people feel password managers are worth the risks, especially when the risks can be minimized as summarized below:

First, as you can see, there is no guarantee that password managers are perfect. Never store super-sensitive passwords into your password manager. Store them in your head.

Second, enable two-step verification on all websites. Then, if an unauthorized person obtains your password, they will have a difficult time logging in, if they cannot perform the second step.

Third, one of the ways to launch the exploit involves tricking the user into clicking a link, such as a link in an email message, or getting a script to run on a web page as the user visits the page. Using click-to-play can greatly minimize those risks.

To learn more about the first two, see last week’s newsletter posted at www.fosterinstitute dot com/blog/your-iphone-and-ipad-are-in-danger. Never mind the title; the content addresses the first two steps listed above even if you use Windows or Android.

As for the third point, we’ll cover click-to-play next week, or you can simply google those terms and get started right away.

The announcement came from LastPass, and don’t panic if you use it. LastPass says the exploit is very difficult for an attacker to use, but not impossible. Resetting your passwords is not going to help, yet. Only after LastPass develops a patch, and then only when LastPass on your computers are patched. LastPass said this only affects users using the LastPass extension in Chrome, but that researchers have used the exploit in other browsers too. Email us if you want more technical details.

Please forward this to anyone you know who may use a password manager or lets their browsers remember their passwords.

The post Alert – A Popular Password Manager Has Serious Security Flaw Right Now appeared first on Foster Institute.

gotomypc two step verification site:citrix.com

If you want your IT Professionals to become even more effective, send them to the 2.5 day SuperTech workshop Monday thru Wednesday August 8 thru 10.

And, if you are an executive who wants more insight into working effectively with your IT Professionals and/or outsourced IT firm, please come too.

The workshop is designed in such a way that you can enjoy exploring Napa Valley and the San Francisco Bay area with your family while you are here.

Please email stacey @ fosterinstitute dot com for all of the details.

Please forward this to everyone whose cyber-security you care about, as well as anyone who would enjoy an exciting and educational end of summer experience in Napa Valley, CA.

The post GoToMyPC Forcing Reset of Passwords appeared first on Foster Institute.

I know – it would be so easy to blame Google. Those passwords were gathered from other “stolen password repositories” posted on the dark-web. They were originally acquired through key-loggers, social engineering, brute-force attacks, and a myriad of other ways. None of them, so far as anyone can tell, were stolen by bypassing any security on Google’s systems.

Once upon a time, imagine a situation where a company called Eulcon Inc. buys a lock from a company named Good-Lock. If an employee at Eulcon Inc. loses the key, and an attacker finds the key, and the attacker breaks into Eulcon, should they blame Good-Lock for the intrusion?

Here is what would be much more secure. What if, every time someone turned the key in the lock at Eulcon, the lock wouldn’t open yet. First, someone at Good-Lock would phone the person at Eulcon to whom the key is registered, in order to verify that they are the person who turned the key. The lock would only open for an authorized person. Potential intruders stay locked out.

This is why it is so important that all organizations set up two step login everywhere possible. Two factor auth dot org provides a list of services that support two step login. Additionally, VPNs, Windows, and other services support two step login. Configure two step login, or pay the consequences. And don’t blame Good-Lock. And don’t be like Eulcon spelled backwards.

Please forward this cyber-security info to everyone you care about.

The post Why is it not Google’s fault? appeared first on Foster Institute.

Visit two factor auth dot org (no spaces) for a list of services that already permit you to choose two step login. Each site will walk you through the process.

Google calls their service 2 step verification. Google that phrase to find instructions on Google’s site.

Forward this to everyone who you care about so that they can be more cyber-secure too.

The post Gmail Passwords Stolen, Possibly Millions of Them appeared first on Foster Institute.

Dropbox says that they did not suffer a password breach. Instead, some users (I hope not you) actually use the same password for their Dropbox accounts as they do on other web sites. When hackers steal passwords for those sites, they’ll try the same password at Dropbox to see if that is the password there too. This underscores how important it is to use a different password at every website you visit.

Take these 3 steps right away:

First, read the short and plain English recommendations for using password managers, guidance about ways to protect yourself if the password manager is breached: What to Do About Your Passwords

Second, follow the instructions at Dropbox: Enable Two-step Verification

Third, send this to all of your friends and please post your comments below….

The post Did You Cause Your Own Dropbox Breach? appeared first on Foster Institute.