Passwords that lead to data breaches

People are still using very simple passwords, with many of them similar to the ones they used in 2019

Easy Password concept. My password 123456 written on a paper.

Choosing and using the right type of password is one of the biggest challenges for technology users. Creating and managing a strong and unique password for each account is impossible without some type of help. And using the same weak passwords across the board exposes you to greater risk of your accounts being compromised.

Passwords that lead to data breaches

Among the 200 most commonly used passwords this year, “123456” took first place, used by more than 2.5 million people and exposed more than 23 million times in data breaches, according to NordPass’s research. In second place was “123456789,” used by more than 961,000 people and exposed more than 7.8 million times in breaches.

Taking third place was “picture1,” a password new to the list of the 200 most common ones, and a bit more secure than the usual suspects. In the fourth spot was “password,” followed by “12345678” in fifth place. Rounding out the top 10 were “111111,” “123123,” “12345,” “1234567890,” and finally, “senha,” which is Portuguese for “password.”

Among the 10 most common passwords, eight of them would take a hacker less than a second to crack. “Senha” would take 10 seconds to crack. Only “picture1” would put up more of a fight, taking three hours before being cracked.

“Most of these passwords can be hacked in less than a second,””Also, they have already been exposed in previous data breaches. For example, the most popular password ‘123456’ has been breached 23,597,311 times.”

200-most-common-passwords-2020-nordpass.jpg

Despite the risks, people continually use passwords that are easy to remember or the same from one account to another. More specifically, many people turn to familiar categories or topics to devise a password.

Other people create passwords based on such categories as entertainment (“pokemon,” “superman,” “batman”), sports (“football,” “soccer,” “baseball”), food (“chocolate,” “cookie,” “pepper”), and devices (“myspace1,” “computer,” “samsung”). Still others turn to positive words, names, and even swear words.

“Your weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts,” . “If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content. Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you.”

Tips for managing passwords

  • Create a strong password. Never reuse passwords across multiple accounts. Create a unique one for each account and make them long. Don’t settle for anything shorter than 12 characters, even more if you can. Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. Also, make sure to change your passwords at least every 90 days. To create a complex, robust password, take advantage of a Password Generator.
  • Avoid a weak password. Avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For instance, “password,” “qwerty,” and “123456” are terrible passwords as they are too easy to crack. Also, refrain from repetitive characters, such as “aaaa” or “123abc.” Under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.
  • Try password salting. Add random characters to your password before you use it.
  • Delete the accounts you no longer use and regularly check the ones you do for suspicious activity.
  • Use two-factor authentication when possible.
  • Use a password manager. Memorizing a number of random, complex passwords and having to manually type them every time is no picnic. Thankfully, you can make your life easier with a password manager. Such tools can generate unique, strong passwords, securely store them in an encrypted vault, and use the autofill feature to log in to your online accounts on the go.

Password Managers and how they work for you

Intelligent programs that generate secure passwords and store data in a secure digital vault are used in many private homes and companies. The software has an intelligent and secure algorithm and can generate new passwords at the touch of a button. Users can set various options themselves or use the default settings. You can decide on the length of the passwords, upper and lower-case letters, numbers, and special characters. With one click of the mouse, the password manager creates an extremely secure password that cannot even be cracked by an experienced hacker.

The program stores the passwords and other registration data in a secure database, an SSL-encrypted vault. The password manager can securely store online registration data, passwords, payment details, and other personal information. Users can access their stored data from any device with the cloud functionality and automatic synchronization; however, only after users enter their unique master password.

The automatic form filler saves a lot of time.

On the one hand, every program creates secure passwords, while on the other hand managing all the data. Which other features are available differs among the password managers. Many developers continuously improve their software and add new, useful features. The automatic form filling function is both particularly handy and time-saving. Such forms can be found on almost all websites. With every online order, names, addresses, and many other fields must be filled in: a laborious, manual process. The password manager completely takes this off users’ hands, saving them a lot of time. All important registration information and passwords are stored in the secured database. In combination with a browser extension, the password manager can automatically fill in these data on all websites.

Set-up and use

  1. Installation of the password manager
  2. Setting up the browser extensions
  3. Setting up the user account
  4. Generating a secure master password (must not be forgotten)
  5. Importing all data from the browsers
  6. Optional installation of a mobile app
  7. Additional security by means of two-factor authentication (if available)
  8. Local data backup or in the cloud

Why no one should do without a password manager

A password manager is inexpensive and the small investment already bears fruits after a short period of time. Purchasers benefit from secure passwords and no longer have to remember them themselves. To access the encrypted database, they always have to enter their master password to then access the stored data from numerous devices. Surfing the Internet becomes significantly more comfortable and secure when forms are filled in automatically.

Do you need a recommendation for your system please give us a call and we will talk through your system and set-up and recommend the best solution for you

 

Windows 7 End of Life

Windows 7

It’s been a long run, but it’s coming time for Microsoft to end extended support for the Windows 7 operating system. Microsoft first released Windows 7 to the public over 10 years ago, and it was an instant hit with long-time Windows users.

Given the disaster that was Windows Vista, Windows 7 built on the strong underlying foundation of Vista. However, it added a lot of polish and robust device support which enticed customers that had been spoiled by the long-in-the-tooth Windows XP operating system.

Windows 7 Support Ends In January

Microsoft has set a January 14th, 2020 termination date for Windows 7 extended support. Microsoft issued the following warning earlier this year:

January 14th, 2020 is the last day Microsoft will offer security updates and technical support for computers running Windows 7. We know that change can be difficult, that’s why we’re reaching out early to help you back up your files and prepare for what’s next.

Simply put, Microsoft will no longer offer OS or security updates after January 14th — so you’ll be on your own. You’ll no longer receive patches to fix any major security exploits that may crop up with the operating system, which could be a major hindrance down the road. The one exception to this lack of support is that the Windows 7 version of the Microsoft Security Essentials (MSE) suite will still provide signature updates for the foreseeable future.

Paid Windows 7 Extended Security Updates Continue For Enterprise Customers

For enterprise customers that aren’t ready to give up on Windows 7, there’s an option to keep the update the train running — a paid option, that is. Microsoft is offering what it calls Windows 7 Extended Security Updates (ESUs), at a cost of $25 to $200 per workstation — per year. It’s an expensive way to keep updates flowing for legacy systems for corporations that are reluctant to upgrading to Windows 10, but even that support will hit a brick wall in 2023. At that point, Windows 7 will be 14 years old, and it would be pretty foolish to be using the operating system for mission critical operations.

windows 10

Nag Screens Await For Windows 7 Users That Haven’t Yet Upgraded To Windows 10

If you’re a Windows 7 user, you’ve probably already seen the nag screens warning you that support is ending and that you need to upgrade to Windows 10. These pop-ups first started earlier this year, and presented themselves as a relatively small window that could be closed out easily.

windows 7 nag

However, Microsoft will shift to full-screen nag screens that are more annoying and designed to get your immediate attention starting on January 15th, 2020 (the day after support ends). The company says that the purpose of the full-screen pop-up is to explain “the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020” and that it “will remain on the screen until you interact with it.” The interstitial screens will be displayed on Windows 7 Starter, Windows 7 Home Basic, Windows 7 Home Premium, Windows 7 Professional, and Windows 7 Ultimate.

Final Thoughts On Windows 7

The bottom line here is that Windows 7 is an old and tired operating system that will increasingly become a security liability as time goes on and given that the hardware requirements for the operating system aren’t overly taxing (at least compared to the hardware that Windows 7 runs on), there’s really no reason to be so stubborn with upgrading.

Windows 7 was a great operating system in its day, but it’s time to pass the torch and let Windows 10 take over the reins. After all, it’s been on the market for four years already, has had plenty of time to mature, and will be supported by Microsoft for years to come.


Top ten tips for maximizing your IT and computer network investment

Maximise the benefits – Invest in technology which will bring the most benefits to your business. Be clear on what you wish to achieve from using computer systems and seek advice on solutions which match your needs and your budget.

Keep your systems secure – Ensure you have up-to-date anti-virus and spyware software installed. Ensure you have firewall protection for your network to prevent access by internet intruders.

Emails – be on your guard – There have been many well–documented cases of email-borne viruses. Be very careful about opening emails or attachments from senders you do not recognise. Even if you recognise the sender, be careful if there is an unusual subject line.

Ensure your network is robust – If you have a network, ensure that the server is up to the job. Investment in a quality server will pay dividends in the long term.

Keep back-ups – Ensure you have a system in place for taking regular data back-ups. The loss of data in the event of a system failure could have serious repercussions for your business.

Computer support – Ensure you have appropriate maintenance cover for vital computer hardware and software. Even where warranties can be invoked there can be expensive downtime and loss of business continuity while awaiting replacement kit.

Avoid PC corruption – Do not allow PC’s to be overloaded with non business critical items such as games, music, pictures or software downloaded from the internet. As more such items are installed the greater the chances of the computer becoming unstable and failing, resulting in expensive downtime and disruption.

Training – If you are investing in new technology or systems, make sure that the staff using it are adequately trained so that output is maximised and downtime avoided.

Keep an open mind – Don’t rely on IT systems that you have always used as the best solution for your long-term business needs. The IT industry is dynamic and a variety of technologies are increasingly available which could be of benefit without breaking the bank. Where available ask for a demonstration.

Keep it simple – Seek IT advice that is jargon-free and places emphasis on the benefits to your business or organisation. Ensure that you have the right computing tools for the job which maximise efficiency and minimise problems.

 


Customer care phone calls

Customers are receiving an automated phone call today stating it was from BT and my broadband will be terminated today, I contacted BT and they conformed to me that it was a scam phone call and asked me to register by sending a email to phishing@bt.com. Everyone please be aware of this scam phone call.

These calls could come from any provider.

If you have a call, hang up the phone and then call your provider to check that this is a scam

SPAM Callers

Stop Spam calls to your android mobile install Truecaller from the Play Store. It very good and you can add your own Spam callers

Ransomware

Friday’s unprecedented ransomware attack may have stopped spreading to new machines — at least briefly — thanks to a “kill switch” that a security researcher has activated.

The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.

The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.

However, the ransomware also contains a kill switch that may have backfired on its developers, according to security researchers.

Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.

A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.

MalwareTech’s original intention was to track the ransomware’s spread through the domain it was contacting. “It came to light that a side effect of us registering the domain stopped the spread of the infection,” he said in an email.

Security firm Malwarebytes and Cisco’s Talos security group reported the same findings and said new ransomware infections appear to have slowed since the kill switch was activated.

However, Malwarebytes researcher Jerome Segura said it’s too early to tell whether the kill switch will stop the Wana Decryptor attack for good. He warned that other versions of the same ransomware strain may be out there that have fixed the kill-switch problem or are configured to contact another web domain.

Unfortunately, computers already infected with Wana Decryptor will remain infected, he said.

Friday’s ransomware attack first spread through a massive email phishing campaign. At least some of those emails appeared to be messages from a bank about a money transfer, according to Cisco’s Talos group.

Victims who opened the attachment in the email were served with the ransomware, which takes over the computer, security researchers said.

The Wana Decryptor itself is no different from other typical ransomware strains. Once it infects the PC, it’ll encrypt all the files on the machine, and then demand the victim pay a ransom to free them.

But unlike other ransomware, Wana Decryptor has been built to spread quickly. It does so by incorporating a hacking tool that security researchers suspect came from the NSA and was leaked online last month.

The hacking tool, dubbed EternalBlue, can make it easy to hijack unpatched older Windows machines. Once Wana Decryptor has infected the first machine, it’ll attempt to spread to other machines on the same local network. Then it will scan the internet for vulnerable machines.

“It creates a snowball-like effect,” Segura said. “A few machines will be infected, then it’ll try to contact more.”

Security firm Avast said it had detected more than 75,000 attacks in 99 countries, with Russia, Ukraine and Taiwan among the hardest-hit countries. The U.K.’s National Health Service was one of the biggest organizations hit by the ransomware.

The ransomware was designed to work in numerous languages, including English, Chinese and Spanish, with ransom notes in each.

Segura advised victims not to pay the ransom because it encourages the hackers. Instead, he says they should wait for next few days as security researchers study the ransomware’s coding and try to come up with free ways to solve the infection.

On Friday, Microsoft said users will be protected from the ransomware if they’re running the company’s free antivirus software or have installed the latest patches.