Every year at this point, I have to fill out my company’s cyber insurance application – and every year they ask if we encourage strong passwords and change them regularly. This question annoys me a lot, because we really shouldn’t be changing our passwords that often. Instead, we should choose authentication procedures appropriate to the site’s risks; use password must be Final what you want to rely on.
First, think about the information and data a website is holding about you. The sites we want to offer the most protections often have the weakest points. When you can, always add two-factor authentication to your site’s access. (Not all multi-factor authentication is created equal, but some are better than none. If it encourages attackers to go elsewhere, it’s done its job. .
Banks and financial institutions are often slow to implement authentication software, so you have to find a username, password, and then a two-factor authentication tool – usually a text sent to the phone your intelligence. While a smartphone’s SIM chip can be cloned (so attackers can spoof your phone and intercept messages), the vast majority of us are better off with this process. Relying solely on usernames and passwords to access your bank puts your account at risk.
To be fair, not all passwords are created equal. If you’ve reused your password on another website or for another bank account, you’re more at risk. Attackers often steal or purchase a cache of hacked passwords or “hash” passwords and then try to reuse them to access other websites. If you’ve ever received a password reset message – and you didn’t try to log into your account – it could be an attacker trying to perform a password stuffing attack on the website. So don’t reuse the same password anywhere.
For years, online users were asked to change their usernames to see if a website would sell your information elsewhere. Now, I see the same kind of suggestions for choosing a password or passphrase. this is a very funny online videos plays an important role in the process people use to choose a password. You start by choosing a password – and then use it everywhere. Then, when a site says a page isn’t good enough, add another letter. Then you need a special character (like an exclamation point). The truth is: our brain can only hold so much information, that’s why we tend to reuse the same password or a variation of it on many websites.
Microsoft often recommends use PIN code via password. It argues that PINs are device-specific, so if an attacker steals your PIN, they must also steal the device. There is a problem with this argument. I have several devices that require a PIN and I must admit that I use the same PIN on all of them because I cannot remember which PIN is better than the password. According to Microsoft, the advantage of PINs is that “when a PIN is generated, it establishes a trusted relationship with the identity provider and generates an asymmetric key pair that is used for authentication.” The PIN is backed up by the Trusted Platform Module (TPM) chip on the computer. (If you’re wondering why your Windows 10 machine asks you to use a PIN instead of a password, it’s because the operating system has registered that you have the necessary hardware to support this process.) you can. the PIN can be deleted. Press Windows key and I key to open settings. Select the account and then click continue. In the left panel, click on the sign-in option. On the right panel, select “Delete” in the PIN section.
Efforts to improve online security are widespread. Intuit recently started asking for passwords online, even to log in desktop version of QuickBooks, its bookkeeping and accounting software. People whose QuickBooks files include sensitive information such as payroll or credit card must also log in with an online account first. For years, desktop users only needed a username. Even so, many users feel this change seems burdensome, especially when combined with the task change password every 90 days. (Again, the opinion is that changing a better password is preferable to a better password or using a Google authenticator app to access your Intuit account.
Even if you’re a small business, you can add two-factor authentication to your own computer access for added security. Example: Duo.com, offers Free DUO for deployment with less than 10 users. It provides a two-factor prompt to a smartphone or even an Apple Watch. I use it in my office for remote access which ensures that when anyone connects from outside the office, they have to answer the prompt on their phone to gain access. Its ease of use means that I can ensure that remote access is secure and that I can avoid changing passwords too much.
If you are a network insurance provider or agency, listen up! Stop asking me to change my password. Instead, ask me what my favorite multi-element app is. It’s the fastest way to improve security for most users.
Copyright © 2022 IDG Communications, Inc.
https://www.computerworld.com/article/3652695/change-my-password-again.html#tk.rss_all Change my password? AGAIN? | Computerworld