IT Support and Hardware for Clinics
32.7K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

How to build a strong business worthy password 

How to build a strong business worthy password  | IT Support and Hardware for Clinics | Scoop.it

DO’s

- Use a passphrase instead of a password

o Using a sentence or phrase instead of just one word can be much easier for you and harder for others to guess e.g. allgoodcowsliketoeatgreengrass or if you want it shorter you can substitute it for, agcltegg

- Use abbreviations or purposely misspelled words

o Love to laugh > Luv2Laf

- Replace some letters with symbols or numbers eg. $ for S, 3 for E

o BEST BOSS > B3STB0$$

- Use punctuation! , -

- If you really have a bad memory maybe use:

o A list of password reminders instead of using the password itself e.g. your favorite place may help you remember tr0p1CALPAR1dice

o Passphrases as they can be much easier to remember rather than an acronym of some sort

o LastPass, KeePass, RoboForm, and password keep all passwords accessible and secure with one password

- a hard time figuring out a password? maybe the best option for you is:

o to use a random password generator! The generator will collect letters, numbers, and symbols for a completely randomized password, the catch with this one though is you may have to write this down somewhere for safe keeping as you may find it hard to remember. There are many free services online you can just search ‘password generator’

 

 

DON’Ts

- Consecutive numbers or letters e.g. abcde, qwerty, 1234,

- Including personal information such as a name or birth date

- Reuse the exact same password for everything

o Even the slightest change within the same password can count as a different password

- Use repeating characters e.g. aaaaa, ttt222, 666

- Make all the characters numbers, uppercase or lowercase letters

- Tell others what your password is

- Keep your password the same forever

- Use words found in the dictionary 

o These words can be much easier to guess and spell

 

Date posted: 2018-03-23 | posted by: ozdoc

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Five Best Password Managers

Five Best Password Managers | IT Support and Hardware for Clinics | Scoop.it

A while ago, all it took to be a great password manager was to keep your passwords in an encrypted vault. Now the best password managers give you the option to sync or keep them local only, change web passwords with a click, log in to sites for you, and more. This week, we're looking at five of the best options.

Earlier in the week, we asked you to tell us which password managers you thought were the best. Like we mentioned, the best come with the flexibility to go single-device with no web or online components at all, or the option to sync across your devices. Some log in to sites for you, others audit your passwords to make sure you're not using the same in too many places. All of them come with features designed to improve your security across the board, while offering their own kind of security to protect your data—yes, even if you have everything stored in one place.



It's been a long time since we've looked at some of the best password managers available, … Read more


You offered tons of great nominations, but we only have room for the top five—and we definitely had some leaders. Here they are, in no particular order.

LastPass

LastPass is clearly the juggernaut here, and for good reason. The service was one of the first well-rounded password managers available, and one of the first that really made it easy to store all of your passwords either online and synced with other computers and devices, or locally on one device. In short, LastPass remembers your passwords so you don't have to, and makes it easy to audit your passwords, use stronger passwords in general, and even automatically change a password for you if a service has been hacked or compromised. LastPass supports two-factor authentication for your password vault using Google Authenticator, USB devices (using a method we've outlined before), or a YubiKey, The service picked up a much-needed update a year or so ago to streamline the UI and make it easier to use, and sports a number of additional features like credit monitoring, secure password and document storage (and sharing), notifications when a site you have an account with has been hacked, tools to autofill forms and streamline online shopping, and more. LastPass supports Windows, OS X, Linux, Android, iOS, Windows Phone, and Blackberry, and has plugins for Chrome, Firefox, Safari, Opera, and Internet Explorer. It's free to download and use, but if you want its best features and the mobile apps, you'll need to upgrade to LastPass Premium, at $12/yr.


How to Audit and Update Your Passwords After a Service Gets Hacked

When something like a password database compromise happens, it's a good time to reassess your… Read more


LastPass' nomination thread was huge, with many of you showing your support for the app because it's made securing your online life easier in some shape or form. Many of you explained that you use LastPass so you don't use the same password on every site (which you absolutely shouldn't do), or so you don't have to write down passwords and risk losing them in a disaster, misplacing them, or accidentally letting someone else get a hold of them. Many of you praised LastPass' own security for keeping your data safe, and for—that one time they thought they may have been hacked—promptly locking everyone's data down, making sure they were in the clear, and encouraging users to take additional steps to protect themselves. If you want to learn more about LastPass, they stopped by to tell us the story behind the app not too long ago, and you can read their nomination thread here.


Dashlane

Dashlane launched in beta back in 2012, and has risen to prominence since largely because of its attention to its interface (which is sharp and easy to use), simple security, easy auto-login, form auto-fill, and logging of purchases and orders from online shops. It's picked up a number of updates since then, including support for two-factor authentication, the ability to share passwords with emergency contacts in case you can't access your accounts, and most recently, the ability to change multiple passwords on dozens of websites with a few clicks. Dashlane will also notify you if you have an account on a site that's hacked, and with its built-in password changer, you can have Dashlane reset the password to a new, unique, strong one without leaving the interface. If you want to change all your passwords at once, you can do that too. The purchase tracking and digital wallet features make it easy to make online purchases even at retailers you don't have accounts with, and search all of your online orders in one place, while secure note and document sharing gives you a place to store passwords that can't be automatically filled in. Dashlane also gives you the option to store your passwords locally only in an encrypted vault (where only you have the master key), or to sync them to your devices and access them on the web. Dashlane supports Windows, OS X, Android, and iOS, and has plugins for Chrome, Firefox, Safari, and Internet Explorer. It's free to download and use, but if you want your passwords synced across devices, you'll need Dashlane Premium, at $40/yr.



Windows/Mac: There are plenty of services that promise to keep your passwords safe, secure, and…


Dashlane's nomination thread was also pretty popular, with many of you praising the tool for making password management simple and easy to do—almost an inviting task that you'll actually want to do, which is an accomplishment on its own. Making people actually want to take control of their security because the interface is easy enough to use is a big deal, and Dashlane's UI shows you right up front what your overall security "score" is, and gives you easy tips to improve it right then and there. Those of you who use it praised it for its seamless syncing, digital wallet, auto-fill across all of your devices, and its new multi-site password changer. It's not perfect though—a number of you noted that it's great...as long as you were grandfathered into its free plan (when syncing was still free), and noted that $40/yr was steep considering the competition is generally less and on-par feature-wise. You can read more in its nomination thread here.

KeePass

If free (as in speech and as in beer) and open source are your go-to requirements for a security product, KeePass is perfect for you. Your passwords in KeePass are stored inside an encrypted database that you control, on your own system, and are never synced or uploaded anywhere unless you want to take them from machine to machine. KeePass is also a portable app, meaning it's super easy to take with you and use on multiple computers, even if that machine is locked down and all you have is a thumb drive. It has its own password generator, to help you change passwords and make sure every one of them is unique and strong. Passwords database in KeePass can also be configured with multiple keys so you can share access among privileged users, and exported in plain text for quick importing elsewhere (or backups). Plus, KeePass has tons of third-party plugins and tools to extend its functionality and bring it to more devices, browsers, and platforms. Most notably, KeePass' auto-type functionality works in all windows and all browsers, which means that KeePass can log in to sites that other password managers can't, and can log in to applications, system dialogs, and other password prompts that you'd otherwise have to copy/paste a password into.

Several years ago, KeePass was your favorite password manager, largely because of that open-source approach and its user-controlled approach to security. KeePass officially supports Windows, OS X, and Linux, and there are unofficial (it is open source, after all!) ports with different features available for Windows, OS X, Linux, iOS, Android, and Windows Phone, including KeePass X, which earned its own nomination thread. This time around, those of you who nominated KeePass praised it for its offline access, strong encryption, and ability to log in to any password dialog that appears on your system, whether it's on the web or a network login somewhere. Many of you shared your KeePass configurations, with some of you using Dropbox to sync your encrypted vaults across devices, and others preferring to use KeePass for everything while using other tools for day-to-day logins. One of you specifically mentioned that it's great to be able to use the tool cross-platform, completely free, and keep a backup of your data on your own—all while being in complete control of your data and security. You can read more in its nomination thread here.



1Password

1Password is well loved and well-regarded for offering a powerful and secure password manager and digital wallet in a really sharp-looking package that shines on every platform it runs on. It's flexible, easy to use, works seamlessly in just about every web browser, and packs in the same features that you've come to expect from a premium password manager and secure document storage tool. 1Password looks great, comes with a strong password generator to help you pick good passwords every time you change one, secure notes for other passwords or notes that you want to keep private, a digital wallet for bank accounts and payment info, and a password "recipe" builder that lets you customize your passwords to your demands instead of just accepting whatever algorithm the password generator spits out at you. Perhaps best of all, 1Password can be used locally only, without syncing any information to the web, or you can use it across all of your devices by syncing your encrypted vault via Dropbox, iCloud, Wi-Fi, or shared network folders—it's completely up to you. You can also set up emergency contacts and share passwords with authorized users. You can even keep multiple vaults for different types of passwords. 1Password supports Windows, OS X, Android, and iOS, with plugins for Chrome, Firefox, Opera, and Safari. One of 1Password's stand-out features is that you get a premium product for a one-time fee—you can download and try it out for free, or buy a single license for $50 (or buy a Mac and Windows license bundle for $70.) Mobile apps and extensions are free, but require a license to use.



Mac: 1Password, one of your favorite password managers, just got a huge update on OS X with a brand … Read more


Those of you who nominated 1Password almost universally praised the app's interface and ease of use. Like some of the other password managers mentioned here, it's a joy to use, and it works seamlessly with multiple browsers, systems, windows, and other password dialogs. Most of you called out the "watchtower" feature, which notifies you of breaches around the web, and its support for TouchID on iOS. Many of you approved of the combination of local encryption and the option to sync when you want to, without talking to a central authority, while simultaneously looking great and being a well-developed product. Some of you dinged it because your password database isn't editable on mobile devices, and the starter price—although it's a one time cost—set some of you back, but the overwhelming opinion is that 1Password is a premium application from a dedicated team of developers, and worth the price tag. If you're curious, you can read the story of 1Password here, or check out its nomination thread here.



RoboForm

RoboFform has been around a long time (since 1999), and has always had a large number of dedicated, die-hard users who've rallied around it, both as a great tool for form-autofill on the web, and as a password manager. Roboform also gives you the option to keep your passwords and data encrypted and local, or sync to the web and across devices if you choose to, but the choice is completely up to you. It supports multiple identities, so you can autofill form information based on different users, addresses, or any other mix-and-match of data you choose. You can also take RoboForm with you on a USB drive from computer to computer. The app's most recent major update was a few years ago, but it gave it a great-looking interface, brought it to more browsers, and delivered both online and offline password management options. RoboForm also has bookmarking features to help you keep track of your favorite sites. RoboForm supports Windows, OS X, Linux, Android, iOS, and Windows Phone (with older versions available for platforms like the Blackberry and SymbianOS), with plugins available for Chrome, Firefox, Safari, Internet Explorer, and Opera. It's free to download and use—for the first 10 logins. If you need more (and who wouldn't), or need to sync or access passwords on multiple devices, you'll need RoboForm Everywhere, which will set you back $20/yr for all of your devices and computers (and you get a break, it's onlt $10 for the first year.)


Windows/Mac: RoboForm, a fairly popular all-in-one password manager, has updated to a version 7… Read more

Those of you who nominated Roboform did so because of its long history of good security, utility, and because many of you felt the app was underappreciated and underrated, even though it offered all of the features that many other tools do. You praised it for its legacy device support (especially those of you who have used it since its earlier days), its password generator, secure note storage, and more.

more...
No comment yet.
Scoop.it!

The next version of Windows could make passwords obsolete

The next version of Windows could make passwords obsolete | IT Support and Hardware for Clinics | Scoop.it

Passwords are terrible.

They're hard for people to remember and relatively easy for computerized programs to guess — which is why a lot of companies make you change them every 90 days and use a bunch of characters and symbols and capital letters and numbers, which makes them even harder to remember.

Because they're so hard to remember, people often write them down on pieces of paper or send them to themselves via email, making them even less secure.

But if Microsoft has its way, the days of entering a password to log into your computer, applications, or favorite web sites may soon come to an end.

Windows 10 will include a feature called Windows Hello, and Microsoft says it "introduces system-level support for biometric authentication." In plain English, that means that you'll be able to log into Windows using your fingerprint or by having the computer take a picture of your face or iris.

Obviously, Microsoft isn't the first and only company trying to rid the world of passwords. Apple's iPhones have had the Touch ID fingerprint scanner since the iPhone 6. And PC makers like Lenovo have tinkered with face recognition instead of passwords for years too.

So, not surprisingly, to work with Windows 10, the PC will have to be equipped with a fingerprint scanner or special infrared sensors, both of which are pretty rare today. But assuming the hardware is there, Windows 10 will do the difficult software work. It can be used not only to log on to your PC, but can also identify you to applications and web sites — assuming that the creators of those apps and sites want to support Windows Hello.

Microsoft is also introducing a technology for businesses code-named Passport, which would allow employees to log on to company networks using a biometric sensor or a PIN (like you use on your phone). No password is ever stored on the PC or server, making it harder for hackers to get into networks.

Biometrics aren't new for Microsoft either — Windows has supported them for years, and many companies already use things like fingerprint readers. The barrier has always been the ubiquity of the hardware more than the software. But with Windows 10, Microsoft is taking another shot at making them even easier. Given the high-profile hacks of the last couple years, the time may finally be ripe for mass adoption.


more...
No comment yet.
Scoop.it!

Three Tips For Password Security That Actually Work - HITECH AnswersHITECH Answers

Three Tips For Password Security That Actually Work - HITECH AnswersHITECH Answers | IT Support and Hardware for Clinics | Scoop.it

Someone once told me that developing a usable and secure password management system isn’t rocket science…it’s much more difficult than that. Naturally, I disagree as I have witnessed numerous implementations of password management solutions that were a major success in a very short period of time. Plus, “success” of these implementations can be measured financially, through improved operations and through improved security.

An organizational password management implementation involves a number of key elements consisting of a blend of technology and internal business processes including:

  • the use and misuse of multiple passwords
  • composing hard-to-guess passwords
  • changing and reusing passwords
  • the art and science of keeping passwords secret
  • intruder detection and lockout
  • encrypting passwords in storage and transit
  • synchronizing passwords and the latest in single sign-on
  • user authentication for self-service capabilities
  • IT support for forgotten and locked out passwords.

However, introducing password management best practices is not a daunting task, and I am certain almost every organization has the main concepts already defined (although possibly not matured). Here are three tips to help in your management.

Tip #1: Multiple Passwords Can Be Inhumane

The problem with passwords in a large enterprise is that people generally require so many different accounts and corresponding passwords to access the expansive list of both cloud and on-premise systems and applications, that sometimes it feels humanly impossible to remember them all. And just about the time you feel you have them all memorized, they then need to be changed. So what is the natural reaction of a worker who needs to efficiently accomplish all their tasks across a number of different systems? They start to develop a host of insecure behaviors around password management including:

    • writing passwords down and supporting 3M PostIt Notes sales
    • using passwords that are simple and easily compromised
    • contacting the Help Desk constantly when they forget their password (contributing to 30 percent of All Help Desk calls)
    • reusing old passwords as often as possible

These behaviors creep into the workplace because workers want to avoid downtime and the hassles that go along with it.  The solution to the entire password management problem incorporates three critical components: an easy self-service password reset capability to ensure people can reset their own passwords, a synchronization solution that changes passwords across all of a user’s systems and a single sign-on solution to limit the number of sign-ons required.

Tip #2: Compose Passwords That Are Difficult To Crack

All it takes to understand the glaring issue of password strength is to see the 25 worst passwords and their current ranking based on use (thanks to Splashdata who measures them):

1. 123456 (up 1 and taking the top spot from “password” for the first time
2. password (down 1)
3. 12345678 (unchanged)
4. qwerty (up 1)
5. abc123 (down 1)
6. 123456789 (new)
7. 111111 (up 2)
8. 1234567 (up 5)
9. iloveyou (up 2)
10. adobe123 (new)
11. 123123 (up 5)
12. Admin (new…you know who you are…)
13. 1234567890 (new)
14. letmein (down 7)
15. photoshop (new)
16. 1234 (new)
17. monkey (down 11)
18. shadow (unchanged)
19. sunshine (unchanged)
20. 12345 (new)
21. password1 (up 4)
22. princess (new)
23. azerty (new)
24. trustno1(down 12)
25. 000000 (new)

But hey, at least “password” is no longer #1!  The solution to this overly simple problem:  prevent your users from being able to use simple, easy-to-guess passwords!  Controls around password strength have been around for a long time, and most software and operating systems provide a way to prevent weak passwords from being used if configured correctly.  Unfortunately, some organizational legacy system baggage prevents setting stringent controls holistically at the target system, so software solutions have been created to help enforce password policies and prevent poor password decisions at the time the password is set and then synchronized across systems.

Tip #3: Change every password but the kitchen sync.

Password synchronization can solve so many issues around password management, so I am amazed when organizations choose a password management solution that only changes the core Active Directory or LDAP password without being able to sync to all the other systems a worker uses on a regular basis. Syncing passwords ensures users only need to remember one core password when logging into corporate systems, and this ultimately helps prevent the problem of workers writing down their passwords. It also helps solve the password expiration problem since the passwords will all be changed at the same time.

The latest solutions can map usernames across systems and still sync passwords successfully. For instance, my AD account may be RYANW, but my AIX Unix password is WARDR. The password management solution keeps track of those mappings and automatically knows to change my password for both AD\RYANW and AIX\WARDR. Synchronization can now also work with cloud-based applications such as Salesforce.com, Google or Office365, so security is strengthened by regularly changing cloud-based applications that in the past were typically left unchanged or had longer expiration windows.

Hopefully, you will find these tips easy to implement. In my experience both in-house and as a member of an IT Consulting firm, these simple additions, if you are not already employing them, will go a long way in keeping your passwords secure and your chances of a breach considerably lower.



more...
No comment yet.