About Over 50 Articles Library

RETURN TO LIBRARY INDEX

Content: Services - Computer

Computer Security No 45: Password Managers Discussion

Corporate - Private Computer Security

Password Managers Discussion

 

About Over 50 Password Managers discussion

Why should you consider a Password Manager:

- hackers often use brute force attacks to guess commonly used passwords; they also use rainbow tables (which have lists of encrypted passwords).

- a Password Manager is a software package you install on your computer that will help you generate long complex passwords, but requiring you to only know remember one master password.

It helps you create, store in encrypted format and organise all your passwords for websites that you use as well as computers and applications that require authentication.

What to look for:

- two-factor authentication. Some examples of two factor authentication are:

- biometric: iris/finger print/photo recognition;

- SMS-based - ie you receive an SMS with a number which you need to input in addition to the password or when changing passwords;

- The Google authenticator app.

- Many online services (eg Facebook, Google and Microsoft) already offer two-factor authentication as an option. Turn on two factor authentication whenever you can;

- cross-platform application

- zero-knowledge (method for one party to prove to another party it knows the value of a password, without revealing anything else).

- The product should detect password-change events and offer to update the existing

- Should have a password generator

- some websites offer to store your personal details like address, name, email, credit card details - you are putting your personal data at RISK. Just let the Password Manager do it for you.

- managing passwords for applications not just websites could be a convenient feature.

Caveat:

- don't just rely on the Password Manager

- Never use the same passwords for two different websites/systems

Best ones:

1. For Windows:Keeper, Dashlane, LastPass v 4.0 Premium, Password Safe, LockCrypt, 1Password

2. For Mac OS X:LogMeOnce, KeePass, Apple iCloud Keychain

3. For Linux: SpyderOak Encryptr (recommended by Edward Snowden), EnPass, RoboForm

4. For Android:1Password, mSecure

5. For iOS: OneSafe,SplashID, LoginBox Pro

6. Best Online: Google Online Password Mgr, Clipperz Online Password Mgr, Passpack Online

7. Best enterprise: special tools used: Vaultier, CommonKey, PassWord, Meldium and Zoho

Comparison between Password Managers (PCMAG):

http://au.pcmag.com

Top 3: LastPass 4.0 Premium, Dashlane 4, Sticky Password Premium

Proposed Bill in US would allow cyber victims to fight back

About Over 50 Password Managers discussion

Hacking back the attackers is illegal in many countries, including US. However, in some cases, the security firms hack the infrastructure of threat groups to uncover high-profile malware campaigns.

A new bill has been proposed by Representative Tom Graves of Georgia. It is named Active Cyber Defence Certainty (ACDC). The Bill is intended to amend section 1030 of the Computer Fraud and Abuse Act:

www.law.cornell.edu

There are many arguments against the introduction of the Bill. To read more: www.techdirt.com/articles

Critical security controls for effective cyber defense

About Over 50 Password Managers discussionu

The Centre for Internet Security in the US has issued the list of critical controls, which has proven an effective framework. They cover:

1. Inventory of authorised and unauthorised devices

2. Inventory of authorised and unauthorised devices software

3. Secure configuration for Hardware & Software on mobile devices, laptops, workstations and servers

4. Continuous vulnerability assessment and remediation

5. Controlled use of administrative privileges

6. Maintenance, monitoring and analysis of audit logs

7. Email and web browser protections

8. Malware defences

9. Limitation and control of network ports, protocols and services

10. Data recovery capability

11. Secure configurations for network devices such as firewalls, routers and switches

12. Boundary defense

13. Data protection

14. Controlled acess based on the Need-to-Know

15. Wireless access control

16. Account monitoring and control

17. Security skills assessment and appropriate training to fill gaps

18. Application software security

19. Incident response and management

20. Penetration tests and Red team exercises

How can you achieve the implementation of such a framework?

To discuss further please contact us at www.advisoryboardsgroup.com.au

Cyber Security & Privacy suite for Directors and Executives

About Over 50 Password Managers discussion

On 13 Feb 2017, legislation passed through the Australian Parliament which will establish a Mandatory Data Breach Notification scheme. This gives Australian companies one year to get ready and ensure that a cyber strategy, processes and tactical plans are in place.

Recent lawsuits against directors worldwide, claiming negligence, lack of due diligence and/or duty of care (Worldwide Corporation, Target US, etc) highlight the need for directors to take immediate action.

The fact that 60% of organisations go out of business within 6 months of an attack and that the average cost for a breach is $4m illustrate the significance of this threat.

Are you prepared to discuss cyber at Board level? Are you aware of your obligations and defence as a director or officer of the company? Have you taken the necessary steps to mitigate the consequences of a cyber attack?

ABG offers the Cyber suite of course modules:

- Cyber threats and defences Module - Tactical plans

- Directors and Officers Module - Strategy

- Risk Management Workshop for Cyber

- Cyber Crisis simulation

Send your enquiries to admin@advisoryboardsgroup.com

Jokes

Memories of jokes

About Over 50 Password Managers discussion

About Over 50 Password Managers discussion

About Over 50 Password Managers discussion

Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au

RETURN TO LIBRARY INDEX

 

© About Over 50s 2017             website by aml websites online