Posts Tagged ‘password’
Thursday, May 23rd, 2013
 Two-Factor Authentication (supposedly patented by Kim DotCom)– using a password plus “something else” to gain access to your account and to prevent lost, stolen, or guessed passwords from impacting you — is finally becoming fashionable.
First, it was a cool idea, then some places such as LuxSci started supporting it, but it was rarely used due to people not wanting to bother with an extra step to login to their accounts. Now, with Twitter adding 2-factor authentication to help stem the tide of account compromises, security is now fashionable.
This turn about is really fantastic as it brings security consciousness much more into the mainstream — so much so that popular Radio hosts are talking on the air about how to secure accounts. This can only be good for the adoption of better security practices overall and a decrease in compromises due to laziness … and in cases like HIPAA, laziness can be a terrible thing.
In this post, we’ll go over how to secure your LuxSci account against intrusion using Two Factor authentication and other methods.
Read the rest of this post »
Tags: 2-factor, authentication, DuoSecurity, firewall, ftp, imap, mobile, password, pop, security, sms, smtp, ssl, tls, twitter, two-factor
Posted in LuxSci Library: Security and Privacy
No comments »
Saturday, April 20th, 2013
Since its inception in 1999, LuxSci Support has manually handled all password reset requests that were not handled by the account administrators.
Why? Security reasons, of course. We are aware of:
- Poor Security Questions: very often users have poorly chosen answers to security questions,
- Hackers: that people often try to use password reset systems to gain unauthorized access to users’ accounts
- Lack of Information: users often do not have enough solid information in their profiles to reliably verify their identities
By manually processing these requests, we can effectively block password resets in the face of poor identity verification information and subjectively identify “fishy” requests.
However, we have come to determine that this manual process, while it provides the best security, is not actually in the best interests of our customers because:
- Time: Manual identity verification takes time and delays in password resets can be detrimental to our customer’s ability to get work done.
- Better Questions: We have improved our user security questions in the last few years so that the questions and answers are generally of much better quality than they used to be.
- Mobile Phones: Most people have mobile phones capable of receiving text messages now and these can be used for identity verification.
- Simulating our Manual Process: We find that we can provide an automated self-service password reset process that simulates our manual review and verification process to a very large degree without a significant loss in security.
Tags: identity, password, password reset, verification
Posted in New Feature Announcements
No comments »
Saturday, October 13th, 2012
 Can I block this one IP that is scanning our accounts? Can I restrict my account so that people can only access it from our office network, or require that they authenticate to WebMail first (using two-factor authentication)?
LuxSci is constantly asked for fine-grained access controls by customers who are in shared environments (sharing the same servers with many other accounts). However, blocking access from IP addresses globally at the request of one customer may potentially affect other customers using the same system.
That is, until now. LuxSci customers can now configure their own custom firewalls to allow and deny access as they see fit without affecting other customers sharing the same server(s).
Read the rest of this post »
Tags: access control, alerts, firewall, insecure, login, password, password guessing, secure, security
Posted in LuxSci Library: Security and Privacy, New Feature Announcements
No comments »
Wednesday, July 18th, 2012
 Large companies seem to be losing user passwords to hackers at an ever increasing rate. Just recently:
- Formspring lost 420,000 passwords
- LinkedIn lost 6.5 million member passwords … and these were not even well protected.
- eHarmoney lost 1.5 million passwords
- Yahoo! lost 400,000 passwords … all in plain text!
The list goes on and on – it’s likely that you or someone you know was affected by one or more of these issues. So, what can you do to protect yourself?
Read the rest of this post »
Tags: linkedin, password, security, ssl, tls, two-factor, yahoo!
Posted in Business Solutions
No comments »
Tuesday, October 25th, 2011
 LuxSci has released a set of user password security features that complement many of its existing password security options so that, as a whole, they meet the needs of any kind of password security requirement.
This post reviews many of the existing password security options and highlights the new ones.
Read the rest of this post »
Tags: lost password, password, password reuse, password strength, security
Posted in LuxSci Library: Security and Privacy, New Feature Announcements
No comments »
Thursday, May 5th, 2011
 Many companies, LuxSci included, recommend or require that users have one or more “Security Questions” and corresponding answers associated with their accounts. These questions are commonly used to:
- Verify a user’s identity if the user has forgotten his/her password, or
- Provide a second factor for logging into the service above and beyond the username and password
Because these questions are used to provide access to the service and identity verification, it is very important that questions and answers be well chosen.
Read the rest of this post »
Tags: identity, password, secret question, security question, social engineering
Posted in LuxSci Library: Security and Privacy
1 Comment »
Tuesday, May 3rd, 2011
 Passwords are the keys to a person’s identity. However, it is more and more often the case that we hear of passwords and their corresponding usernames falling into malicious hands … causing financial loss, time loss, emotional distress, and worse.
In this day and age, you pretty much have to use the Internet and deal with passwords and security issues. You can take many steps to protect yourself from password theft and to minimize the damage caused if a password were to fall into the wrong hands.
Common Ways Passwords are Compromised
In order to protect your passwords, we need to have a good idea of what we are protecting them against. The most common ways that people’s passwords are discovered by others include:
Read the rest of this post »
Tags: compromise, hash, insecure connections, password, two-factor authentication, wifi hotspot
Posted in Business Solutions, LuxSci Library: Security and Privacy
No comments »
Friday, June 25th, 2010
 LuxSci now provides account administrators with the option of having user passwords “expire” once they become “too old”. Many organizations have internal policies requiring that users change their password periodically, such as every 90 days, every year, etc. This new feature allows enforcement of such policies for users of LuxSci accounts.
Read the rest of this post »
Tags: expiration, password, password age, policy
Posted in New Feature Announcements
No comments »
Saturday, April 17th, 2010
 It is a fact of life that passwords are the keys to our online kingdoms … and that keeping these passwords safe is critical to preventing identity theft, ensuring corporate security, keeping private things private, and much more.
However, the number of distinct places that we log into seems to constantly grow. We have to use secure passwords for all of them and should not use the same password for any two of them. Oh ya, we should also change our passwords frequently!
Its dizzying and makes your head spin. Few can remember the plethora of changing passwords and, in desperation, either use the same poor password for everything or use written cheat sheets listing all of the user names and passwords for easy reference (and easy peeking by others should they get a hold of it).
Read the rest of this post »
Tags: password, secure, strong, webaides
Posted in Business Solutions
No comments »
Tuesday, July 28th, 2009
 Account administrators can now flag users who should be required to change their passwords on their next secure login to the web-based user interface. This allows for enhanced account security.
Account administrators can flag a user for password change by checking a check box to this effect in the administrative user configuration area of the LuxSci web site.
Accounts using LuxSci’s API can also flag users for password change at any time, including at the time of user creation. This feature makes it easy for account administrators to create new users and have them be required to change their initial passwords as soon as they login.
Tags: api, password
Posted in New Feature Announcements
No comments »
|
 |
|
LuxSci now provides account administrators with the option of having user passwords “expire” once they become “too old”. Many organizations have internal policies requiring that users change their password periodically, such as every 90 days, every year, etc. This new feature allows enforcement of such policies for users of LuxSci accounts. 
