" password Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘password’

Login security & passwords – yesterday, today and tomorrow

Wednesday, December 20th, 2017

The act of “logging in” – that is, gaining access to some private area in a shared space – has been with us since the early 60s with the introduction of time-sharing computers, albeit confined in those days to very limited professional circles. However, with the use of the public internet as a communication and social medium and the growth of the web as a platform for commerce in the past twenty years, remembering login names and passwords for access to all our online resources is as commonplace as remembering the birthdays of our loved ones. While we might remember at most ten birthdays (with the rest written down in calendars and diaries), the average person has accumulated, based on an anonymized survey of its enterprise accounts by the popular password manager vendor LastPass, about 191 online accounts!

78% of people use the same logins for different accounts.

Lest this seem like an absurdly large number, consider all the professional accounts as well as numerous personal ones accumulated over one’s online lifetime, many of which are quickly set up for some online purchase or commenting at an informational web site and then forgotten or rarely visited. These days it seems that even the slightest online activity requires creating an account and signing in. Thus, it is not surprising that most people reuse the same login credentials (user name and password) across multiple sites. Security experts have long warned against this obvious vulnerability, but who can blame the average user for choosing an easy path to manage this increasing burden of remembering multiple passwords. (Some recent statistics suggests that only 22% of online users in the US use different credentials for each online account.)

Read the rest of this post »

Application Specific Passwords / Login Aliases at LuxSci

Thursday, December 14th, 2017

LuxSci now supports the creation of “application-specific passwords” for individual user accounts.

What are these?  The are essentially “login aliases.”

Increase your security through application-specific passwords
Users can create distinct username/password combinations for use with different applications, devices, or for shared account access.  These login aliases can have limited privileges; for example, granting access only to email or only to web site file storage.  Use of application specific passwords can greatly enhance user security.  In this article, we will discuss application-specific passwords, what their benefits are, and how to use them effectively.

Read the rest of this post »

Don’t Make Me Change My Passwords!

Friday, October 27th, 2017

2017 NIST changes affect the need to require period periodic password changes…yay!

Read the rest of this post »

Think you know how to protect yourself from phishing? Think again.

Wednesday, March 22nd, 2017

This year kicked off with a sophisticated phishing scam that fooled users and cybersecurity experts alike. Users were giving away their passwords to scammers through a seemingly legit Gmail login page. The scam had all the markers of a legitimate email, including the appearance that it was sent from a known sender.

There are many articles out there about the warning signs of phishing scams. We know the rules: Don’t click on URLs you don’t know, beware of emails that sound urgent or feel pressuring, etc. The reality is that many of these tips aimed to protect against phishing attacks would not have worked in the case of the Gmail attack.

Phishing

Gmail’s spam filters already capture many emails that display common signs of scamming (formal language, unknown senders, etc.). However, phishing scammers and hackers, in general, are becoming more sophisticated in their techniques. A greater understanding of security will help you keep up with hackers in 2017. Here we’ll dive into the details of what made the Gmail scam so unique and address some sophisticated phishing scam avoidance tips you can start trying out today.

Read the rest of this post »

12 Email Security Tips to Protect You in 2015

Tuesday, December 30th, 2014

2014 has been a year of public security awakening … high profile breaches, extensive and terrible vulnerabilities in pervasively used software, and a fear and awareness of eavesdropping by governments and covert organizations.

2015 is poised to continue the trend.  Security has transformed from being something you take care of by buying a product and forgetting about it, to an escalating war with security professionals constantly parrying against increasingly sophisticated attacks.  More and more the burden is being placed on individuals and small businesses to have an awareness of the security landscape, to understand the risks of online activities, and to use common sense and evolving tools to protect themselves.

As 2014 winds to a close, here are 12 things that you can be doing to proactively protect your email accounts and identity in 2015:  

Read the rest of this post »

10 Steps to make your email more secure

Monday, August 11th, 2014

Your email is the doorway into your life.  For most people, it interfaces with almost everything that you do.  Even the passwords to the myriad of web sites that you use for everything from meet ups to banking can often be reset via access to your email.  The integrity, privacy, and security of email is high on the minds of everyone these days, even folks who historically had little or no insight into how anything works, technically, and didn’t really want to know.  Everyone is wary.

There is good reason for this as data breaches and password theft is happening every day, is in pop culture (last comic standing), in the news left and right … such as the purported case of 1.2 billion passwords being stolen recently.

What steps can you take to bolster the security of your email?

Read the rest of this post »

Simplicity is: logging in without a username or password

Monday, July 28th, 2014

“I really like what I can do in the web interface, but having to enter my username and password to login each time is extra work.”

We’ve seen the above comment many times.  Identity verification, as everyone who has not been lost on a desert island for 10 years knows, is really, really important these days.  But like many aspects of security, it can be rather annoying.

On the bright side, there are a number of ways to get around this step and make the login process simpler without necessarily making your account less secure.  Here is how we have helped many customers simplify their Internet life.

Read the rest of this post »

LuxSci Tips and Tricks to Dazzle your Coworkers and Friends

Wednesday, August 14th, 2013

Or Cool Things We Like, this is the blog post we have written for the winning suggestion in our blog contest.

There are many cool and interesting features of LuxSci that can help you improve workflow, get things done, and accomplish tasks not easily done elsewhere.  Some of these are not well known.  Below, we present a brief overview of some of these tricks and features we at LuxSci most like and use.  We hope some of them make your life easier, too!

Read the rest of this post »

Securing WordPress. Protect your Site or Blog from Escalating Attacks!

Thursday, July 11th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is used by about 15% of the top 1 million web sites on the web and manages about 22% of all web sites as of August 2011.  It has only been growing since then.  Indeed, a large fraction of our hosting clients use WordPress, as does LuxSci for many different applications (e.g. blog, server status, video blog, etc.).

Unfortunately, WordPress has a history of being attacked, having significant security vulnerabilities, and being a source of security pain for web site administrators.

Things have gotten markedly worse recently:

  1. Bot Net Attack:  Wordpress sites all across the Internet are being attacked by a botnet that is attempting to guess administrative and user credentials by brute force.  This is compromising sites and causing significant load on web hosting servers.  This attack is “light” now, but expected to get only worse says CloudFlare, a cloud security firm. Indeed, LuxSci.com sees these attacks constantly on all WordPress sites that we host. We have measures in place to auto-block IP addresses that appear to be attacking WordPress sites; however, as the attack is coming from more than 90,000 different, unrelated IP addresses, they are hard to block outside of WordPress itself (see below for how to block them). These attacks are going after “wp-login.php”, the user name “admin” and trying the most common 1000 or so passwords.  Besides that, the sheer burden of the massive, if simple, attack is straining web hosting servers across providers.
  2. Vulnerabilities: Most problems with compromised WordPress sites arise due to vulnerabilities in the WordPress software or installed plugins.  Vulnerabilities are continuously found and corrected and new versions of the software released.  However, the vast majority of WordPress sites do not update their software, or seldom update. Attackers troll the Internet looking for outdated WordPress installs and then attack them with known vulnerabilities to gain control over these sites.  With more and more WordPress sites out there, there are more and more sites that are not keeping abreast with security updates.  They are ripe for the picking.
In this article, we discuss the best practices for securing your WordPress site.  Wordpress is a great tool if used properly.

Read the rest of this post »

Revised Password Strength Criteria and Requirements

Tuesday, June 18th, 2013

LuxSci allows customers to choose a minimum level of password strength for their users, that is applied when users are created and when they change their passwords.  We have made several improvements to this process to help users choose more secure passwords:

  1. Symbols: Good passwords used to require the inclusion of both letters and numbers.  This has been relaxed and made more secure by now allowing the use of “numbers or symbols”.  E.g. passwords with symbols (like “$” or “%”) and/or spaces can be used even if there are no numbers involved.  This is actually more secure.
  2. More Characters: Customers can set the minimum number of characters in their user passwords.  Previously the largest minimum you could choose was 8 characters. Now, customers can choose to require passwords to contain at least 10, 12, or 16 characters.
  3. Hard to Guess: In addition to password length, LuxSci uses a measure to determine if the password is “hard to guess”.  We have updated this determination so that it uses a new method that is much better at determining what computers can and cannot easily break.

Read the rest of this post »