Newsletter Archives

• Hackers are using two-factor authentication to infect you

  Posted on April 14, 2025 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We’ve all seen those are-you-human tests that websites use to screen out data-scraping bots — e.g., click all the cars, enter the code we texted you, etc. — but, unfortunately, malicious hackers are now exploiting our trust in these common dialog boxes to trick us into installing malware on our PCs.

  It’s natural for us to simply click through whatever process a particular website may use for two-factor authentication (2FA). But hackers are taking advantage of that sense of familiarity to bypass our usual security measures and infect our machines.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Public Defender Are You Human, ClickFix, Multifactor Authentication, Newsletters, Passkeys, Social Engineering, Two-factor authentication

• Passkeys in Turbo Tax?

  Posted on February 20, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  I hit this last night logging into QuickBooks online, but you may also see it when logging into TurboTax on a system that supports passkeys.

  A passkey is a modern authentication method designed to replace traditional passwords, offering enhanced security and user convenience for accessing online accounts and applications. Unlike passwords, which are user-generated and vulnerable to various attacks, passkeys are automatically generated using public-key cryptography. It’s tied to that PC. So even though I set up a passkey for this computer, it doesn’t mean that I am mandated to use a passkey on all computers. If I logged into a PC that didn’t support passkey technology, it would require my two-factor authentication to log in. Intuit may have supported this before, but this was the first time it popped up — encouraging me to use it.

  The main thing is that passkeys are phishing resistant.

  Are they immune to attacks?  Nothing is immune. Given enough time, energy, computing power, and especially adversary-in-the-middle attacks, the latter being when the attacker manipulates login in forms to expose alternative, weaker logins or device compromises in which the private key could be exposed. But it does mean that the attacker will be encouraged to go down the street and attack your neighbor. Ultimately, that’s our goal — to make it just a little bit harder so that the attacker will find the weak link elsewhere.

  Security Multifactor Authentication, Passkeys, Patch Lady Posts

• Protecting your identification

  Posted on February 3, 2025 at 02:41 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  There is some sort of unique code in every country and jurisdiction, usually a number, that identifies you to the government — especially for tax purposes.

  In the United States, it’s our Social Security number (SSN). But no matter where you live, protecting that ID is critically important. I’ll discuss that here in the context of the US, but the same caution applies similarly everywhere.

  Read the full story in our Plus Newsletter (22.05.0, 2025-02-03).

  On Security Backup, Federal Trade Commission, Government IDs, Multifactor Authentication, Newsletters, Patch Lady Posts, Social Security Number, SSN

• You clicked on that phish?

  Posted on November 11, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It happens. You fell for it. You clicked on something you shouldn’t have. You followed a link. You entered your password on a site that wasn’t legitimate.

  In these instances, you didn’t suffer an intrusion to your computer. Instead, your login credentials were impacted. What should you do?

  First, don’t panic. In the case of many attacks these days, your operating system is still intact — not impacted in any way. The once standard reaction “I got hacked, so I’ll restore my computer from a clean backup or reinstall from scratch” probably isn’t necessary. In fact, it may be irrelevant to your response.

  Read the full story in our Plus Newsletter (21.46.0, 2024-11-11).

  On Security Adversary-in-the-middle, CISA, Credentials, Exchange, Microsoft Compliance Portal, Microsoft Purview portal, Multifactor Authentication, Newsletters, Passwords, Patch Lady Posts, phishing, Security, Trusted Devices, Two-factor authentication

• How my Internet outage caused security problems

  Posted on September 23, 2024 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  I live in a city with electricity, high-speed Internet, and all the other customary modern conveniences.

  In that same city dwell squirrels, birds (including beautiful hummingbirds), possums, kit foxes, bees, and too many others to mention. Although they’re lovely to have around, they are not necessarily the best of neighbors. Interaction with them doesn’t always work out, and sometimes that affects my technology — and even my security.

  Read the full story in our Plus Newsletter (21.39.0, 2024-09-23).

  On Security Insects, Internet, Internet connectivity, ISPs, Multifactor Authentication, Newsletters, Patch Lady Posts, Performance, Security, Squirrels, Wiring, Xfinity

• Dealing with regulated security

  Posted on August 26, 2024 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Being in charge of the technology and security at my office means providing the best security that does not interfere with our people’s ability to do their jobs effectively.

  Sometimes that can be difficult because of the regulations that control my line of work, most of which come from taxing authorities. I’ll be US-centric in my comments here, knowing little about regulations in other countries. But I’ll bet most are similar. So hopefully, my suggestions will help you choose better security while accommodating the realities of your business, the systems you use, and the online resources you require.

  Read the full story in our Plus Newsletter (21.35.0, 2024-08-26).

  On Security Authenticator Apps, Cisco Duo, ID.me, IRS, Login.gov, Multifactor Authentication, Newsletters, Patch Lady Posts, SSA, Two-factor authentication

• Setting up MFA properly

  Posted on May 20, 2024 at 02:45 CDT by Peter Deegan • Comment in the Forums

  

  ISSUE 21.21 • 2024-05-20

  MICROSOFT 365

  

  By Peter Deegan

  Is that multifactor authentication setup complete and truly ready to handle any situation?

  Two-factor (2FA) or multifactor (MFA) authentication is just the start of securing your important accounts.

  All too often, I hear from people who’ve set up extra login verification and can’t get it working. It might have been configured in such a way that access is allowed when your phone is lost or stolen, SMS (text messaging) isn’t working correctly, or the authentication app is broken.

  Read the full story in our Plus Newsletter (21.21.0, 2024-05-20).
  This story also appears in our public Newsletter.

  Microsoft 365 Authentication Apps, Authy, Legacy Contact, Multifactor Authentication, Newsletters, Recovery Codes, Recovery Passwords, Two-factor authentication

• Phones and MFA

  Posted on April 22, 2024 at 02:44 CDT by Susan Bradley • Comment in the Forums

  HARDWARE

  

  By Susan Bradley

  How do you plan for getting rid of your old phone?

  Eventually, you will get a new phone. Perhaps you dropped your iPhone 9 into the bathtub. Perhaps your iPhone 7’s battery gives you a mere seven minutes of talk time. Perhaps you were seduced by the iPhone 19. Or, worse, perhaps your phone was lost or stolen.

  Eventually, you will get a new phone.

  Read the full story in our Plus Newsletter (21.17.0, 2024-04-22).

  Hardware Migration, Multifactor Authentication, Newsletters, Patch Lady Posts, Phones, Smartphones
• « Older Entries