Newsletter Archives

• Encryption isn’t wise

  Posted on February 21, 2025 at 08:00 CST by Susan Bradley • Comment in the Forums
  

  View of password protected file

  Before you think I’m about to say encryption in all cases isn’t wise, no, I’m not going to say that. But I will say there are times that encryption is a very bad idea if you’ve made no plans for someone else to know or how to handle getting back into a “thing” that is encrypted.

  I can’t tell you how many times I’ve been asked how to remove an encryption password from an Excel file that someone used to store their passwords. The person may be ill or passed away, and their loved ones will be scrambling to get into various accounts. While there is software that can easily get into a QuickBooks file by removing the password and requiring you to reset it, for Excel it’s a slow, brute-force process to figure out what the password is. The best you can hope for is that there will be a favorite phrase on a sticky note somewhere. Otherwise, you may (probably will) be stuck trying to get into the accounts and recover access.

  I am a fan of encryption when used responsibly. But when someone uses encryption and doesn’t plan on recovery, it can lead to a world of hurt. None of us will live forever. My dad is 96 and working on that, but he still makes sure I know how to get into his accounts or makes me an additional user on them.

  It’s okay to write passwords down, hopefully in a safe place. It’s not okay to protect them so well that your loved ones can’t access them when they need to.

  Security Passwords, Patch Lady Posts, Security

• You clicked on that phish?

  Posted on November 11, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It happens. You fell for it. You clicked on something you shouldn’t have. You followed a link. You entered your password on a site that wasn’t legitimate.

  In these instances, you didn’t suffer an intrusion to your computer. Instead, your login credentials were impacted. What should you do?

  First, don’t panic. In the case of many attacks these days, your operating system is still intact — not impacted in any way. The once standard reaction “I got hacked, so I’ll restore my computer from a clean backup or reinstall from scratch” probably isn’t necessary. In fact, it may be irrelevant to your response.

  Read the full story in our Plus Newsletter (21.46.0, 2024-11-11).

  On Security Adversary-in-the-middle, CISA, Credentials, Exchange, Microsoft Compliance Portal, Microsoft Purview portal, Multifactor Authentication, Newsletters, Passwords, Patch Lady Posts, phishing, Security, Trusted Devices, Two-factor authentication

• Must your password manager be multiuser or just single-user?

  Posted on March 18, 2024 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  So many websites these days require usernames and passwords of varying lengths and strengths that installing a secure password manager to keep track of them all is almost a necessity.

  But there are big differences between versions of password managers that are designed for a single user (for example, you) and versions that can securely inform multiple users about all the credentials your home or business has created.

  Today’s column is the final piece of my four-part analysis of password managers.

  Read the full story in our Plus Newsletter (21.12.0, 2024-03-18).

  Public Defender Bitwarden, Dashlane, Newsletters, Passkeys, Password managers, Passwords

• Store your passwords locally or in the cloud?

  Posted on March 4, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  Do you create a different username-password combination for every website where you register? This can prevent a data breach at one site from revealing to a hacker how you sign in at other sites. But it almost demands that you install a password-manager app to remember every combo.

  All password managers, however, do not keep your secrets equally secure.

  Read the full story in our Plus Newsletter (21.10.0, 2024-03-04).

  Public Defender Bitwarden, Cloud storage, Dashlane, Database Breaches, Newsletters, Passkeys, Password managers, Passwords

• Can you use a free password manager, or must you pay?

  Posted on February 19, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We all face security threats on the Internet. A common recommendation by tech pundits is this: at each website where you register, enter a different username-password combination.

  Remembering all those combos — especially if you make up random strings, such as 6!p#o&a0%9b — almost forces you to install software called a password manager. But do you really have to?

  Read the full story in our Plus Newsletter (21.08.0, 2024-02-19).

  Public Defender Bitwarden, Dashlane, Newsletters, Passkeys, Password managers, Passwords

• Do you need a password manager?

  Posted on February 5, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  It seems we all have to deal with different usernames and passwords for every website we visit and every device we own. The situation is rapidly changing, as I’ll explain below. But at the moment, the need for you to remember or juggle all these credentials can strain your brain.

  One approach that many pundits recommend is to invest your time and money in a password manager. The best of these apps can store for you hundreds of passwords, make up ridiculously strong password strings that are impossible to guess, alert you if one of your passwords was exposed in an Internet security breach, and more.

  My column today is the first in a four-part series. In this multipart analysis, I’ll explain the pros and cons of the highest-rated password managers and, most importantly, whether you need one at all.

  Read the full story in our Plus Newsletter (21.06.0, 2024-02-05).

  Public Defender Newsletters, Passkeys, Password managers, Passwords

• Keeping gadgets talking and secure

  Posted on November 27, 2023 at 02:43 CST by Susan Bradley • Comment in the Forums

  PRIVACY

  

  By Susan Bradley

  I admit to being a lover of gadgets, from streaming audio devices to IoT sprinkler systems to dog-minding cameras.

  I use all sorts of gadgets in my house. But when I do, I understand two things. First, I must choose the device carefully, read the entire end-user license agreement, and determine whether I will accept the risks.

  Read the full story in our Plus Newsletter (20.48.0, 2023-11-27).

  Privacy EULA, Gadgets, Internet of Things, Networking, Newsletters, Passwords, Patch Lady Posts, Privacy

• Microsoft adopts passkeys in Windows 11 — death to passwords!

  Posted on November 20, 2023 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  When Microsoft enhanced Windows 11 in a September 2023 update to support “passkeys” — a more secure form of authentication — it signaled the beginning of the end for insecure and hard-to-remember passwords.

  To create a passkey, you simply use whatever method unlocks your devices: a character-based PIN, your face, a fingerprint, or what have you. You then visit any website or other remote service that’s passkey-compatible. The server exchanges with your device an “authentication token.” This uniquely identifies you and the device you are using to sign in.

  The token is a private/public key pair. Your PIN, photo, or fingerprint is never sent across the network, where it could be intercepted by man-in-the-middle attacks.

  Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).

  Public Defender FIDO, FIDO2, Newsletters, Passkeys, Passwords, PINs, W3C, Windows Hello
• « Older Entries