|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
No Crappy Passwords — Secure passwords, no password book
FREEWARE SPOTLIGHT
By Deanna McElveen
You have a password book. You know the one. That ruffled little book with the cover falling off and marked-out passwords dating back to the Clinton administration.
What would happen right now if that book got destroyed or stolen, perhaps along with the computer that remembers all those passwords?
Read the full story in our Plus Newsletter (19.42.0, 2022-10-17).
-
Microsoft says forget your passwords!
ON SECURITY
By Susan Bradley
In a major push, Microsoft is advocating moving away from passwords and instead using different authentication methods.
The headline: “The passwordless future is here for your Microsoft account.” Is it?
Here’s what Microsoft has to say in its security blog about a move away from passwords.
Read the full story in the AskWoody Plus Newsletter 18.37.0 (2021-09-27).
-
Should you give Microsoft all of your passwords?
PUBLIC DEFENDER
By Brian Livingston
A new feature of Microsoft’s Edge browser is causing our readers to ask, “Is this MS initiative going to place our account info at risk?” Should Web users allow their browsers to store usernames and passwords for sites they must sign in to?
You’re not going to like the answer, but it’s: Yes and No.
Read the full story in the AskWoody Plus Newsletter 18.18.0 (2021-05-17).
-
Is the cloud unsafe?
ON SECURITY
By Susan Bradley
Using the cloud isn’t always a bad thing.
During this year of the pandemic, we’ve pivoted from doing many things in person to many things online. In my industry, one of the key changes is moving from in-person meetings to online meetings via services such as Zoom, Google Meet, and Microsoft Teams. Another is doing more and more financial transactions online, including accounting for them.
Read the full story in the AskWoody Plus Newsletter 18.17.0 (2021-05-10).
-
New PC? Lost your Microsoft account password?
ISSUE 18.15 • 2021-04-26 MICROSOFT
By Ben Myers
If your dog ate your Microsoft account credentials, Microsoft will welcome you to the tenth circle of hell.
You probably don’t want to hear this, because you’ve been nagged this way before; but make sure you have a safe record of your user credentials for every online account you maintain. Just do it.
Read the full story in the AskWoody Plus Newsletter 18.15.0 (2021-04-26).
This story also appears in the AskWoody Free Newsletter 18.15.F (2021-04-26). -
Easiest way to make it easy for attackers
We are really bad at picking passwords. Truly we are. I’ve also seen that many folks use the same passwords in many web sites. So attackers only have to get a data dump from one hacked database and then they can try to reuse these passwords in other places.
Do yourself a big favor: Over the holiday season see if you can 1. pick better passwords (passphrases) and 2. see if the site allows you to add two factor authentication.
-
Changing my mind about Facebook
SECURITY
Amy Babinchak
Undoubtedly, you’ve seen the invitation to sign in to a website with your Facebook account. And you ask yourself: “How can that be safe?”
Using one account sign-in for everything goes against a basic tenet of password security. And you’re trusting Facebook to keep your credentials secure — and not share them. (Sharing is core to Facebook.) And yet you watch as all your friends get hacked and cloned while using conventional sign-ins.
Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).
-
Microsoft: Forced password changes don’t work
Yesterday, Sergiu Gatlan at BleepingComputer wrote about Microsoft’s newfound antipathy to forced frequent password changes.
You know the problem: Every 30 or 60 or 90 days, you’re forced to change your password – and the new one can’t match the last 12 of them. Your solution is probably the same as mine:
Pass1
Pass2
Pass3
Pass4and so on. With the way technology has changed (I hesitate to use the term “improved”), frequently changed short passwords don’t hold a candle to LongPasswordsThatYouCanEasilyRemember. Even old LongPasswordsThatYouCanEasilyRemember work better than Shorter1, Shorter2, Shorter3. Forcing you to change them every 30 days only pushes you toward less secure passwords.
Of course, you use a password manager such as LastPass or OnePass or KeePass. In that case, changing your password every 30 days is just a pain in the neck. No security improvement at all.
The topic has come up because Microsoft just released its newly revised “Security baseline” for Win10 version 1903. It’s still marked Draft, but should be solidified before too long. Here’s what MS says:
When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.
Bravo and huzzah!
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Add serial device in Windows 11
by 2 hours, 19 minutes ago
-
Windows 11 users reportedly losing data due forced BitLocker encryption
by 3 hours, 18 minutes ago
-
Cached credentials is not a new bug
by 6 hours, 52 minutes ago
-
Win11 24H4 Slow!
by 7 hours, 3 minutes ago
-
Microsoft hiking XBox prices starting today due to Trump’s tariffs
by 4 hours, 14 minutes ago
-
Asus adds “movement sensor” to their Graphics cards
by 9 hours, 13 minutes ago
-
‘Minority Report’ coming to NYC
by 5 hours, 23 minutes ago
-
Apple notifies new victims of spyware attacks across the world
by 17 hours, 55 minutes ago
-
Tracking content block list GONE in Firefox 138
by 17 hours, 20 minutes ago
-
How do I migrate Password Managers
by 1 hour, 9 minutes ago
-
Orb : how fast is my Internet connection
by 2 hours, 58 minutes ago
-
Solid color background slows Windows 7 login
by 1 day, 5 hours ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 1 day, 4 hours ago
-
Security fixes for Firefox
by 4 hours, 33 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 1 day, 16 hours ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 2 days, 1 hour ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 1 day, 16 hours ago
-
Return of the brain dead FF sidebar
by 1 day, 3 hours ago
-
Windows Settings Managed by your Organization
by 6 hours, 37 minutes ago
-
Securing Laptop for Trustee Administrattor
by 3 hours, 2 minutes ago
-
The local account tax
by 1 day, 4 hours ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 2 days, 14 hours ago
-
Digital TV Antenna Recommendation
by 2 days, 6 hours ago
-
Server 2019 Domain Controllers broken by updates
by 3 days, 2 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 3 days, 3 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 3 days, 7 hours ago
-
Outlook (NEW) Getting really Pushy
by 2 days, 9 hours ago
-
Steps to take before updating to 24H2
by 7 hours, 29 minutes ago
-
Which Web browser is the most secure for 2025?
by 2 days, 14 hours ago
-
Replacing Skype
by 2 days, 2 hours ago
Remembering Woody
