Why you NEED a password manager

internet screen security protection
Photo by Pixabay on Pexels.com

In this day and age, password managers have become integral. It’s not a matter of if you need a password manager, you simply DO.

If you are storing your passwords in an Excel spreadsheet, or Outlook contact notes, you are taking unnecessary risks with your sensitive data.

Excel encryption is easy to defeat, and Outlook contact notes get synced to every device that accesses the account. What happens to those notes when that device is lost or stolen? It’s easy to access contact notes once a device is compromised. What if the email account gets hacked? The attacker now has all your contact notes as well. In addition, users are everyday granting contact permissions on their devices to apps that may or may not be ‘above the board’.

An even worse practice is using the same password, or variations of the same password across multiple sites. This is possibly the most dangerous security practice you can have. A study¹ by Virginia Tech University found that:

52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services.

Credential Stuffing is a term used to describe an attack in which hackers compromise one site, or obtain usernames and passwords from the black-market (known as the dark web) and then try those passwords on other sites like your email or bank, to see if you are using the same password. They employ computer algorithms to test slight variations on those passwords as well. Many people do, and credential stuffing is the cause of a lot of data breaches today.

A password manager is a must. Why? Because they allow you to use strong, complex, unique passwords for every site without struggling to remember multiple passwords. In fact, you only have to remember the master password for the password manager. They also allow for tiered access and multiple user accounts, so that your employees can get access to passwords that you allow, and not others. Their database is encrypted on every device with strong encryption, so that even if the device is lost or stolen, attackers wouldn’t be able to get the information.

At MoseSys we recommend RoboForm

Another popular alternative is LastPass

Both of these companies offer desktop apps, web browser extensions, and mobile apps. They also store your password database in the cloud. For those of you who may be concerned about a third party storing and possibly having access to your sensitive information, a good litmus test is whether or not they can recover your password if you forget it. Both RoboForm and Lastpass cannot. Your password database is encrypted using your master password as a key. This means you are in real trouble if you forget your master password. However, it also means that the companies themselves cannot access your sensitive data.

Ask a MoseSys associate today for more information and assistance in setting up a password manager.




Apple Releases Multiple Security Updates

Apple has released multiple security updates to various products which address vulnerabilities found.  All those using iPhones, iPads and Macs are going to want to make sure to apply these new updates.

National Cyber Awareness System:


Apple Releases Multiple Security Updates

02/07/2019 02:12 PM EST


Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@us-cert.gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.