Five Tips to avoid Phishing in your Corporate Mail

Do you Remember How Safe your Password Was?

“Password must have at least one Uppercase alphanumeric character and one Number”; “password must be at least 6 characters to be safe”

… Dealing daily with the big role of remembering the entire collection of passwords is a very complex task for being able to grant access to multiple services that are managed on the web. It is more than likely that the user does not remember all the credentials.

In the end it easy for us to see by clicking the link “recover password” after several failed attempts to access the requested service. However, using the same password for all services is no longer an option: it is not only a very unsafe practice but, in addition, each site has its own requirements when setting the password. Let no one think that the choice and management of passwords is a trivial issue: at stake is the integrity of our most sensitive information and even our economy.

Now, is there any way to manage your passwords in a comfortable way, but above all safe? Although there is no perfect system, we can start following these safe tips:

 

1. – Activate Two-step Verification

According to experts, today it is the most secure system to keep safe access to our accounts. With this system activated, will not be enough to correctly enter the password to access a private area of the website or email, but we must also enter a code that will arrive by SMS (or applications such as Google Authenticator), so that the system ensures that, indeed, the account owner is seeking access to it. Increasingly services available to the user this second layer of security, already present in the cloud services of Google, Microsoft, Apple and as popular as Dropbox or Evernote products.

2. – Avoid Repeating Passwords

Can it be disheartening, but use the same password for all our accounts is at least reckless. And it makes sense: if a hacker gets crack a password, surely will try to use other services that will agree. Humans love the customs and the simplicity and comfort in this, the attacker will find in them an edge by which mercilessly attack. Ideally, use a specific password for each user or account, but how do we achieve? The answer, in the next tip.

3. – Use a Password Manager

Although trust blindly in our ability to remember multiple passwords (it is estimated that an average user spends no less than 19 passwords), the fact is that the human brain is more limited than we think, and the end is easy for us see repeatedly pressing the link “recover password” after several failed attempts to access a service. Fortunately, password managers not only let us ways to memorize all accesses, but also, more importantly, to generate codes that are very difficult to hack. Services like LastPass or 1Password, among others, not only save us the hassle of having to remember different entrances, but also suggest passwords that much more difficult access to our foreign friends.

4. – Use Mnemonics

If we applied the foregoing, there is still something very important to do: shield the access password manager. And the justification is clear: the hacker to get access to password manager, will have free rein to all our accounts. How do I get it? Sophos suggests an instructional video on how to use longer passwords possible and combining upper, lower and even exclamation marks or punctuation.

And let no despair, because using mnemonics that we can keep in our memory this master key (for example, using the second character of each word in a sentence that is special to us).

5. – Rely on Biometrics

Experts seem to agree that the passwords in the future, have counted the days, and that access to accounts and profiles will be done through biometrics, or whatever it is, our physical patterns used to unlock access. Apple has somehow universalized the use of the fingerprint with TouchID system, but other giants like Microsoft, beyond taking advantage of the iris or face to uniquely identify the user in Windows Hello. The great advantage of biometric systems is that they are, in practice, impossible to hack, but the downside is that has not yet been universalized use in the bulk of the devices.

Anyway, both passwords must match as the user profile editor includes a JavaScript-powered password strength indicator. However, there is nothing currently built into WordPress core to prevent users from entering weak passwords. Users changing their password to something weak is one of the most vulnerable aspects of an installation.

With Force Strong Passwords activated, strong passwords are enforced for users withpublish_posts, upload_files & edit_published_posts capabilites. Should a user with these capabilities (normally an Author, Editor or Administrator) attempt to change their password, the strong password enforcement will be triggered.

To customize the list of capabilites Force Strong Passwords checks for, use theslt_fsp_caps_check filter.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: