Please read below comments by ITsoft’s Guest Blogger,  JL who is the lead consultant and Deputy Chief Information Security Officer (D-CISO) for Critical Informatics, an managed detection/response and information security services firm based in Seattle and Bremerton.  Do you have a question about securing passwords or if you should use multi-factor authentication?  Visit www.ci.security to see about how they can help businesses and municipal services secure their data and their networks!

ITsoft wants you to Improve Your Security Practices

When my team is working with clients and companies to improve their security practices and technology, one area we frequently see businesses large and small struggle with is keeping passwords safe, especially when they need to be shared.  If you have any accounts on the internet – from your banks to your email to Netflix – you’ve got a password you need to keep safe, but you also need to use!

If you’re a business owner or you work with a team where you share passwords and accounts, that adds a whole new wrinkle – how do you keep a password safe, but also share it with other people?

Bad guys on the internet know how most of us keep track of our passwords – a note in our phone, or a file on a computer or maybe Dropbox, or maybe we just use one single password on lots of sites.  All of these are common “password management strategies” but all of these leave you and your accounts at risk if a bad actor ever gets into your computer, hijacks your email account, or gets a hold of the password file.

There are online password managers, including LastPass, 1password, Dashlane, and others.  These websites (some are free, some charge) will store your passwords in their websites, and you access them when you need through your web browser (Chrome, FireFox, etc) or through an app on your phone or your computer.  These services are great because they keep your passwords in a place that’s easy to access, and is also safe in case your computer crashes, or you lose your phone or laptop.  Some also offer group services for businesses and teams.

These services aren’t bullet-proof though, and they have their own security challenges.  A few times a year, we hear news stories of one of the major services having a problem with their website or their software (an “exploit”), which could allow someone to snoop in and steal your passwords.  Sometimes they’re fixed before the bad actors have written tools to take advantage of that exploit.  Rarely do we hear that they resulted in passwords being compromised, but these are risks we should all consider before picking a password management tool.

You may also have heard about 2-factor authentication (2FA), or Multi-factor authentication (MFA).  This is an extra step that you can use to secure your accounts – including Gmail, Microsoft, Facebook, Twitter, and many banks.  We’ll write more about this in future blogs, but know that 2-Factor Authentication and Multi-Factor Authentication are really good ideas these days, whether you’re a large business or an army of one.

That’s all for now – stay tuned for more Cybersecurity and Information security news and tips!