I Want to Punch Passwords in The Face

/0 Comments/in , , , , , /by

Robert Siciliano identity theft expert

Passwords and forms harass and mock me every day of my life. Everywhere I go there is a big burly bouncer who is the password gatekeeper and he needs a beating. He won’t let me in or by the velvet ropes unless I know the secret code. Most of the time I know what he wants, but because I have so many passwords to remember (last count is 456, but less than 200 active/weekly sites), I sometimes forget. Then I try 2-3 other passwords that I think will work before I get locked out. I can’t have all the same passwords because wouldn’t it be just great if I got hacked.

Ultimately I have to go to a password protected file that stores them and begin the copy paste process. But even when I do that there are problems. Sometimes when a password is copied then pasted, the form won’t recognize it. It’s a code thing that’s beyond my expertise.

Some are reading this and wondering why this is even an issue. Saying if you use one browser and have one password manager then it’s a no brainier. But I don’t use one browser. I use 2, Firefox and Chrome. I have my reasons. I also use 4 different computers consistently.

Both browsers have tabs up top and I have at least 15-20 tabs going at the same time. Social media and various blogs are rich with technology that doesn’t always work like it’s supposed to. It’s a constant struggle getting it all to work.

You’d have to be a savant (and have lots of time) to have 8 browsers on 4 PCs working perfectly with Java, Flash, audio, video and all the other plug-ins to make everything work like it should seamlessly.

All of this coupled with the fact that operating systems are often reinstalled, password managers mostly don’t do what they are supposed to, hardly any of them work with more than one browser and I don’t like auto-fill for security reasons. And I’d never use auto-fill on a laptop.

I’ve tried every possible free and fee based password manager and they mostly all have the same thing in common: They don’t do what they claim they do.

CNET introduced me to RoboForm Online. I installed it this week and it works the best of any password manager I’ve ever used. It’s a little buggy with its “master password” that doesn’t always recognize, but the over all experience is a good one.

What I like about it the most is its ability to back up automatically in the cloud among all 4 PCs and with each browser. The “Chromium” RoboForm browser is a Chrome like browser that I had to install because Google hasn’t allowed Chrome to be tweaked by 3rd parties just yet. I had to reinstall Chromium once after it crashed. But it’s working OK.

After working on all 4 PCs over a week on each different browser doing all the different tasks like blogging that help me pay the bills, I finally have most of my passwords in sync and it’s now a relatively painless process. I’m not feeling as violent towards passwords as I once was.

Beefing up passwords using a password manager is much easier. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases: Full moons on Saturday bring out whackos @12am!: is FmoSbow@12am! That’s a strong password that no sane person will enter manually. But  a password manager makes it possible.

Strong passwords help protect identities. In addition you must:

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Prevention and Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano, identity theft speaker, discusses hacked passwords on FOX & Friends.

Obama; Cybersecurity and Identity Theft Protection Starts at Home

/0 Comments/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful and not particularly secure. It is powerful enough to bring people together, to educating, inform, and make life easier. But it’s also used to hurt, scam, and debilitate in so many ways.

The Pentagon’s computer systems are probed 360 million times per day, and one prominent power company has acknowledged that its networks see up to 70,000 scans per day. Every single day, utilities, banks, retailers and just about every computer network are faced with attacks. Many of these hacks are insignificant. Many are conducted with intent to commit crimes such as espionage, financial data theft, or the destruction of crucial information. The criminal hackers could be cyber-terrorists attempting to destroy the U.S. or its economy, malcontents simply wreaking havoc for its own sake, or opportunists looking for a profit.

The U.S. is a prime target for a number of reasons. The most obvious is that we’ve made mistakes that have many in the world hating us. Then there’s our financial system, which offers instant credit to anyone with a Social Security number. And of course, credit card security is an oxymoron, since anyone can use any credit card at any time. We have a bullseye on us and we put it there.

“Weapons of Mass Disruption” are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The Pentagon and the Department of Homeland Security are hiring thousands of computer experts to protect our networks. But the weakest link in the chain is not the government, but the citizens. Government has lots of work to do, but moms and pops are the most vulnerable. Enterprise networks have become hardened, while small business and the lowly consumer know enough about information security to get hacked. Awareness is key. You are either part of the problem or the solution.

Read this and every possible blog, article and report you have access to so you can stay on top of what is new and ahead of what is next in technology and the security necessary to keep it safe. Build your IT security vocabulary. Protect yourself and your business.

Those steps include:

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.
  • Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

Government Tries to Thwart P2P Identity Theft

/0 Comments/in , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Computerworld reports the House Energy and Commerce Committee passed the Informed P2P User Act, a law that supposedly makes it safer to use peer-to-peer, or P2P, file-sharing software. Yawn.

The bill now goes to the House for one more round of  approval. If passed, the bill requires developers to explain to users how their files will be made available for sharing with others on a P2P network.

The bill would make it illegal for P2P developers to make software that causes files from a computer to be inadvertently shared over a P2P network without a user’s knowledge.

Peer to peer file sharing allows Internet users to access other P2P users PCs and share files such as music, movies, software, games, and documents. Unfortunately many people don’t set up P2P programs correctly and they end up sharing their most important files including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

This can result in data breaches, credit card fraud and identity theft. I’ve seen numerous reports of government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Information on a U.S. Secret Service detail for the First Family was discovered via P2P.

Even if P2P were made illegal, P2P file sharing is a wild animal that can’t be tamed. There are already millions of P2P programs in circulation that can easily be set up inappropriately, and plenty of developers flying under the radar programming from countries all over the world unregulated by the US government.

There are millions of PCs loaded with P2P software, and users/parents/employers are usually clueless about the exposure of their data. P2P offers a path of least resistance into a person’s computer, so be smart and make sure you aren’t opening a door to identity thieves.

Savvy users lock down P2P to prevent someone else from tooling around with thier settings. If your IT abilities are scant then:

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.
  • Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.
  • And invest in Intelius identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses P2P hacks on Fox Boston.

70 Million Veterans at Possible Risk For Identity Theft

/0 Comments/in , , , , , /by

Robert Siciliano Identity Theft Expert

Wired reports the inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach affecting 70 million records of U.S. military veterans. The issue involves a defective hard drive the agency sent back to its vendor for repair without first destroying the data. Once the drive was diagnosed and found to be faulty, it was sent out for recycling. With millions of records still on it.

A NARA IT manager says 70 million veterans are at risk for identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.

A $2000.00 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The “loss” of data like this can cost a government agency or corporation millions to respond to the breach. The hard drive should have never left the facility and should have been destroyed. The Pentagon requires that old or defective drives be de-magnified or destroyed.

We have seen breaches like this before. A Veteran’s Administration laptop was stolen from the home of an employee of the Department of Veterans Affairs containing personal records of 26.5 million veterans in 2005 and eventually settled a class action suit over the breach by paying out $20 million. NARA also lost a hard drive including 100,000 Social Security numbers.

The risks associated with this kind of a breach generally revolve around new account fraud. New account fraud occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account such as a credit card and have the card sent to a different address. This is true identity theft. New account fraud destroys the victim’s credit and is a mess to clean up.

Government intervention to protect you from new account fraud is probably not going to happen any time soon, if ever. The responsibility is the citizens to protect themselves.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano Identity Theft Speaker discussing identity theft on the rise on Fox News

Invest in Identity Theft Protection and a Credit Freeze

/7 Comments/in , , , , , , /by

ConsumersUnion provides a resource for consumers to learn what their options are in regards to a “security or credit freeze”.

“There are more than eight million new victims of identity theft each year in the U.S. Many of these victims find that crooks have used stolen personal information like Social Security numbers to open new accounts in their victim’s name. A security freeze gives consumers the choice to “freeze” or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name.”

When a security freeze is in place at all three major credit bureaus, an identity thief cannot open a new account because the potential creditor or seller of services will not be able to check the credit file. When the consumer is applying for credit, he or she can lift the freeze temporarily using a PIN so legitimate applications for credit or services can be processed.”

As essential and effective and as a credit freeze is, it can be cumbersome for some people. I’ve gone through it myself and was a little miffed by the inaccuracies in the administration by the credit bureaus who processed the applications.

For whatever reason when the applications were received they entered the data incorrectly and some of the freezes couldn’t go through. After a few letters and phone calls everything was straightened out.

The process generally involves an “affidavit” that requires name, address, Social Security number, and a copy of a utility bill to verify you are you. Fees for a freeze can be free up to $15.00 per credit bureau. Once this is complete, your identity as far as new account fraud is locked down pretty well. However that’s not enough.

State laws with affidavit downloads:

Alaska, ArizonaArkansas, California, Colorado, Connecticut, Delaware,District of Columbia, Florida,GeorgiaHawaiiIdahoIndiana, Illinois, Iowa,Kansas, KentuckyLouisiana, Maine, Maryland, Massachusetts, Minnesota, MississippiMontana, Nebraska, Nevada, New Hampshire, e=”text-decoration: underline;”>New Jersey, New Mexico, New YorkNorth Carolina, North Dakota, Ohio, Oklahoma, Oregon, PennsylvaniaRhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, VermontWashingtonWest Virginia, Wisconsin, Wyoming

For more information, see: Frequently Asked Questions about the security freeze.

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC