Should You Store Passwords In The Cloud?

It seems that almost every site on the web requires a password. At least twice a week, I get an email from someone who wants me to join yet another network, which requires yet another username and password. You can cop out and use the same username and password combination, but that’s just asking for trouble.

The key to surviving password management going forward is to make a small investment in a password management service that stores your passwords in the cloud and also on your computer. The best thing about a password manager is that you ultimately have just the one master password to remember, which gets you access to all the different passwords for each site.

What to look for:

  • A password generator tool that makes strong passwords that cannot be cracked, and that you never really need to remember, because they are all stored in the password manager.
  • One that works across multiple browsers and can sync multiple PCs.
  • Smartphone application syncing with the cloud.
  • Security of password managers is pretty much a nonissue at this point, since most have levels of encryption that can’t be easily cracked.

The real security vulnerability is with your own computer and any existing or future malware that can log your keystrokes or take screenshots. Run virus scans and the most updated version of your antivirus software to prevent any infections.

Another layer of protection is to add your computer’s built-in onscreen keyboard to your task bar and use it to enter your master password.

Cloud-based password managers:

RoboForm is my favorite. It’s $9.95 for the first year and $19.95 every year after that.

Install RoboForm on as many computers and mobile devices as you wish, all with the same license. Seamlessly keep your passwords and other data in sync. Always have a backup copy of your passwords and other information. It’s also extremely secure and easy to use.

Keepass is free. This is a free open-source password manager, which helps to securely manage your passwords. You can store all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see their features page.

For $39.35, 1Password can create strong, unique passwords, remember them, and restore them, all directly in your web browser.

LastPass is also another good free option.

Using a password management tool like those listed above is easier: never forget a password again and log into your sites with a single mouse click.

It’s everywhere: the program automatically synchronizes your password data, so you can access it from anywhere at anytime.

It’s safer: protect yourself from phishing scams, online fraud, and malware.

It’s secure: all of your data is encrypted locally on your PC, so only you can unlock it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Bought a Car Recently? Watch Your Identity Information

Over the past 15 years, we have watched hackers’ evolution from “phreaking” phone systems, to hacking government agencies like NASA, and eventually creating viruses that take down networks. In the beginning, their primary motivations were fun, fame, and amusement. Over the past ten years, the game changed dramatically, from fun and fame to financial gain. Hackers targeted government agencies, then colleges, banks, retailers, credit card processors, hotels, and eventually, major multinational corporations.

Who are they hacking now? Well, everyone. And as journalist Brian Krebs has pointed out on his blog, Krebs On Security, they are targeting auto dealerships in a big way. Why? Because auto dealerships’ records include lots of Social Security numbers, which identity thieves can use to apply for credit cards in their victims’ names.

Krebs states, “Recent hacker break-ins at a half-dozen car dealerships nationwide are a reminder of just how easily one’s personal and financial information can be jeopardized by poor security at any of tens of thousands of organizations that have access to that data.”

This results in “new account fraud.” This is a form of financial identity theft in which victims’ personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are frequently used to commit new account fraud.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is a necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.  And when you are actively seeking credit, as Experian points out, “You should plan ahead and lift a freeze, either completely if you are shopping around, or specifically for a certain creditor, a few days before actually applying for new credit.”

Device reputation leader, iovation Inc., helps credit issuers spot new account fraud through the device intelligence that it provides back in real time. iovation alerts issuers to the computers or mobile devices that are applying for multiple credit accounts with different identity information, or masking its location while applying for credit, along with other highly-suspicious behavior.  The credit issuer simply sets up their own unique business rules and iovation runs those rules while the applicant is on the site, and returns back and Allow, Deny or Review response for the transaction along with the reasons why.

By identifying new account fraud in real time, credit issuers can save millions of dollars per year from fraud losses.  In one case, a Fortune 100 credit issuer using iovation identified 43,000 fraudulent credit applications saving them $8 million dollars from fraud loss over two years.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Reinforcing Your Doors Security (Part 1 of 3)

This question often comes up in my seminars “How can I completely burglar proof my home?” And the answer is tricky. There is no such thing as 100 percent security which “burglar proofing” suggests.

However burglar proofing can conceivably be achieved if you consider that most burglars don’t have the necessary wherewithal or tools to compromise some heavy duty layers of installed protection like shatter proof glass, heavy doors, security cameras, monitored home alarm system and good strong locks. And you can certainly do lots of other creative things to reduce risk.

One weakness that almost everyone has is their doors. Even with good locks, kicking in a door isn’t all that difficult. All that separates a burglar or home invader is about ¾ inch pine and the stock strike plate with ½ inch screws that comes with the deadbolt and doorknob. It’s pretty scary when you actually take a look at some of the videos these companies produce showing how easy it is to kick in a door.

There are basically 5 different kinds of door reinforcement devices:

Door knob/dead bolt wraps. These are devices that are installed on the door itself strengthening the area around the locks.

Door braces. These are usually floor mounted alloy metal devices that come in two parts. One is the horizontal floor plate screwed right in the floor and the other is a vertical plate that inserts in the floor plate tightly fit up against the door.

Door bar jammers. These are bars that fit under the doorknob and pitch to a 45 degree angle to the floor.

Strike plates. These are generally no more than 3-4 inches long and are thicker than a regular strike plate.

Door frame reinforcement: These are often made of steel and are up to 4 feet in length and are installed on the door jamb center, right over the exiting strike plates.

I’ve recently had the privilege of talking to two different companies that offer door reinforcement devices. Each has a different style brace for a different application, and both are designed to keep the bad guy out. More on those in parts 2 and 3.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News. Disclosures

Javelin Study Shows Increased Credit Card Fraud Risk

Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts.

Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.

Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.”

The report also found that for a full year after your bank account information has been hacked, there is a strong chance that you will be a victim of credit card fraud. So even though you may be getting a little hardened to data breach warnings, you still need to watch your credit card statements closely. As long as you dispute unauthorized credit card charges within 60 days, federal laws limit liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

One of the FFIEC’s recommendations for financial institutions involves using complex device identification. iovation, an Oregon-based security firm, offers an advanced device identification service that incorporates real-time risk assessments, the history of fraud on linked devices (such as chargebacks, identity theft and credit application fraud) and exposes fraudsters working together to steal from online businesses.

“Complex device identification” involves the creation of a digital fingerprint based on several characteristics of the device including hardware and software configuration, Internet protocol addresses, and geolocation. Unfortunately, complex device ID by itself only increases the strength of identification; it does little to increase the efficacy of an overall anti-fraud strategy.

“Device reputation” offers all of the security measures that complex device ID does, but it also strategically incorporates velocity, anomalies, proxy busting, webs of associations (linking devices and accounts), and fraud and abuse histories. Device reputation moves from a micro to a macro view of transactions which takes into account how particular devices behave or have behaved beyond its activities with a financial institution, its usage by a current user or other users, and/or its relationship to other devices.  This chart explains what is involved with each:

Leading financial institutions aren’t merely complying with the FFIEC’s security recommendations, but are going beyond it by incorporating device reputation and other authentication and anti-fraud tools into their layered security approach.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Top Six Free Cloud Storage Centers

“Free” is one of my favorite words  so when I have the option to get something for free, I will allocate a reasonable amount of time figuring out how I can apply that to my life before I determine if I should adopt it, or if it’s worth the extra few bucks for the paid version, or if it isn’t worth my time at all.

Backing up data is as important as securing your data, so I back up in multiple places, some of which are free and some that charge a fee.

Here are the freebies:

Google: For Windows, Mac, iOS. Up to 10 GB free space. Designed to store documents in Google Docs, photos in Picasa. Google storage is scattered. It’s only effective for documents and photos.

iCloud: For Mac, iOS, limited functions for Windows. 5 GB free space. Designed to automatically back up all your Apple devices wirelessly.

Amazon Cloud Drive: For Windows, all Adobe Flash enabled devices, not for iOS. 5 GB free space, then $1 per extra GB. Designed for manual upload and backing up media.

Windows Live: For Windows, Mac. 25 GB free space. Designed to store anything you want.

Dropbox: For Windows, Mac, iOS. 2 GB free space, then $2 per extra GB. Designed to store anything you want. It’s the only cloud storage that seamlessly and automatically syncs all your devices in one place.

YouSendIt: For Windows, Mac, iOS. 2 GB free space. Designed to store anything you want. Allows for sending links via email for downloading.

Each of the above cloud storage spaces fits a certain need based on the systems and devices you have. If all you need is a data dump, then Windows Live is it. If you need synchronicity across platforms, go for Dropbox. If you are all Apple, then iCloud is your service. YouSendit is the only one that allows for emailable links to download files, which I use a lot.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How to Use the Cloud to Reduce Expenses

Many people are looking to cut expenses. Personally, I’ve shaved at least a couple thousand dollars a month from my expenses by downsizing to one car, cutting out lots of monthly recurring fees, and looking closely at which services I can now shift to the cloud.

Software: Contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

Data storage: Backing up your data is absolutely fundamental. And while you can buy a two terabyte hard drive for under $100 (and you should), you can also get free online backup all day long. But you won’t find anything free that includes more than 100 gigabytes, and most free services provide between two and 25 gigabytes. Search for “free online backup.” I need terabytes, so I pay.

Media: Are you still getting a newspaper delivered? Cutting out a newspaper can save $15 – $30 or more every month. Most newspapers offer an online equivalent for free or for a small fee. If your paper is now charging, like The Boston Globe and The New York Times, look to other dailies in your region that don’t.

Are you actually watching all that much cable television? If you break down your cable bill it’s at least $2 per day, and some people pay as much $7 – 9 per day! Cloud-based services like Hulu and Netflix cost less than a dollar a day and offer lots more customized entertainment.

Are you paying for satellite radio? Sirius? Are you serious? That’s over a $150 a year! Internet radio options such as Pandora offer free versions that keep you tuned in and entertained. They are also available on smartphones.

Telephone: Still paying for a landline? If you have a mobile, you may not  need a landline. But what’s even cheaper is cloud-based Skype. You can use your smartphone or PC to call any Skype user for free, or any number in the U.S. from anywhere in the world for $3 per month! Google Voice has a great product too, but Skype is still a little friendlier.

And are you even using a fax machine anymore? I do, so I have to have something in place to send or receive faxes. Scanning documents is easy with an all-in-one scanner, printer, and fax, so many documents can be emailed. But services like UReach.com cost less than $10 per month and allow you to receive faxes through the cloud in your email.

Paper Statements: Look closely at all your bills. In the past five years, many companies have given consumers the option of going paperless, receiving statements via email, and viewing them in the cloud. They have also provided options for electronic funds transfers. Some are even charging extra to send paper statements and to process paper checks. By going all cloud-based, you could probably save a few bucks every month.

Shopping: I still drive to buy food, home hardware like nuts and bolts, and some clothes. Otherwise, electronics, appliances, shoes, and pretty much everything else can be bought online. Amazon, Zappos and many eBay sellers often provide unbeatable prices because they have much less overhead and free shipping to boot!

Saving money is fun when it’s done in the cloud. It’s smart and when it’s done right it’s more secure, too!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Consumers Need to Rethink IT Security and Safety

Hackers and crackers and data breaches! Oh my! Confused? Overwhelmed? Don’t care? You should, and there’s help.

Few people are head first into gadgets, technology, the cloud and security as I. I have my devices, my wife’s, my kids, there’s Apple products, Microsoft Windows, smart phones, feature phones and tablets. It’s maddening.

Now instead of one PC per household, consumers are purchasing multiple devices . And with consumers able to access the digital world as easily from their smartphones and tablets as from their personal computer, PCs are no longer the main method of connecting to the Internet.

This wave of new devices and their ease of connectivity also means that consumers are now starting to think differently about their digital security.

Mobile Device Users

The threat of lost or stolen devices and the possibility of their personal information being used for fraudulent means a significant concern. In the United States 113 mobile phones are lost every minute  and more than half of smartphone users do not use any password protection to prevent unauthorized device access.

Mac UsersMac OS is not safe from viruses. As of late last year there were 5,000 malware versions targeting the Mac, a number that is growing by ten percent per month.

Child and Teen Users
Are your kids they being exposed to pornography? Will they be contacted by strangers through their social networking profiles?  Are they downloading age-appropriate music and movies? Having protection on the household PC is no longer enough. Parents need to know that their children are safe on all the devices they use, wherever they connect.

Solutions
It is here and called McAfee All Access. Before consumers had to look for and download a hodge podge of security software from numerous vendors with multiple “keys” to activate. What McAfee knew consumers wanted was an “all in one” solution that for once and for all provides a dashboard to manage all your devices from one place regardless of if it is a PC, smartphones, tablets, netbooks, or Mac.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)

 

 

Cloud-Based Contacts Managers: To Use or Not to Use?

The old adage, “It’s not what you know, it’s who you know,” still rings true today. Without a network of “trust agents,” influencers, or simply good contacts, it’s hard to get anything accomplished. Getting a new job, making sales, or simply finding a good accountant requires a network of people you know, like, and trust to make a recommendation so you won’t get fleeced.

So how do you manage your contacts? How do you stay in touch and up-to-date with relevant names, addresses, and phone numbers? Many people still use a notepad, others use a subscription service or software such as ACT!, and even more use Outlook. More and more people are using cloud-based contact managers today than ever before. Some are free, while others cost as little as $5 or up to hundreds per month.

I’ve tried them all and can tell you there are a variety of options. The goals of any contact management system are ease of use, portability, accessibility, customization, and backup. If the contact manager you choose is in the cloud, then security is also an important consideration.

Social media: Many people are now using cloud solutions such as Facebook and LinkedIn to manage contacts, which can also be made available on your smartphone, but lack customization, calendars, or note functions. Check out LinkedIn’s Profile Organizer and Gist.

Cloud-based email: Yahoo and Gmail both offer contact managers. Gmail’s is the most comprehensive and includes a section for notes. Gmail contacts can also sync with an iPhone and Android in real time portability. If Gmail could link your calendar with your contacts, it would be a perfect contact manager.

Customer relationship managers (CRMs): These are full-blown contact managers that make contacts, calendars, and notes accessible from smartphones and computers. CRMs are generally used by businesspeople that need to manage clients.

A true CRM keeps track of emails and calls, along with calendar notifications. Some will make a phone call via Skype or a landline with the click of a button.

There are many to choose from and most cost upwards of $300 per year or much more.  Check out Zoho CRM, Free CRM, SugarCRM, Microsoft Dynamics CRM, Highrise, and the most popular, Salesforce.com, which I still find cumbersome and clunky.

What do I use? I use ACT! locally, and I use Gmail’s contacts and calendar in the cloud. The hybrid works for me and is either cheap or free, with no annual fee.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Are Your Digital Assets Worth?

Digital assets include: entertainment files (e.g. music downloads), personal memories (e.g. photographs), personal communications (e.g. emails), personal records (e.g. health, financial, insurance), and career information (e.g. resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.

If your PC crashes or is hacked and your data is not properly backed up, how devastated will you be? Whether for personal use or for business, chances are you have a collection of documents, music, and photos that, if compromised, would almost feel as if your house and all your belongings had been burned up in a fire.

A recent survey found that 60% of respondents own at least three digital devices per household, while 25% own at least five. (Digital devices are mainly desktop or laptop computers, tablets, and smartphones.) As many as 41% of those surveyed spend more than 20 hours per week using a digital device for personal use. Admittedly, I’m online for at least 16 hours a day.

Photographs and similar memorabilia are the main digital asset that most people (73%) consider irreplaceable, should they be lost without having been backed up. Respondents valued personal memories at an average of $18,919, compared to $6,956 for personal records, $3,798 for career information, $2,848 for hobbies and projects, $2,825 for personal communications, and $2,092 for entertainment files.

Consumers estimate the total value of all their digital assets on multiple devices at an average of $37,438, yet more than a third lack protection for those devices.

According to Consumer Reports, malware destroyed 1.3 personal computers and cost consumers $2.3 billion in the last year. Not only have hackers continued to target PCs, with the increased popularity of tablets, smartphones, and Macs, threats are becoming both more common and more complex for non-PC devices. For example, according to McAfee Labs, malware targeted at Android devices has jumped 76% in the last three months.

Many people protect their PCs and digital assets from malware by installing antivirus software. When it comes to smartphones, tablets, and Macs, however, they leave the doors open to criminals. Bad guys are now targeting these devices, as they have become the path of least resistance. Now more than ever, a multi-device security strategy is necessary.

McAfee understood this and solved the complexity and cost pain points by developing a product called McAfee All Access (www.mcafee.com/allaccess) This is the first full security offering for Internet connected devices — from smartphones and tablets to PCs and netbooks. Basically you can get a single license for a great price to secure all of the devices you own!

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Cloud Home Security is Here

A burglary occurs every 15 seconds. The chance of your home being broken into is higher than you’d think. The good news is that today’s alarm systems are “not your father’s alarm.” Twenty years ago, a contractor had to spend a week tearing up your walls, ceilings, and windows to retrofit a messy, hardwired security system. These alarms were so expensive that they were mainly used by businesses, rather than in private homes.

Since then, home security systems have dropped in price. They are now mostly wireless, right down to the cellular phone signal. But what makes home alarms even more exciting is that the majority of the functions are cloud-based.

I have the “ADT Pulse,” which marries home security with automation. From almost anywhere — on the road, in your office, or even at the beach — you can access your cloud-based smart home system. Depending on the plan you select, this system can provide an unprecedented level of control with Z-Wave wireless technology, your own personal command center, compatible mobile phone, and interactive touch screen security system.

Using my iPhone or any computer, I can access a cloud-based server that allows me to watch live footage from each of the 16 cameras I have installed in and around my property. The cameras also begin recording automatically whenever motion is detected, and that footage is stored in the cloud and available to me anywhere, any time. It’s amazing how often I access these cameras when I’m on the road.

With home automation, I can use the cloud to remotely switch lights on and off and adjust the temperature control system. I also get alerts in the event of an intruder or even a broken water pipe!

Having a cloud-based, Internet-connected home security system certainly provides an excellent layer of protection, not to mention peace of mind.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures