MSPNetworks Blog

Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

You Too Can Steal Passwords to Almost Any Type of Account

All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.

Learn a Little Bit About the Victim

We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.

Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.

Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.

From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.

Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.

Use Software to Crack the Code

This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.

Alternatively, Just Trick the User

No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.

All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.

Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.

Always Remain Vigilant to Cybercrime

Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. MSPNetworks can help you stay ahead of hackers! Call us today at (516) 403-9001 to learn more.

Multi-factor authentication is great when it works, but when it doesn’t, it can leave you in a pretty difficult situation. After all, what happens when all of a sudden, you cannot access your secondary authentication methods? We’re here to help you bypass this particularly challenging and frustrating scenario.

First, let’s look at how and why you might accidentally get locked out of your MFA methods.

How Might You Get Locked Out of Your MFA Solution?

Multi-factor authentication works by shoring up the problematic password and augmenting it with other, secondary methods of authentication that are more secure. The logic is simple; two keys for a single lock is more effective than one. You might use a password and a fingerprint scan, or a password and a USB key. Here is a brief rundown of various MFA methods:

• Something you know: A password, passphrase, or a PIN.
• Something you have: Something you own or have in your possession is required to access the account, like a key card, smartphone, or hardware-based security key.
• Something you are: Think biometrics, a fingerprint, or retina scan—something to confirm your identity.

By requiring more than just one form of authentication, it becomes much more difficult for an attacker to get into an account.

Of course, requiring two keys also means that if you lose one of them or forget one of them, you cannot access your account, leading to the exact opposite problem of hackers infiltrating your account.

Potential Solutions to Your Dilemma

Rather than give up immediately and start over, let’s consider two paths you might be able to use to gain access to your locked account.

You might be logged in elsewhere.
Most services and applications using MFA will have a website and an app, and chances are at least one of them will still have you logged in, if you’re like most individuals who dislike the hassle of logging into your account every time you have to use it. You can sometimes check the settings to discover an option that will let you temporarily disable two-factor authentication. You will probably have to provide the password, so make sure you don’t accidentally log out until you have finally gotten control of your account again.

Customer support might help.
Customer support might not be the most ideal solution to your problems, but it’s an effective one. Simply put, you never know what’s possible until you ask about what is possible. There might be a simple way you can get back into your account. If there isn’t, there might still be a way too, but it could take up to a couple of days before it takes effect.

Really, the best way to address this issue is to not find yourself in it in the first place. If you have to open a new account just to get around this frustration, make sure you contact the vendor to disable the old account so that no one can take advantage of the old one.

What Other Options Do You Have?

Most modern MFA tools have contingency plans built into them specifically for situations like these. One way is to set up multiple methods of secondary authentication, like having secondary phone numbers, email addresses, or biometrics in place, providing you with more ways to get into your account should you lose access to one of them.

Many MFA platforms also provide users with recovery keys or backup codes that you can use to communicate with the MFA platform, further guaranteeing that you are the designated user. If you generate one of these codes, you’ll want to ensure that it is protected in a safe place, preferably one with encryption.

If you go the security key route, you should consider getting a second key as well, just in case. Some services enable you to get multiple keys tied to your account specifically because they understand how easy it is to lose something important like this. Plus, if you ever upgrade your key, you’ll have the old one to use as a backup.

Let’s Make Sure Your IT Works

One of our big responsibilities as a managed service provider is making sure you get the value you expect out of your technology, which includes accessing your resources and accounts as needed. We can help you ensure that you are always connected to what makes your business run. To learn more, reach out to us at (516) 403-9001.

Most organizations are trying to figure out how to secure their IT against the constant flood of threats out there. Unfortunately, the biggest threat out there isn’t something that you can actively protect against. Can you guess what it is?

Unfortunately, it’s your employees, and their potentially lax password practices—and while you can’t really protect yourself against insecure passwords, you can minimize the likelihood that they’ll be used.

A Password Manager is a Great Security Asset

A password manager is a great little program, as it allows you to store all of the credentials that you would otherwise be tasked with remembering.

But wait, I can hear you saying, aren’t you not supposed to write down your passwords?

Usually, yes! However, reputable password management solutions give you a place to store these passwords that’s heavily fortified through encryption. That’s the key difference between the password manager and a little notebook that you keep around.to scribble credentials in…only one of these options features the security that encryption provides (and it isn’t the little notebook).

Considering that the average user needs to remember dozens of passwords, having a safe place to store them is a huge benefit.

This is just the start of the benefits that a password manager provides. In addition to the secure convenience, a quality password manager will allow you to generate more secure passwords to use…all accessible to you behind a single master password.

With all of the credentials you may need easily accessible, either through a browser plugin or dedicated desktop/mobile applications, you can rest easy knowing that you and your team members won’t be locked out of a necessary solution at an inopportune moment.

Speaking of your team, a password manager makes it far easier for them to share the credentials that they’ll need to use amongst one another. You can share access to them as needed, making it easier to endorse productivity.

So, to sum up, a password manager:

• Helps you to use sufficiently secure passwords
• Assists you in creating passwords that are more secure
• Enables your entire organization to access shared resources easily

We Can Get Your Business Set Up With a Password Manager

Turn to us to ensure you select a reputable and reliable password management solution, and any other tools or resources your business would utilize. Give us a call at (516) 403-9001 to start a conversation about it.

Passwords are just one part of a comprehensive security strategy, but they are a crucial one. You must make sure that you are investing adequate time and effort into making sure your passwords are secure. This is easier said than done, but by the end of today’s short blog article, you’ll have all the information you need to craft excellent passwords for your accounts.

What Are Some Password Best Practices?

In a list format, we have put together some password best practices for your review:

• Use complex strings of characters: Your passwords should consist of both upper and lower-case letters, numbers, and special characters.
• The longer, the better: If you have more characters in your password, there are more opportunities for a hacker to get it wrong. Your passwords should be easy to remember, but hard to guess.
• Opt for passphrases rather than passwords: To make your passwords easier to remember, you can use a passphrase. The passphrase is basically an upgraded password variant that is harder to guess, but easier to remember. For example, if you were to use a favorite ’80s movie, you might pull a famous line from the movie along with the title and tie it together. For example, if your favorite movie of all time is Short Circuit, you might make your passphrase Sh0rtCIRCUIT#5isALIVE!86
• Use different passwords for each account: You should be using different passwords for each of your accounts, just in case one of them gets stolen. After all, if you use the same password for every account, you’ll have to change every single one of them anyway.

With these practices, you can make more complex and secure passwords. In addition to these practices, you can consider some of the following to make using them easier and more efficient.

What Else Can You Do to Protect Your Online Accounts?

To capitalize on the benefits of password security for your business, we recommend that you take things just a hair further with additional policies and technology solutions. We recommend multi-factor authentication and password management solutions to get the most out of your password and authentication policies.

With multi-factor authentication, you can use additional authentication protocols alongside passwords to maximize security. Your average multi-factor authentication tool will utilize two of the three methods: something you are (biometrics), something you have (smartphone, USB key), or something you know (a password, PIN, or passphrase).

In comparison, password management tools take what you have applied to your password security and make them that much easier to manage. Password managers store your passwords in an encrypted database where they are protected by a master password. You can then call the passwords as they are needed when you access your accounts. Password managers often have the capabilities to generate passwords for you, just in case you need some help with your complex passwords. It makes using complex passwords and passphrases that much easier.

MSPNetworks is here to help outfit your business with the security and productivity tools it needs. Give us a call at (516) 403-9001 to learn more.

Look, we get it. All you want is for the technology your business relies on to just… work. While that may not always be possible, there are quite a few things you can do to help prevent issues. For this week’s tip, we’ll go over some basics that will help make your use of your computer much less stressful.

1. We’re Not Kidding When We Say “Turn it Off and On Again.”

Yes, we’re aware that this advice has become the go-to punchline for any jokes at IT’s expense. However, we’re also aware that this is the case because we do offer this advice a lot, and that’s because it works. A surprising amount of issues can be resolved through a simple reboot. You know how refreshing a nap can be for someone? A reboot can work similarly for a computer, as it gets rid of all the extra data that can otherwise bog it down. This is a simplified way of describing the process, of course… the important thing is that you know we aren’t just asking that question to sound smart.

As silly as it admittedly sounds, a quick reboot is effective often enough to make it worthwhile to ask right off the bat.

However, it is important to remember that a reboot requires more than just turning your monitor on and off, or just logging out and in again. You need to actually restart your computer - and not by pressing the physical power button on your device, as this could cause worse problems. Instead, use the Restart option - found in the Start menu, under the Power icon. Furthermore, you also need to remember that locking your computer is a different process entirely, but still should be done whenever you leave your computer unattended. All you have to do is press WINDOWS+L.

2. Don’t Rush Your Computer

Anyone who has sat at a computer and had to wait for a process to complete understands how irritating this wait can be. There’s a real feeling that almost seems like helplessness - so it’s only natural that we have the urge to do one of the few things we can do… click on what we wanted to do, over and over and over and over…

There are a few problems to this approach. First, there’s probably some reason that the computer seems not to be completing its action. Second, your computer isn’t ignoring any of these additional clicks. As a result, if/when your computer makes it past whatever it is that is causing the holdup, it’s going to take all those clicks seriously. You won’t just open one instance of whatever file or program you were trying to access, you’ll open the application however many times you clicked on the shortcut. This will be annoying. Naturally, the same can be said for trying to print something out, or really any other action you were trying to complete. Doing so can even slow your computer down further.

Try to be patient… but, if the problem persists, reach out to IT for assistance.

3. Exercise Password Caution

It’s hard to overstate the importance of your passwords and their impact on your security overall. This means you have to be careful about how you remember them, as well as where and how you input them. Take your Caps Lock key, for instance. It won’t matter if you spell you password correctly if Caps Lock is activated unnecessarily, because it’ll still be wrong.

In terms of your security, you need to also consider the consequences of how you and your team stores your passwords. Let’s say that one of your employees is trying to cover up some corporate espionage. If another employee keeps their passwords written on a sticky note somewhere around their workspace (stuck to their monitor, for instance), that gives the insider threat a great way to pin their activities on someone else. This is why it is so important that every computer is locked when left unattended, as we discussed above, especially if the browser or other applications have their access credentials ‘remembered’ by your device.

If you’re seeking a simpler way to remember all the passwords you need to keep in mind, you’d be better off utilizing a password manager.

4. Talk to IT

Regardless of whether you have an internal IT team or you have a managed services agreement with a provider like MSPNetworks, you need to make sure you are communicating your issue to them in clear detail - chances are, they’ll assume that you have some kind of computer-related issue if you’re reaching out to them. Make sure you provide as much detail as you can, like what your error message says specifically, or a screenshot of your issue, if possible. This makes their job much easier, which leads to quicker resolution times. Hopefully, it goes without saying that you should remain available to IT to ask any questions of you once you reach out to them.

If your business needs more help with its information technology, don’t hesitate to reach out to us! We can help your operations by providing the IT solutions and services necessary to remain competitive today. Call (516) 403-9001 to learn more.