MSPNetworks Blog

Technology is central to most businesses, which means that security is, by proxy, central to them as well. With cyberattacks on the rise, it’s more important than ever for you and your employees to be on the same page regarding cybersecurity. Today, we are looking at four ways you can ensure sound cybersecurity practices that even the most belligerent employees can follow… with the right support in place.

Protecting your business’ accounts is something we will advocate for on repeat. You’ll hear us tell you about complex and unique passwords and multi-factor authentication until you’re sick of hearing it. But one tool that our clients sometimes forget is the password manager—an equally useful tool that can help your business keep passwords safe and secure.

You should always use strong passwords for each and every account. Cybercriminals don’t need to put much effort into cracking a password these days—it only takes a little software and standard computer hardware to crack millions of passwords in just a second or two.

The more complex and random a password is, the more secure it is.

But coming up with (and memorizing) complex passwords is really difficult. This trick should make it a whole lot easier.

Safeguarding your online accounts is an important part of maintaining network security. With the increasing number of cyber threats, relying on strong, unique passwords is no longer optional—it's a necessity. Remembering complex passwords for numerous accounts can be challenging, however. This is where password managers come in handy, offering a secure and convenient solution to managing your credentials.

Did you know that tomorrow is World Password Day, 2023? As the result of a campaign to spread awareness of the importance of sufficiently secure passwords, it has become an annual reminder of how critical sufficient passwords are to proper cybersecurity…despite passwords not being sufficient protection on their own. In light of tomorrow’s observance, let’s take some time to review why passwords are important to get right, and what else you need to have in place.

World Password Day Remains Critical to Your Security…

Back in 2005, a security researcher by the name of Mark Burnett wrote a book—”Perfect Passwords”—that included his advice that everyone establish their own personal “password days,” where they take the time to go through all their passwords. Intel took his advice and turned it into a global observance, selecting the first Thursday in May as the established World Password Day. Since that day in 2013, this day has been designated as the day to update and refresh the many, many passwords we rely on each and every day in both personal and professional life.

Remember, as you do so, to keep a few key best practices in mind:

• Your passwords should all be unique, without any being repeated across accounts.
• Alphanumeric characters and symbols should be used wherever possible.
• Likewise, each password should be sufficiently complex and difficult for anyone to guess. A passphrase, made up of unrelated words, is another option.
• Passwords should never be stored or saved someplace insecure, like a scrap sheet of paper or a notepad doc. The only acceptable place to save them is in a standalone password manager that has been approved by IT.

…But You Can’t Stop at Passwords Alone

It is also important to acknowledge that passwords aren’t really as secure as we all would hope. There’s a reason that we—and many, many applications—so often push for multi-factor authentication. Requiring a second identification, usually in the form of a generated code or biometric proof, makes it far more difficult for a cybercriminal to access an account they aren’t supposed to access. Honestly, it’s becoming less and less of a recommendation, and more of a mandate for many.

So, While You Should Consider Your Passwords’ Strength Tomorrow, You Should Also Augment Your Security with MFA

We can help! Reach out to us at (516) 403-9001 for assistance with your account security, as well as that of your business as a whole.

Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.

For passwords, it also helps to know what is ineffective in addition to what is effective.

What Does a Bad Password Look Like?

A bad password is, to an extent, always going to be a bad password because passwords are not generally good for account security. While they are certainly better than nothing, they are far from the best way to protect an account, despite being the most popular and most common methods of doing so.

It’s remarkably easy to create a bad password, as well as have bad password practices. Whether it’s a case of the password not being complex enough or too easy to guess, or if it’s used for more than one account, they repeatedly hold businesses and individuals back from achieving the level of cybersecurity they need and deserve.

To help you better leverage good passwords, we’ve put together a list of things you’ll want to do to make them better and stronger.

What Does a Good Password Look Like?

Here are some best practices for password use and creation.

Don’t Repeat Your Passwords
If you use your password for multiple accounts, then all it takes is one of them falling victim to a data breach or phishing attack for all of them to be exposed in the same way. You should be using different, complex passwords for each of your accounts with no repeating passwords.

Always Make Them Complex
Complex passwords are easy to remember, but difficult to guess, which is easier in theory than it is in practice. You can make it much easier through the use of a passphrase rather than a password. Your passphrase should be a random string of words that utilize upper and lower-case letters, numbers, and symbols.

Don’t Use Personal Details
Personal details have no place in passwords for two main reasons: it makes them easier to guess for hackers, if the information is something that they can find publicly on the Internet or on social media, and it places more danger on you in the event that the password is compromised.

Use a Password Manager
To remember all of your complex passwords is impossible, so we recommend using a password manager to help secure them all. A password manager uses one master password to call upon a secure vault of passwords when they are needed. It’s the best way to use passwords without putting yourself at risk.

How are Your Password and Cybersecurity Practices?

If you could use a hand crafting better passwords or protecting your infrastructure, MSPNetworks has got you covered. To learn more, call us at (516) 403-9001.

With many businesses’ increased reliance on their information systems and other IT, they need to do everything they can to keep those systems up and running and secure. This not only includes rolling out security systems that support that goal, it also demands they take the action necessary to keep these systems secure. Let’s look at four things you need to do to keep your business’ IT as secure as possible. 

Promote Strong Password Practices

Many users are just not as savvy as most organizations need them to be about their passwords. In fact, many of the most popular passwords used today are still “password” and “123456”. Even if your people are more deliberate about their password practices, many of them choose passwords that could be easily guessed if someone had knowledge about that person’s personal life. This can be a major detriment to any organization’s attempts to keep their IT secure. Here are some tips that you can use to create strong and reliable passwords:

Password Length 

It stands to reason that longer passwords are harder to guess than shorter ones. It’s been proven that passwords that are at least 12 characters long are more apt to be secure than not. The problem with longer passwords is that they are more easily forgotten and result in significant downtime. A good strategy is to create easy-to-remember passphrases with random words and a combination of upper and lower case letters, numbers and symbols. For example a password of “elephantredfootball” will usually be secure, but one that is written: “3l3ph@ntr3df00tb@ll” is even more secure. 

Unique Passwords

 Lots of people will use the same password for every account. This couldn’t be more dangerous. Think about it, if you use the same password everywhere and one account is cracked, you are looking at a situation where every account where you use that password is now compromised. 

Use Software Tools 

There are plenty of tools designed to help people keep their accounts safe. Password managers can be a good resource for people who use long or randomly-generated passwords. These platforms use encryption to ensure that all login and passwords are secure and can cut down on password-related problems that can cause downtime and unwanted IT support costs. Another tool that can help organizations keep their accounts secure is multi-factor authentication. Most platforms will provide options that will add an additional layer of security in the ways of an authentication code sent through an authentication app or separate email or text message. In using randomly-generated codes from a multi-factor authentication system, you can do more to ensure that the people who access your organization’s network-attached files and cloud services are authorized to do so. 

Train Your Staff

One of the biggest issues for organizational IT security has to be threats coming in from outside your organization. These typically come in the form of phishing attacks. A phishing attack can come in on any platform including phone, email, text message, or even social media. There are over three billion phishing emails sent every day, and that isn't even taking into account all the other attack vectors. These messages come in with the intention of getting an unwitting or distracted employee to engage with it. Once this happens, nothing good comes of it. Scammers will use this social engineering technique to gain access to protected accounts, deploy malware of all types, and disrupt an organization’s workflow. This is why it is imperative to train your staff on how to identify phishing attacks and what to do when they inevitably encounter one. 

The phishing message will typically look like it comes from a person or organization that has some semblance of authority. Scammers like to develop subterfuges acting as financial institutions, insurance companies, even executives and managers inside a company. Many will ask recipients to click on a hyperlink or download an attachment. Either action could be dire for an organization’s technology. Let’s look at some variables of phishing messages that ever organization needs to train their employees on:

Demand Immediate Action

Most phishing attacks are structured to create fear and anxiety in the recipient. This typically will get people to make impulsive decisions. The best action is to verify any suspicious action before interacting with any messages like this. 

Include Unprofessional Spelling Errors and Grammatical Faux Pas 

Many phishing messages are developed by people whose first language isn’t the recipient's language and include demands, spelling errors, and grammatical errors that no professional correspondence would include.

Come From Unrecognizable Accounts 

Many phishing messages may initially look legitimate when you look at the account it comes from. The more legitimate these messages seem the more effective they are. Consider the email address or account these messages come from before clicking on any links or downloading anything from the email. 

Keep Your Software Updated

Phishing may get most of the attention, but one of the most used attack vectors by hackers is infiltrating networks through software vulnerabilities. Most enterprise software is continuously being developed to ensure that it is a secure product. If an organization doesn’t have a patch management program where their applications are updated regularly, hackers can use any software vulnerabilities to gain unauthorized access and wreak havoc on their network. 

If your organization uses a lot of applications, it may seem like keeping everything patched is a full-time job. That’s why using automation to ensure new patches are added regularly is important. You will also want to test every patch to ensure that your software solutions function as designed. This includes frequently updating antivirus tools, firewalls, and spam filters. 

There are plenty of solutions and strategies that you can use to keep your business’ network and data secure. If you would like to have a conversation about cybersecurity and how to deploy some tools and strategies that can work to that end, give MSPNetworks a call today at (516) 403-9001. 

Businesses sure use a lot of online accounts, and if they don’t keep track of the passwords associated with these accounts, things can get messy fast. To help with this effort, password managers, or applications that store passwords in an encrypted vault, have really taken off. Here are some of the reasons why businesses invest in password management solutions.

Why Businesses Often Take Advantage of Password Managers

Password Managers Save Time

Many IT departments throw away much of their day resetting passwords for forgetful employees, but this time can be reclaimed through the use of a password manager. Since the passwords are stored in a secure vault, employees can rely on that instead of a call to the help desk.

Password Managers Are Secure

Due to their nature as repositories for credentials and important account information, password managers are also extremely secure. Some password managers have features built right into them that allow employees to generate complex passwords, as well as features like two-factor or multi-factor authentication to aid in security. Through all of these features, it’s possible for any employee to overcome their poor password practices. Keep in mind that not all password managers are the same, however, and you should never rely on the password management features of your web browser alone.

Password Managers Are Convenient

Modern password managers are simple to use and make it easy for users to retrieve credentials as needed, no matter the device. The cloud enables these credentials to be synced to multiple devices, something which deters employees from writing down passwords and carrying them around in an insecure way.

We Can Help You Take Advantage of a Password Manager

MSPNetworks can help you implement a password management solution for your business. To learn more, reach out to us at (516) 403-9001.

Two-factor authentication is commonplace in the office environment, but it’s not commonplace enough, if you ask us. Too many organizations pass on it, placing their security at risk for no good reason. While the methods might vary, the benefits of two-factor authentication are too good to ignore. We’ll walk you through how to set up two-factor authentication for three of the most common accounts in the business environment: Microsoft, Google, and Apple.

But first, let’s discuss what two-factor authentication is and why it’s so beneficial to utilize.

What is Two-Factor Authentication?

It used to be the case that users would only utilize passwords to secure their accounts. However, passwords are easy for hackers to take advantage of on their own. Two-factor authentication uses at least two of the three methods below to secure an account rather than just the password alone, theoretically making it more difficult for a hacker to access an account. Basically, unless two of the three methods are fulfilled, the account will not be accessible. Here they are:

• Something you know (a password)
• Something you have (a secondary device you own)
• Something you are (biometrics, facial recognition, fingerprinting, etc)

Why Is It Important?

Imagine that your online accounts are a house with two doors: one for the mudroom and one for the house proper. If both doors use the same key, a thief only needs to steal one key to gain access to both the mudroom and the house. Now imagine that the mudroom and the house have two different keys. That essentially doubles the effort needed to break into the home.

Simply put, in the same way as the above scenario, it’s much harder for a hacker to access an account that is protected by multiple measures. For example, even if a hacker has your password, if the account is set up to use an external device like a smartphone or biometrics, they still won’t have access to the account. Unless the hacker goes through the trouble of stealing the secondary device or stealing your fingerprints/facial structure (something that is remarkably difficult compared to swiping a password), the account will remain secure.

Setting Up Two-Factor Authentication

Right, let’s get to the bread and butter of this article: how to set up two-factor authentication for the big three accounts: Microsoft, Google, and Apple.

Microsoft

Microsoft recommends that you either have a backup email address, a phone number, or the Microsoft Authenticator application installed on a mobile device before you get started with two-factor authentication for this account. To get started, go to this page and sign in with your Microsoft account. Next, select More security options. Under the option for Two-step verification, select Set up two-step verification. After that, it’s just a matter of following the on-screen instructions.

Google

The first step here is to log into your Google account by going here. Next, in the navigation panel, select Security. Under Signing in to Google, select 2-Step Verification. Finally, click on Get started. You’ll see the directions for the next steps appear on the screen. You can set up your verification step in a variety of ways, including Google Prompts, security keys, Google Authenticator, verification code via text or call, or a backup code. You can also disable this second step on trusted devices, but doesn’t that defeat the purpose?

Apple

To set up two-factor authentication for your Apple ID, go to your account by clicking here. Sign in, answer your security questions, then click Continue. If you see a prompt to upgrade your account security, tap Continue. Click on Upgrade Account Security. You can then add a phone number for which you will receive verification codes via text message or phone call. Click on Continue, enter the verification code, and turn on two-factor authentication.

Want to get started with two-factor authentication for your business? The three accounts outlined above are just the tip of the iceberg. MSPNetworks can help you implement a multi-factor authentication system that secures your data and network. To learn more, reach out to us at (516) 403-9001.

Passwords are probably the most important part of keeping accounts secure. That’s why it is so important to follow industry best practices when creating them. Today, we’ll take a look at the standards outlined by the National Institute of Standards and Technology (NIST) in creating the best and most secure passwords.

What Is NIST?

For years, NIST has been the predominant organization in the establishment of password creation standards. They continuously change their advised practices to meet with the current cybersecurity demands. They recently updated their guidelines so we thought we would go over what strategies they suggest, to give you an idea of what makes a secure password. 

New Guidelines

Many corporations are currently using the NIST guidelines and all Federal agencies are expected to utilize them. Let’s go through their newest password guidelines step by step. 

#1 - Longer Passwords are Better than More Complicated Ones

For years, it was preached that the more complicated the password, the more secure the account. Today’s guidelines refute that notion. NIST suggests that the longer the password, the harder it is to decrypt. What’s more, they suggest that organizations that require new passwords meet a certain criteria of complexity (letters, symbols, changes of case) actually make passwords less secure. 

The reasoning behind this is two-fold. First, most users, in an attempt to complicate their passwords will either make them too complicated (and forget them) or they will take the cursory step of adding a one or an exclamation point to the end of a password, which doesn’t complicate the password as much, if at all. Secondly, the more complex a user makes a password, the more apt they are to use the same password for multiple accounts, which of course, is not a great idea.

#2 - Get Rid of the Resets

Many organizations like to have their staff reset their password every month or few months. This strategy is designed to give them the peace of mind that if a password were compromised that the replacement password would lock unauthorized users out after a defined set of time. What NIST suggests is that it actually works against your authentication security. 

The reason for this is that if people have to set passwords up every few weeks or months, they will take less time and care on creating a password that will work to keep unwanted people out of the business’ network. Moreover, when people do change their password, they typically keep a pattern to help them remember them. If a previous password has been compromised, there is a pretty good chance that the next password will be similar, giving the attacker a solid chance of guessing it quickly. 

#3 - Don’t Hurt Security by Eliminating Ease of Use

One fallacy many network administrators have is that if they remove ease of use options like showing a password while a user types it or allowing for copy and pasting in the password box that it is more likely that the password will be compromised. In fact, the opposite is true. Giving people options that make it easier for them to properly authenticate works to keep unauthorized users out of an account. 

#4 - Stop Using Password Hints

One popular way systems were set up was to allow them to answer questions to get into an account. This very system is a reason why many organizations have been infiltrated. People share more today than ever before and if all a hacker needs to do is know a little personal information about a person to gain access to an account, they can come across that information online; often for free.

#5 - Limit Password Attempts

If you lock users out after numerous attempts of entering the wrong credentials, you are doing yourself a service. Most times people will remember a password, and if they don’t they typically have it stored somewhere. Locking users out of an account, at least for a short period of time is a good deterrent from hackers that use substitution codes to try and guess a user’s credentials. 

#6 - Use Multi-factor Authentication

At MSPNetworks, we urge our clients to use multi-factor or two-factor authentication on every account that allows them to. According to NIST they want users to be able to demonstrate at least two of three authentication measures before a successful login. They are:

1. “Something you know” (like a password)
2. “Something you have” (like a mobile device)
3. “Something you are” (like a face or a fingerprint)

It stands to reason that if you can provide two out of three of those criteria, that you belong accessing the system or data that is password protected. 

Security has to be a priority for your business, and password creation has to be right up there with the skills everyone should have. If you would like to talk to one of our IT experts about password management and how we can help your business improve its authentication security, give us a call today at (516) 403-9001.

I’m not sure we need to tell you how important passwords are: they are the front-line defense to most of the accounts you create. What is often overlooked is the strategy of how to use a password to successfully protect accounts and data. Today, we will discuss best practices   when creating and managing your passwords and how you are likely approaching your password strategy improperly. 

Creating Strong Passwords 

It’s true that passwords can be a pain to manage. Anyone who has been locked out of an account because they can’t remember their password knows this all too well. That’s why it is important to create passwords that are both easy to remember and that are secure enough to protect you. Cybercriminals have tools at their disposal that do a pretty good job of being able to crack passwords, so you need to keep that in mind when you are choosing yours. 

As you set out to create your passwords, you should keep the following two points of emphasis in mind. 

1. A hacker may try to brute force attack any password that cannot be guessed or cracked, rapidly trying each combination possible.
2. A password’s security and its resistance to brute force attacks are two different things.

Brute force attacks can really be devastating, but when you create your passwords, you have to keep in mind that any hacker with the will to brute force your computing network and left with the time to complete their hack, will likely find a way into your network. What you are doing when you are selecting a strong, memorable password is trying to make certain that the only way they are cracking your password is through brute force.

Typically we like to encourage that your passwords meet the following metrics:

• Are longer, typically over 16 characters
• Use a combination of numerals, letters (with upper and lower case characters), and symbols
• Don’t use privileged or personal information, or any information that can be tied to you through online searches
• No common words or numbers
• No consecutive letters or numbers

So How Do You Optimize Your Password’s Effectiveness?

With those practices, you will be pretty far along, but you also have to understand that the hackers’ tools are extremely powerful. That’s why on top of those suggestions, you will also want to add some complexity to your passwords. Studies have shown that about 41 percent of all passwords are composed exclusively of lowercase letters. If we have access to this information, it stands to reason that someone who makes a living breaking into networks and stealing data knows it as well. Therefore, along with adding symbols, varying cases, and numerals, one strategy is to use a passphrase of random words. 

The reason for this is that, with a password that looks like this “7i&3RkIn&4L1f3” the chances that you remember it if you use the account sparingly is pretty low. Besides, it is not that secure, as it is effectively a complex sentence. Remember, the hacker has to get your password completely correct to effectively gain access, so instead of trying to come up with intricate ways of typing statements that can be easily guessed, try taking three words that don’t have any natural connection, incorporating numbers and some varying capitalization, and padding either side with symbols.

A process like this makes the password more usable. It very likely won’t be guessed, is long enough to protect your account, is effective against the brute force attack, and will be easier for you to remember. 

Speaking of which, since you shouldn’t use the same password for multiple accounts, you will end up with dozens of passwords. Keeping them straight, especially over the long haul (as you will likely have to reset passwords from time to time), is difficult. That’s why we recommend using a password manager. Many people take advantage of the password saving feature inside their browser. This is effective, but we recommend using a third-party manager that features encryption. This tool will be the most secure and reliable; and, you won’t have to worry about remembering every password. 

At MSPNetworks, we consider cybersecurity one of the most important parts of a business’ IT strategy. Give us a call a (516) 403-9001 to see how we can help you keep your IT assets safe. 

Going through your passwords and updating them every so often is a very wise habit to get into, particularly when they are used to protect a lot of data—as the password to your Google account often is. Considering this, let’s go over how to update your Google password and otherwise lock down your account.

How Much is Tied to a Google Account?

For many, their Google account is linked to quite a few frequently-used utilities and applications. Going far beyond the search engine functionality it began as, Google’s services now involve multiple programs and solutions. As such, the potential danger of a cybercriminal accessing your Google account is increased greatly.

For instance, a Google account is now linked to:

• Google.com (for custom tailored search results)
• Gmail
• Google Drive
• Google Docs/Sheets
• Google Maps
• Android
• Google Workspace
• Google Chrome
• YouTube

 … with many, many other accounts and services also tied to Google. A good rule of thumb: anything with “Android,” “Chrome,” or of course “Google” in the name is likely tied to your Google account.

Updating Your Google Password

Fortunately, Google makes it exceptionally simple to update the password to your account:

1. Visit https://accounts.google.com/. If you aren’t signed in already, log in with your email/phone number and password.
2. Click Security on the left-hand side.
3. Look for Signing in to Google. Click Password.
4. Google will usually prompt you to provide your current password, and then have you input a new password.

A WORD OF WARNING: Naturally, with so much tied to a single password, you need to make sure it is as secure as you can possibly make it. Use a totally unique password—not one that provides you with access to any other account. Don’t include any personally identifiable information that others might associate with you, like your birth date, maiden name, social security number, phone number, or the like.

To help accomplish this, it will help to use a password manager to keep track of them all, along with any built-in password creation features it has built in, as this will help you to generate a secure, randomized password with sufficient complexity. You could also string a few random and unrelated words together to make a passphrase, sprinkling in numbers and symbols as you see fit to help make a memorable but significantly more secure option.

Once you make these changes, you’ll probably need to re-log into your Google account on a few devices.

But Wait, There’s More!

To really protect your Google account, let’s go a little further and set up 2-Step Verification (also commonly known as Two-Factor Authentication) if you have not yet done so. 2-Step Verification is a great insurance policy against the possibility that your password is breached.

Once your password is changed, from your Google Account page:

1. Click the Security option on the left-hand side of the page.
2. Click 2-Step Verification.
3. Google may prompt you to enter in your password again, just to make sure it’s you.
4. Depending on what Google already knows about you, this might go a few different ways—you’ll either be prompted to set up a phone number to get a text message or phone call, or Google might walk you through setting this up on your smartphone. Either way, follow the on-screen instructions. 

Your various authentication options come at varying levels of simplicity and efficacy. Most convenient is the use of a Google prompt, which sends a notification to your Android device whenever a new device is attempting to log into your account that allows you to permit or disallow permission to do so. Receiving a text message with a code is undoubtedly convenient, but less secure as these text messages can potentially be intercepted. The most secure option is to utilize Google’s Authenticator app, which is also simple to set up.

If your business uses Google’s solutions to power your business, MSPNetworks recommends that you implement these changes. Need help? Give our team a call at (516) 403-9001.

The new year is upon us and after the debacle that 2020 was, it is extremely welcome. If you are like us, you have a new set of goals that you’ve created for yourself and are probably looking to improve your professional and personal well-being. One way to do that is to ensure that your accounts are secure. Today, we will be going through how to update your password with Microsoft.

You may have heard that the U.S. Government just suffered from a massive cybersecurity breach from an attack that was perpetrated from overseas, and among the systems that were affected was Microsoft Office. Unfortunately, foreign hackers were actively monitoring email accounts between the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA). Fortunately, however, Microsoft, who is known for its active role in identifying and thwarting cybercrime, didn’t find any active vulnerabilities in their Office 365 applications or cloud services, but they did offer some suggestions, one of which was to do everything you can to protect your data.  

It is important to understand how to take action to ensure your organization—and your personal accounts—are secured properly. 

What You Need to Know About Your Microsoft Account Security

If you actively utilize Office 365, or any other Microsoft product, you need to know a breach would affect you. For your typical user account, their Windows 10 license is tied to their Microsoft account, and if you have Office 365 or use any other Microsoft applications or services, they are covered by those credentials as well. Here is a list of the application titles you need to concern yourself with when considering your Microsoft account security:

• Windows
• Outlook
• Office
• Skype
• OneDrive
• Xbox Live
• Bing
• Microsoft Store
• MSN

Here’s How to Update Your Microsoft Password

To Microsoft’s credit, they make it extremely easy to change your password. Here are the steps:

1. Visit https://account.microsoft.com/
2. Click Sign In on the top right, if you aren’t already signed in. If you are already signed in, the page will display your name with options about your subscriptions and other services. Once you sign in with your email and password, you’ll be taken to this page.
3. Towards the top of the page, on the right-hand side, you’ll see an option that says Change Password. Click it.
4. If you have Two-step verification enabled, it will walk you through verifying your account with a text, an email, or using the Microsoft Authenticator app. If you don’t have that set up, don’t worry, we’re going to get you set up after you change your password.
5. Once prompted, enter your current password, and then come up with a brand new password.

CRUCIAL ADVICE: You never want to use the same password on multiple accounts. Every password you make should be unique, complex, and lack any personally identifiable information (such as your date of birth or your address). Really random works best, but we know it is difficult to remember random passwords. Make sure that your password is something that nobody could guess with variance in case, numbers, and symbols. The more complex your password is, the more secure your accounts are going to be.

One feature Microsoft offers when setting up your credentials is a checkbox that will require you to change your password every 72 days. It really works to secure your account. You might think it’s unnecessary, but consider how much of your personal information is tied up in your relationship with Microsoft. Check it and keep active on protecting your data and account security.

One Last Thing

One thing you should consider when changing your password is to set up Two-step Verification. Click that too. If you are using a Microsoft 365 account through work, you may need your administrator to turn it on and give you further instructions. Give us a ring if you need help.

All you will need to do is follow the on-screen instructions. If you do not already have an authenticator app on your smartphone (like Google Authenticator, Lastpass Authenticator, Duo Mobile, Authy, etc.) Microsoft has a tutorial to help you set up Microsoft Authenticator. If you prefer to use one of the other apps, set it up with your preferred app.

Two-factor verification will require you to use the Authenticator app to log into your Microsoft account on a new device, or make major changes to your Microsoft account (like updating a new password). It won’t require you to use the app every time you want to use Word or Outlook, but it is a good practice to use to ensure you are doing all you can to protect your account and data. 

Keeping your Microsoft account secure isn’t hard, but it is extremely important. If you need help or would like to talk to one of our certified technicians about setting Microsoft products up for your whole business, give us a call at (516) 403-9001 today.

Your business’ security largely depends on how secure the passwords are that keep your resources from being accessed without authorization. Despite this, many users—perhaps even you—frequently sacrifice sufficient security measures in favor of the simple and convenient route, cutting corners when coming up with their passwords. Let’s try and remedy this by reviewing a few practices that can help make a password more effective.

What Threats are There to Passwords?

A password can be undermined in one of two different ways, generally speaking:

Digging into your online life or resorting to trickery, a “bad actor” (as they are sometimes called) figures out your password or how they can fool you into handing it over. Alternatively, the bad actor might phish you or infect your computer to crack the password.

As a result, you need to figure out how to make your passwords effectively guess-proof, while still being able to recall them as you need them. These principles should ultimately pertain to any passwords associated with your business—including the ones your staff members rely on.

The Balance Between a Strong Password and a Memorable Password

Whether you’re designing a password policy for your company members to follow, or simply creating a new account of your own, there are two important considerations to keep in mind.

• If a hacker can’t guess/crack a password, they will likely resort to a brute force method—simply trying every combination possible until they eventually get a hit.
• The security of a password and its resilience against brute force attacks aren’t the same.

It is important that both of these aspects are taken into serious account as you come up with your passwords.

How to Optimize Your Password Security

There are a few widely accepted best practices when it comes to what makes a good password:

• It is sufficiently long, ideally stretching over 16 characters
• These characters include non-consecutive numbers, letters, and symbols
• The password contains no common words or numbers, private information, or any publicly accessible details

It is also important that your considerations involve the aforementioned tools that cybercriminals use to break password protections. This is where we must account for the complexity of your passwords.

Did you know that about 40 percent of passwords only contain lowercase letters? Well, cybercriminals certainly know, and will certainly try to save time by only trying lowercase letters in their initial brute force attacks. Even one extra variable can significantly increase the password’s security, making it harder and more time-consuming for the hacker, and possibly convincing them that the effort isn’t worth it.

However, you also need a password that is memorable enough for you to be able to use it. The most secure password in the world is no good to you if you can’t commit it to memory, to the letter (or number or symbol).

This has recently led to the idea that a password composed of a few random words, randomized further with alphanumeric substitution and capitalization, padded with repeating symbols on either side, is the most secure option.

Think about it—like we said, each variable makes the hacker’s job that much more challenging and can help slow down any automated attempts long enough for the hacker to abandon them.

With all this in mind, it makes sense to create passwords that ultimately look something like this:

====p33k,,,@ss0c!@t3d,,,p0ck3t====

Not only is this password effectively impossible to guess, but it also has plenty of characters and—while designed to be somewhat simple to memorize, is still plenty resistant to brute force methods. Just make sure you come up with your own, instead of copying this one.

Remembering These Passwords

Admittedly, a password like this is a lot to remember on its own, so the thought of remembering a different one for each account (in keeping with best practices) can be daunting for most. Fortunately, a password manager can simplify this considerably.

A password manager is basically just a piece of software that safely and securely stores your passwords away for you, accessible to you behind a single master password. That way, your passwords could be totally secure and unique without forcing you to remember them all.

From your passwords and access management to every other aspect of your business’ IT security and productivity, MSPNetworks is here to help. Learn more about what we can offer by calling (516) 403-9001 today.

The funny thing about some documents is how the data written on them can strongly influence how important they are. If, for instance, there were two pieces of paper on a table, there is objectively no difference between the two, and so they are objectively equivalent in value.

When Documents Aren’t All Created Equally
However, if one sheet has a picture of a cat on it, and the other one has the coordinates to the lost city of El Dorado, one page suddenly has considerably more value than the other. This happens all the time with documents in a business setting, and depending on the business, many of these documents can be basic text files. With the popularity of the Microsoft Office software titles, there’s also a fair chance that the go-to word processing software in your office is Microsoft Word.

Microsoft Word offers many business-friendly features that many of its users don’t know about - including the capability to protect a document with a password. This allows a document’s creator to restrict access to only those other users who need to have this kind of access for review or collaboration purposes. Doing so is relatively simple:

Adding a Password

• In the File tab, select Info
• Select the Protect Document button and find Encrypt with Password in the drop-down options. You will be presented with the Encrypt dialog box.
• In the provided space, enter the password you want to use. These passwords are case-sensitive and cannot be recovered if forgotten. Keep this in mind before resorting to this option. Once you’ve settled on a password, click OK, confirm your password by typing it again, and click OK again.

Just like that, your Word document will require that password before it can be viewed. This process works whether you’re using Microsoft Word 2016 or Microsoft Office 365.

If you ever need to remove the password from this file, you will actually follow the same steps until you reach the Encrypt dialog box. You should see the password you chose in the provided space. Delete it and press OK.

Your document should now again be available for hypothetically anyone to access, assuming that they have the ability and authorization to do so. For more tips, subscribe to this blog, and for more solutions to assist your security and operations, reach out to MSPNetworks directly at (516) 403-9001.