Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for password protection

Would you like some Salt on your Hash?

Salted Hash – The one-way encryption for password security.

Hash the passwordsOk, I’m not talking about that potato hash you love with your eggs.  I am talking about the encryption hash that needs to be used to safeguard computer data files like passwords.

 A hash is an encryption algorithm that takes any size block of data (called the “message”) and then calculates and assigns it a fixed size valuation (called the “hash value”).  For example, hashing of the word “Password” might generate the valuation “15c626b06ae6624f47404d0728”.  Every time the same hash is run through the same message the same valuation will be calculated.  This is a great way verify that no changes occurred in the message during access or transmission since even the smallest change will generate a completely different hash value.

What also makes hashing so popular in computer security is that it’s a one way encryption; meaning that the hash value calculated cannot be reversed to recreate the original message. 

More and more password data files are no longer storing user passwords in cleartext.  That’s because if a massive security breach occurs then all the cleartext password files would be compromised.  Hashing the passwords and storing only the value greatly reduces the danger.  Note I said reduces, not eliminates the danger.  That where a little salt is added for flavor. Read More→

Large Password and User Names Heist

8.24 Million Passwords and User Names stolen and posted by hackers.

Data SecurityIf you use the online gaming site Gamigo, if your user name was your email address and you use the same password elsewhere then you need to be very, very concerned.  Cyber criminals will now start scouring the important networks and sites with your user name and passwords to your steal money, buy goods and change your settings.

While security pundits will tell you that you need strong passwords, every site should have different passwords and change passwords periodically, I’m going to tell you a few things they typically don’t.

  1. Get a secure password manager solution so you don’t have to remember or type passwords again. Not all password managers are secure.
  2. Don’t make your user name your email address and have bogus emails if the site requires one.
  3. Don’t use the same user name everywhere either. Make it gibberish too.
  4. Many of the little tricks about remembering passwords are stupid and don’t work. They are designed only to make you think you have security.
  5. Don’t save passwords in your browser. Read More→

The Difference Between Anti-Virus and MalWare

The Difference Between Anti-Virus and MalWare by Dovell BonnettWith all the cyber attacks reported in the news and with the increase in email SPAM with malware attachments, company CEO’s are asking me about their protection strategies. When I start discussing anti-virus and anti-malware software, I often get the same response, “Aren’t they the same thing”?  They are not and that prompted me to write this report on the differences as well as some actionable tips and strategies to consider.

First, let’s get some understanding as to the differences between malware, viruses and some of the other attack terms used in the industry. Some you are undoubtedly very familiar with, while others may be fairly new. What they all have in common however, is that they are designed to do maximum damage by disrupting computers and stealing vital information. Read More→

Bogus Purchase Receipts In Your Email Box

Bogus Purchase Receipts in Your Email Box by Dovell Bonnett | Access-Smart.comAs we do more online business and commerce, we expect to receive a receipt for our purchases: Amazon, iTunes, etc.

Online thieves and spammers know this too and they are spamming us with bogus receipts with a high dollar amount just to catch your attention. A key clue that it is a scam is when you move your mouse cursor over the link, if you don’t recognize the web address displayed then odds are it is a phishing email. Don’t fall for the scam and certainly don’t click on the links.

Here are some tips to protect you: Read More→