HOW TO: Protect Your Company’s Passwords


image

It’s almost impossible to understate the importance of having and using strong, secure online passwords. As important as it is for consumers to heed this advice, it can be even more important for businesses to use and secure the passwords of their various accounts. As tools like Firesheep
 have shown, gaining access to an email or Facebook
 account can be alarmingly simple.
Fortunately, there are tools and precautions companies can take that will help simplify the process of keeping passwords safe, Use Unique Generated Passwords for Different Accounts

No matter how often we’ve been warned, the reality is that most of us use the same password or group of passwords for all of our major accounts. At first, this doesn’t seem too bad especially if that password is a unique and long mix of numbers, letters and cases. The problem with using the same password or group of passwords, however, is that if one account is compromised, other accounts can follow.

This is especially true for users that associate an e-mail address with an account. When Gawker Media’s web servers were breached last year
, thousands of commenters had their usernames, passwords and e-mail addresses exposed. As a result, some of these users had their email, Facebook and Twitter
 accounts compromised as well.
For business accounts, using a separate, unique password for each major service and making sure that none of these passwords are the same as those associated with personal accounts is essential.
Good password management applications typically include a password generator, however, websites like Strong Password Generator are great in a pinch. Using more than 7 characters is a good idea, but be sure to check with your application or service for rules associated with the use of special characters.

Password Management Tools Are Your friend

One of the primary reasons individuals reuse the same passwords is because keeping track of 100 different logins is difficult, if not impossible. This is where password management applications become crucial, especially in a business environment.
In the past, I’ve written about password management apps for Mashable and here are a few of my favorites:

1Password

: 1Password is a solution for Mac OS X and Windows that allows users to not only store their passwords safely, but also access those passwords from within their web browser. That means that rather than relying on the built-in password manager, a user can use 1Password to fill in logins instead. These logins are protected by a master password, and Agile Web Solutions also makes an iPhone and Android app for accessing and securely logging into websites while on the go.
1Password starts at $39.95 for a single license and is $59.95 for a 5-user license.

LastPass

: LastPass is a cross-platform password manager that works with all major web browsers to securely store and generate passwords. LastPass also has an Enterprise option for businesses that includes support for applications as well as websites.
LastPass Premium is $12 a year for individuals and starts $24 a year for Enterprise customers.

Passpack

: Passpack is a tool designed for teams and businesses that want to make passwords accessible without making them insecure. What we like about Passpack is that it lets users store their personal and work-related passwords in one place, but then choose who has access to what passwords. Plus, Passpack makes sharing passwords secure and also makes it easy to update or change group passwords in bulk.
Passpack for departments and workgroups is $4 a month.

Use HTTPS Logins

Beyond just using unique, secure passwords and password management tools, it’s also important that businesses use secure logins, especially when accessing web services from outside of a corporate network.
In the last few months, a growing number of websites including Twitter, Facebook
,Gmail,Foursquare and HootSuite have started to implement HTTPS as a login option. Using HTTPS, logins are encrypted over the network. This means that even if the network itself is open, the password and username to your account isn’t visible to those sniffing the network.
Turning on HTTPS as a default login option in the web services that support it is a good idea for all users, but it makes even better sense in a corporate context.
Feel free to share your password protection tips in the comments.

Watch Out – Firefox Malware Puts Passwords at Risk


 

Mozilla Firefox Icon

Image via Wikipedia

 

It is always tempting to say ‘yes’ when a browser asks if you want your password saving, even though this means it can be stolen by a Trojan if your computer becomes infected.

However, malware is now affecting Firefox which forces the browser to save passwords even when the user chooses not to do so. …. more

Microsoft Exposes a New Kind of Browser Attack.


Internet Explorer Mobile Logo

Image via Wikipedia

Microsoft has released a warning about a new kind of browser-based attack.

The attack mimics genuine pages generated by Internet Explorer, Firefox and Chrome and fools users into installing a fake anti-virus software.

Users that visit a compromised website, are presented with a genuine looking pop-up on their web browser, with an bogus alert that their security defences have failed and they need to install the an anti-virus software to contain the virus.