“Collection #1” Data breach lists 773 million accounts online

“Collection #1” Data breach lists 773 million accounts online

Collection #1

Barely a day goes by without news of another data breach or new security issue. But late last week security researcher Troy Hunt announced the discovery of what is possibly the largest data breach ever. Known as Collection#1, the data breach contains approximately 773 million accounts online from multiple sources.

Collection #1 is a large collection of email addresses and passwords which was made available on a public hacking forum. It appears to consist of multiple breaches across several websites.

Since the original announcement by Hunt, it is further now understood Collection#1 is just one of seven collections, so it is likely that the number of breached accounts is likely to increase dramatically when the remaining collections become public.

The recommendations made are always:

  • Set strong passwords and don’t use the same passwords on multiple websites.
  • Change passwords where you may have used the same username and password.
  • Set up multi-factor authentication on your accounts to ensure that you require a secure code as well as your password.

We strongly suggest everyone review their accounts on the Have I Been Pawned? website (link opens in new window) to see if you have any vulnerable accounts. You can also check your password to see if it on any known exposure.

If we can be of any assistance to you in implementing these recommendations, or would like any further advice on cyber security, please let us know.

Five recommendations for password protection

Five recommendations for password protection

Passwords

May the fourth be with you! Today is 4 May, also known World Password Day. How do you record your passwords? Do you save them in your computer browser’s history or in sticky notes on your computer? Have you considered using a program to help you manage these?

Personally, we have over 500 passwords to manage, let along the number we manage on behalf of our clients for their servers, computers and websites. We strongly suggest a good password policy is put in place in all organisations and provide the following recommendations:

  1. Set strong passwords and use different passwords for different accounts. If this is too difficult, use different passwords for different groups of services. We don’t believe it is practical to have different passwords for every account you may have (unless it is financial or business critical)
  2. Change your passwords regularly, at every three months. Some services require you to change your password more or less often, however the more often you change your password the less chance of it getting into the wrong hands!
  3. Select ‘no’ when the computer offers to automatically remember your password. These can be accessed by password viewer that can scan and access passwords saved in your computer’s memory.
  4. Make the password complicated and not a word that can be found in the dictionary or easily guessed. Depending the service you are setting it for, the password may require more complicated, but at least choose a password that contains:
    • At least eight characters
    • Upper and lowercase letters
    • At least one number and symbol
      You can make a sentence and use the first letter of each word changing some of the letters to symbols and other characters. For example, “The Brisbane Broncos will win in 2017!” becomes TBBwwi2017!.
  5. Use a password-protected document or spreadsheet, or a program such as 1Password, LastPass or KeePass. If you have a list of passwords on your computer make sure you encrypt it. If you do decide to keep a printed copy or a password somewhere, this should be kept securely in a safe place.

As the number of devices in own possession grows and number of websites increases, so will the need to effectively manage our passwords. We trust these tips help you manage your passwords. If we can be of any assistance, please feel free to contact us for further advice.

Password expiry for Office 365 – don’t leave it until the last minute!

Password expiry for Office 365 – don’t leave it until the last minute!

Password expiry for Office 365 – don’t leave it until the last minute!

One of the key security elements in Office 365 is the requirement by default to reset your password every 90 days. Whilst the expiry period can be changed, having to regularly change your password ensures your account remains secure and reduces the risk of the password being found and your account accessed.

Notification of password resets usually begins around 10 days prior, however depending on the device you are accessing your email on, this notification may not appear until later, or not at all. You can reset your password once it has expired, but your email will stop working until the password has been changed and account details updated, so it is best to change it when you can rather than needing to do this.

Therefore, we strongly suggest you don’t leave changing your password to the last minute. We suggest that it may be worthwhile having a recurring appointment every two months to reset your password.  Once you have changed your password you will need to update any device which is using this (such as your computer, tablet and mobile phone).

To change your password, please follow the steps below:

  1. Login to the Office 365 Portal.
  2. Click Settings (the cogwheel located on the top right-hand side of the screen), then click the Password option.
  3. Enter your old password, then your new password twice.

Within a few minutes, you will be prompted to update your password on your email program and devices. Enter your new password in these devices and you’re done!

Microsoft have determined the following requirements for strong passwords on Office 365:

  • The password needs to have at least 8-16 characters.
  • Don’t include common words or names.
  • Combine uppercase and lowercase letters, numbers and symbols.

CyberGuru provides Office 365 consulting, support and training to small businesses, not-for-profit organisations and individuals of all sizes and industries. If you need a hand and would like us to assist you with Office 365, please contact us today.