Mitro is Shutting Down: Switch to Zoho Vault For Free in a Single Click

Posted by Posted on by
0

Mitro, the open source password manager for individuals and teams, is shutting down on Aug 31, 2015. If you are a Mitro user, you might feel sad to see it go. But you don’t have a choice to keep it alive. Mitro will soon be gone and it’s time for you to move on.

If you are wondering where to move on to, try Zoho Vault:

Zoho Vault, is an online password manager that comes with an extremely easy-to-use interface, advanced team sharing features, cross-platform support, rock-solid security and complete data privacy.

Mitro got off to a flying start but …

Here is the backstory of this poignant moment. Though the shutdown announcement came only a couple of days ago, Mitro had been showing signs of trouble for quite some time. Launched in 2013, Mitro had the backing of institutional investors including Google ventures and Angel investors. Exactly a year ago, Twitter acquired Mitro. Despite the strong backing, there were no major updates or changes to the product during the past year.

We respect Mitro for what they have delivered so far. Mitro enjoyed a great start and delivered a nice product – a little password manager. In the process, got acquired by Twitter and lost steam thereafter. A victim of cloud consolidation? Or yet another case of acquisition failure?

On the other hand, Zoho Vault, which was launched during the same time as Mitro, has been going strong with great feature additions and product upgrades. Today, Zoho Vault, an integral part of the Zoho suite of deeply integrated products, is trusted by thousands of customers – individuals and organizations – across the globe. Zoho suite has been in the market for the past ten years and commands the trust of more than 13 million users.

Whatever be the cause for Mitro’s shutting down, we can assure you one thing: With us, you will not face acquisition fall outs. Private and bootstrapped since our founding – we don’t answer to anyone but you. We never will. We’re here for you, for the long haul.

Switching to Zoho Vault is free, fast, and easy

If you are an individual

Go ahead and sign up directly. You will be enrolled into a 15-day trial. At the end of the trial, your account will be automatically converted to the FREE plan that is valid forever.

If you are a member of an organization

Go ahead and sign up for an account directly. You will be enrolled into a 15-day trial. Then, fill this online form providing proof of your Mitro usage. You may attach a screen capture of the Mitro shutdown announcement email that was sent to you. Once we receive the screen capture, we will enable a one-year, professional subscription license absolutely FREE of cost.

Porting data

We have provided an easy option to quickly import your data from Mitro. Export your data from Mitro as a CSV file. Log in to Zoho Vault, navigate to “Tools,” click “Import,” and select the option “Mitro CSV File” in the drop-down. Your passwords will be imported to Zoho Vault.

If you need any assistance, write to us at (support) (at) (zohovault) (dot) (com).

Bala
Zoho Vault – Online Password Manager for Teams

The Heartbleed Bug and Password Reuse, Recipe for Disaster

Posted by Posted on by
0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you have the habit of using the same password everywhere, you are at risk for identity theft and a breach in post Heartbleed scenario.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The ‘Heartbleed bug* is perhaps the hottest topic in all types of media – print, electronic, social, and others. This serious flaw in OpenSSL’s TLS implementation is perhaps the biggest vulnerability in Internet history and has sent panic waves throughout IT and consumer communities alike.

During the past few days, you have probably come across information about the Heartbleed bug many times and been swamped by vendor advisories prompting you to change your passwords. The Heartbleed bug had been around for nearly two years unidentified, and it is not immediately known if the bug had been exploited against any web application anywhere. So as a precautionary measure, vendors are suggesting you reset your passwords after patching their applications and fixing the vulnerability.

Heartbleed bug and password reuse 

heartbleed-bug

When you receive an advisory on the Heartbleed bug from a software application provider, you’re likely to promptly change the password in that application or site and feel secure. But the harsh truth is that your entire online life could be at risk. This is because most of us tend to use the same password on all websites and applications.

So if a hacker succeeded in cracking your password exploiting the Heartbleed vulnerability in one site or application, the hacker actually obtained the ‘master key’ to access all your accounts – even those that are not vulnerable to Heartbleed. Read more

Identity thefts through social media platforms: Is your password secure?

Posted by Posted on by
1

Social media platforms are fast emerging as the most convenient platforms for malware delivery. To combat cyber threats, proper password management should ideally become a way of life.

Over 13 per cent of the world population is on social network and the number keeps growing exponentially. Those who do not own an account in Facebook or Twitter are now being viewed as those living in prehistoric times.

password-reuse

No doubt, social media is wonderful in helping you stay connected with friends, but the sheer popularity of social media attracts the attention of cyber-criminals looking for ways to harvest identities. Recent surveys by IT security analysts clearly indicate that social media is fast emerging the most convenient platform for malware delivery by hackers. Clickjacking, phishing, identity sniffing are all continuing unabated and are growing at a faster pace. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to attacks perpetrated through the social media. Read more

Introducing New Features in Zoho Vault: Powerful Password Sharing, Wider Storing

Posted by Posted on by
1
Ever since we launched Zoho Vault, an online password manager for teams, we have been receiving constant feedback from our customers – appreciations, concerns, comments, pain-points and constructive criticisms. We are giving sincere attention to all the feedback. We have now given shape to some of the feature requests and here is the summary of recent enhancements:

Securely store and share files, documents

store-files
You can securely store not just passwords, but also documents, files, images, digital certificates and licenses in Zoho Vault. Files can be stored as individual entities or along with secrets. You can add multiple files with a single secret and retrieve them from anywhere, even through your mobile devices. The file attachments are also treated like passwords – they can be shared with users and user groups and are encrypted in your browser itself. The encryption key is never stored anywhere. So, complete data privacy is ensured.

Read more

Announcing Two Factor Authentication for Better Security

Posted by Posted on by
3

With over 8 Million users working online on our services, ensuring information security is an important priority for us. Your Zoho.com account is the entry point for a bunch of collaboration, productivity and business apps from Zoho that not only help run your business, but also hold your data. Obviously, you would want to keep that entry point safe.

zoho-two-factor-authentication1

Keeping this in mind, we have added support for two step authentication to get into your Zoho account. In this age of phishing attacks and identity thefts, relying on login password alone does not guarantee security. No matter how strong or complex your primary password might be, your account stands the risk of a breach if your password happens to fall into the wrong hands.

Two Factor Authentication (TFA) provides an additional layer of security around your account. As it requires two successive factors – ‘something you know’ (your password) and ‘something you have access to’ (your mobile phone, for example), it helps greatly reduce account compromises due to phishing attacks and other online frauds.

Once TFA is enabled, you need to first login to your Zoho account with usual credentials. You will then receive a uniquely generated verification code to your phone either as a voice call or as an SMS text, which you should attend/enter to complete the login process. Alternatively, you can use the Google Authenticator app on your smart phones to generate the second factor code.

Immediately available 

TFA is immediately available to all the users of Zoho and setting it up is quite straightforward. Access https://accounts.zoho.com/ and navigate to ‘Two Factor Authentication’ section and then follow the instructions available to carry out the set up process. If your Zoho account is part of ‘Zoho Business Organization’, the TFA can  be enforced / controlled only by the organization administrator.

Optional, but highly recommended 

Two Factor Authentication is completely optional. But, from security standpoint it is highly recommended. Security benefits of TFA far outweigh the minor inconvenience of having to authenticate through two successive stages.

Read more

Password Sharing Gone Wrong: How You Can Safeguard Your Business from a Snowden Security Breach

Posted by Posted on by
0

Edward_Snowden-2

When Edward Snowden, the former NSA Contractor started disclosing the classified details of several top secret surveillance programs of the US intelligence agencies during June this year, all were wondering how he gained access to those highly confidential information.

Five months later, an exclusive report in the Reuters now reveals that Snowden has used perhaps the easiest possible way to gain unauthorized access to the secrets. Misusing his position as a system administrator, he had reportedly persuaded nearly 20 of his colleagues to share their login credentials with him in the pretext of doing his job. They had unwittingly provided him the credentials, which led to the worst breach of information security in NSA’s history. They thought they were giving out the credentials to a trusted insider unaware of Snowden’s real intent.

This report reminded me of a funny campaign titled “Passwords are like underwear” ran by the Information Technology Central Services at the University of Michigan a few years back to create awareness on protecting passwords.

True, passwords are like underwear – obviously not meant to be shared with others. Unfortunately, practical needs are mostly the opposite. Business requirements demand selective sharing of passwords with others. In most of the organizations, users often tend to reveal administrative passwords of sensitive IT resources to their colleagues for some reason or other.

Read more

Petition against them, hate them, or wish them dead; passwords are here to stay for long!

Posted by Posted on by
5

In the last two weeks, the Petition Against Passwords movement launched by a group of US-based companies that sell password-less technology has been gaining widespread media attention across the world. Their mission is to collect every frustrated yell at forgotten passwords and make sure the organizations responsible hear them.

In the RSA conference in San Francisco early this year, James DeLuccia’s Passwords are dead created quite a buzz. At the conference, Zoho’s sister division ManageEngine demonstrated its Enterprise Password Management Solution, Password Manager Pro, and almost all the  visitors to our stand quipped: “They are talking about the death of passwords and you are demonstrating password management!

death-of-passwordsSo, we hear the vox populi loud and clear: Clearly, people are fed up with passwords. With the proliferation of online applications, a variety of passwords occupy each aspect of our life. Remembering dozens of passwords is impossible; storing them only invites trouble and managing them manually is a pain. With high-profile security breaches involving stolen online identities, all of us want to be rid of passwords. So, when someone talks about replacing  passwords, it’s only natural for people to get interested.

But, the million-dollar question is: Do we have viable alternatives if the passwords die finally?

Before going any further, here is some history on ‘death of passwords’:

For over a decade now, people have been discussing the death of passwords. In the same RSA conference in 2004, Bill Gates, the Chairman of Microsoft predicted the death of passwords. In 2006, he said that the end to passwords was at sight. Not just Bill Gates, but many other luminaries and industry analysts have been predicting the death of passwords.

However, in reality, the predictions haven’t yet materialized. Passwords are still the most prominent method of authentication till date. Alternatives to passwords, such as biometric authentication, iris authentication, facial  authentication, various forms of multi-factor authentications, and even  authentication through items like watches, jewellery, and  electronic tattoos, are all being discussed. Active research is also on to formulate better alternatives.

However, none of the alternative approaches have been viable for various reasons. Firstly,  passwords are very easy to create and are absolutely free.  Whereas, the alternate models are mostly expensive, require  additional hardware  components, are difficult to integrate with the  existing environment, and are not easy to use.

Interestingly, some of these alternative authentication methods have been cracked  even before they could be adopted widely.  Few years ago, a group  of researchers hacked faces in biometric facial authentication systems by using phony photos of legitimate users.

As  on date, a viable replacement for traditional passwords is not in sight! We may get one in the future, though. But, it will require considerable time for the new mechanism to be accepted and adopted. That means, traditional passwords are not going to die anytime soon; they are going to be around for  a while.

Passwords are not the problem; their management is

While raising our voices against passwords, we overlook the actual problem, which is poor password management. Due to the inability to remember passwords, users tend to use and reuse simple passwords everywhere. Users store passwords in text files and post-it notes; share credentials  among the team members; and pass them over emails or by word of mouth. Real access controls do not exist and passwords of sensitive resources and  applications remain unchanged for ages. Such bad password management practices invite security issues and other problems.

Use a password manager

While  the research to find an alternative to passwords continues, it would be prudent to deploy a password manager to safeguard your data. With a password manager, you can secure all your passwords in a  centralized repository; use strong, unique passwords without worrying about remembering them; automate and enforce password management best practices; control access to resources and applications; keep track of activities; and do much more.

If you are wondering which password manager to use, take a look at Zoho Vault.