Food, Water, Shelter…Password Manager!

Posted by Posted on by
0

Password managers are becoming indispensable; Whoever you are, whatever you do, password managers can make your job simpler!


blog54

Rich or poor, educated or illiterate, everyone needs a warm meal to relish, clean water to drink and a roof over their heads. These are conventional necessities of life, without which survival becomes a struggle. Beyond the basic necessities, human beings crave for safety and security.

In this hi-tech era, of all the security needs, information security has emerged as the most important need. Everyone now requires a safe, secure place to store all their login credentials, passcodes, and other peculiar series of letters and symbols that criminal minds are so intent to lay their hands on. With our real and virtual IT assets growing every instant, password management is becoming an essential security measure every individual needs to follow to keep cyber-criminals at bay.

Read more

Password reuse and vanishing flyer miles

Posted by Posted on by
2

By the time you read this post, there are chances that someone might be flying to their favorite destination or upgrading to first class at your cost. During the past couple of weeks, a handful of frequent flyers in the United States have faced this mystery – flyer miles disappearing from their accounts. password-reuse

Cyber-criminals have apparently succeeded in accessing the frequent flyer program accounts of some of the customers of American Airlines ( AAdvantage) and United Airlines (MileagePlus) and steal the miles. They have exploited the stolen miles for free trips and upgrades.

Media reports, quoting research firms claim that nearly three dozen user accounts have been compromised in United Airlines. In the case of American Airlines, about 10,000 accounts were ‘affected’. The airlines have started announcing compensatory measures such as restoring lost miles and one year credit-watch service.

Read more

The Heartbleed Bug and Password Reuse, Recipe for Disaster

Posted by Posted on by
0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you have the habit of using the same password everywhere, you are at risk for identity theft and a breach in post Heartbleed scenario.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The ‘Heartbleed bug* is perhaps the hottest topic in all types of media – print, electronic, social, and others. This serious flaw in OpenSSL’s TLS implementation is perhaps the biggest vulnerability in Internet history and has sent panic waves throughout IT and consumer communities alike.

During the past few days, you have probably come across information about the Heartbleed bug many times and been swamped by vendor advisories prompting you to change your passwords. The Heartbleed bug had been around for nearly two years unidentified, and it is not immediately known if the bug had been exploited against any web application anywhere. So as a precautionary measure, vendors are suggesting you reset your passwords after patching their applications and fixing the vulnerability.

Heartbleed bug and password reuse 

heartbleed-bug

When you receive an advisory on the Heartbleed bug from a software application provider, you’re likely to promptly change the password in that application or site and feel secure. But the harsh truth is that your entire online life could be at risk. This is because most of us tend to use the same password on all websites and applications.

So if a hacker succeeded in cracking your password exploiting the Heartbleed vulnerability in one site or application, the hacker actually obtained the ‘master key’ to access all your accounts – even those that are not vulnerable to Heartbleed. Read more

Identity thefts through social media platforms: Is your password secure?

Posted by Posted on by
1

Social media platforms are fast emerging as the most convenient platforms for malware delivery. To combat cyber threats, proper password management should ideally become a way of life.

Over 13 per cent of the world population is on social network and the number keeps growing exponentially. Those who do not own an account in Facebook or Twitter are now being viewed as those living in prehistoric times.

password-reuse

No doubt, social media is wonderful in helping you stay connected with friends, but the sheer popularity of social media attracts the attention of cyber-criminals looking for ways to harvest identities. Recent surveys by IT security analysts clearly indicate that social media is fast emerging the most convenient platform for malware delivery by hackers. Clickjacking, phishing, identity sniffing are all continuing unabated and are growing at a faster pace. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to attacks perpetrated through the social media. Read more

Introducing New Features in Zoho Vault: Powerful Password Sharing, Wider Storing

Posted by Posted on by
1
Ever since we launched Zoho Vault, an online password manager for teams, we have been receiving constant feedback from our customers – appreciations, concerns, comments, pain-points and constructive criticisms. We are giving sincere attention to all the feedback. We have now given shape to some of the feature requests and here is the summary of recent enhancements:

Securely store and share files, documents

store-files
You can securely store not just passwords, but also documents, files, images, digital certificates and licenses in Zoho Vault. Files can be stored as individual entities or along with secrets. You can add multiple files with a single secret and retrieve them from anywhere, even through your mobile devices. The file attachments are also treated like passwords – they can be shared with users and user groups and are encrypted in your browser itself. The encryption key is never stored anywhere. So, complete data privacy is ensured.

Read more

Petition against them, hate them, or wish them dead; passwords are here to stay for long!

Posted by Posted on by
5

In the last two weeks, the Petition Against Passwords movement launched by a group of US-based companies that sell password-less technology has been gaining widespread media attention across the world. Their mission is to collect every frustrated yell at forgotten passwords and make sure the organizations responsible hear them.

In the RSA conference in San Francisco early this year, James DeLuccia’s Passwords are dead created quite a buzz. At the conference, Zoho’s sister division ManageEngine demonstrated its Enterprise Password Management Solution, Password Manager Pro, and almost all the  visitors to our stand quipped: “They are talking about the death of passwords and you are demonstrating password management!

death-of-passwordsSo, we hear the vox populi loud and clear: Clearly, people are fed up with passwords. With the proliferation of online applications, a variety of passwords occupy each aspect of our life. Remembering dozens of passwords is impossible; storing them only invites trouble and managing them manually is a pain. With high-profile security breaches involving stolen online identities, all of us want to be rid of passwords. So, when someone talks about replacing  passwords, it’s only natural for people to get interested.

But, the million-dollar question is: Do we have viable alternatives if the passwords die finally?

Before going any further, here is some history on ‘death of passwords':

For over a decade now, people have been discussing the death of passwords. In the same RSA conference in 2004, Bill Gates, the Chairman of Microsoft predicted the death of passwords. In 2006, he said that the end to passwords was at sight. Not just Bill Gates, but many other luminaries and industry analysts have been predicting the death of passwords.

However, in reality, the predictions haven’t yet materialized. Passwords are still the most prominent method of authentication till date. Alternatives to passwords, such as biometric authentication, iris authentication, facial  authentication, various forms of multi-factor authentications, and even  authentication through items like watches, jewellery, and  electronic tattoos, are all being discussed. Active research is also on to formulate better alternatives.

However, none of the alternative approaches have been viable for various reasons. Firstly,  passwords are very easy to create and are absolutely free.  Whereas, the alternate models are mostly expensive, require  additional hardware  components, are difficult to integrate with the  existing environment, and are not easy to use.

Interestingly, some of these alternative authentication methods have been cracked  even before they could be adopted widely.  Few years ago, a group  of researchers hacked faces in biometric facial authentication systems by using phony photos of legitimate users.

As  on date, a viable replacement for traditional passwords is not in sight! We may get one in the future, though. But, it will require considerable time for the new mechanism to be accepted and adopted. That means, traditional passwords are not going to die anytime soon; they are going to be around for  a while.

Passwords are not the problem; their management is

While raising our voices against passwords, we overlook the actual problem, which is poor password management. Due to the inability to remember passwords, users tend to use and reuse simple passwords everywhere. Users store passwords in text files and post-it notes; share credentials  among the team members; and pass them over emails or by word of mouth. Real access controls do not exist and passwords of sensitive resources and  applications remain unchanged for ages. Such bad password management practices invite security issues and other problems.

Use a password manager

While  the research to find an alternative to passwords continues, it would be prudent to deploy a password manager to safeguard your data. With a password manager, you can secure all your passwords in a  centralized repository; use strong, unique passwords without worrying about remembering them; automate and enforce password management best practices; control access to resources and applications; keep track of activities; and do much more.

If you are wondering which password manager to use, take a look at Zoho Vault.

Passwords or Pulcinella’s Secrets?

Posted by Posted on by
0

What is the purpose of a password? If we pose this question to any group of users, we will get a variety of responses. In simple terms, the purpose of a password is to keep your data/information secure, secret and private. Essentially, passwords have to be kept secrets to serve the purpose. Ironically, due to lack of proper password management, we tend to make our passwords much like ‘Pulcinella’s Secrets’!

Yes, you read it right – Pulcinella’s Secrets! If you wonder whether you got the meaning correct, let me explain:

pulcinella-secrets

Pulcinella is an illustrious comic character in Commedia dell’Arte, a form of theater that
began in Italy in the mid-16th century. The very character of Pulcinella is his inability to keep secrets. Any confidential information conveyed to him would become an open secret in no time. The secret will reach far and wide, but everyone will pretend not to be knowing. In reality, Pulcinella’s secrets are not secrets at all.

Passwords in Text Files, Post-Its or Spreadsheets are Pulcinella’s Secrets, Literally!

With the proliferation of password protected online accounts and IT assets, businesses are drowning in a pile of passwords. But, many organizations and business establishments do not have any effective password management procedure in place at all. Employees adopt their own, haphazard way of maintaining the passwords. Following are some typical scenarios:

  • Sensitive passwords are stored in volatile sources such as text files, spread sheets, post-its and the like
  • Many copies of the passwords are circulated among the people who require them for their job functions. There is generally no trace on ‘who’ accessed ‘what’ passwords and ‘when’. This creates lack of accountability for actions
  • When one user changes a password, it should be updated in all the ‘copies’; otherwise, at the most needed time, one would be trying to login with an outdated or old password. As a result, the passwords mostly remain unchanged for ages for fear of inviting such lockout issues
  • There is rarely any internal control on password access or usage in many organizations. Users freely get access to the passwords
  • When other members of the organization require access to an online application / an online account, passwords are generally transmitted over word of mouth
  • If an employee leaves the organization, it is quite possible that he/she may be getting out with a copy of all the passwords

So, if you follow the traditional style of storing the business passwords as described above, your passwords would have probably turned Pulcinella’s Secrets! Many in your organization might be accessing the passwords, while you would be thinking otherwise. Obviously, this practice leaves the organizations open to security attacks and identity thefts.

Deploying a Password Manager – The Best Practice Approach

One of the effective ways to keep your passwords secure (and really secrets) is to store them in a central, secure, digital vault and automate password management tasks. Deploying a password manager like Zoho Vault can help you in taking total control of your passwords. You can store all your online identities – passwords of web applications, PINs, registration numbers, access codes, bank account details – anything sensitive or confidential in the online vault and access them from anywhere. Password changes can be updated at the central vault.

You can selectively share common passwords on need basis among the members of your organization with fine-grained access privileges. Your users will get access only to the required passwords, not all. You will also get comprehensive audit trails on ‘who’ accessed ‘what’ passwords and easily trace activities to individuals. You can completely eliminate the insecure, cumbersome practice of storing passwords in volatile sources like post-its, text files, print-outs and spreadsheets. Try Zoho Vault, now!