Managed IT Security & Support Services - Cybersecurity Consulting

Microsoft’s Latest Data on Hacks and Why You May Need New Logins & Passwords Fast

Written by Admin | December 9, 2022

You are not alone if you recently had a password compromised.

A rough estimate puts the number of password attacks at 921 every second. The most recent Microsoft Digital Defense Report states that this represents a 74% increase in only one year.

Microsoft and other major technology companies have been implementing adjustments for an online future that is less dependent on frail security measures and would rather the world of passwords be eliminated.

Through tools like Microsoft Authenticator and biometrics like fingerprint or facial recognition, Microsoft users may already securely access Windows, Xbox, and Microsoft 365 without requiring a password. However, a lot of individuals still use passwords and don't even employ the two-factor authentication that is now thought to be essential.

“As long as passwords are still part of the equation, they’re vulnerable,” Joy Chik, Microsoft’s vice president of identity, wrote in a September 2021 company blog post.

Here are six strategies for staying safe when it comes to logins and passwords.

Change identical user names and passwords fast, and first, on key accounts

Many people use the same username and password across many accounts for convenience, but doing so greatly increases their chance of having their information hacked. According to a Microsoft analysis, 20% of a sample of more than 39 million IoT and OT devices had the same identities and passwords.

If this describes you, now is the time to act. According to Chris Pierson, founder and CEO of BlackCloak, a cybersecurity firm that specializes in avoiding targeted assaults on company employees and leaders, start by concentrating on the largest dangers first: email, financial, health care, and social networking sites.

He compared telling someone to lose 50 pounds by jogging 20 miles a day and giving up sweets to telling someone who has multiple identical online logins and passwords to change them all at once. A 15-minute stroll around the block once a day and minor dietary adjustments might be more manageable starting points. The same is valid for password security, according to Pierson. "Avoid changing each and every password you use. Concentrate on the accounts with the greatest danger and damage.”

Use a password manager to encrypt your data

At RCS our security experts advise using a secure password manager like 1Password, LastPass, and KeePass to handle passwords easily and securely. The manager saves the other passwords in an encrypted manner so that the user only needs to remember one long, strong password. Additionally, password managers can be used to create strong, random passwords that are extremely challenging to decipher. According to Justin Cappos, an associate professor at the NYU Tandon School of Engineering whose research interests include cybersecurity and data privacy, password managers typically do a decent job of protecting customer data, even though it necessitates relying on a third party.

Choose strong passwords if you won’t use random generation

Even while using randomly generated passwords is recommended, not everyone enjoys doing so, so at the very least, be certain your login information is secure. For one account, you might, for instance, string together four random words like sun, water, computer, and chair. For a different account, you might use a different set of four words, according to Roy Zur, founder and CEO of cybersecurity training company ThriveDX Enterprise.

According to a website run by Security.org, which analyzes security technologies, using the phrase "moneycashcheckbank" as an example would take a computer around 23 million years to crack. According to the website, the password "jesus" could be cracked quickly, but the identical word with a capital "J" could only be done in 9 milliseconds.

Enable multi-factor authentication 

Some services, like Apple Pay, require this additional level of account protection. Multi-factor authentication is a useful security technique that is underused, according to security experts, even if a provider doesn't mandate its use.

Multi-factor authentication, which asks for two or more pieces of identification, is designed to make it more difficult for thieves to access your accounts. According to Zur, hackers aim for the weakest link, so you shouldn't be it.

When possible, Cappos advised using a hardware token like a YubiKey or an app like Google Authenticator in place of SMS for these purposes. SMS is susceptible to SIM swapping and other attacks, therefore this is the case.  “It’s not difficult for a motivated hacker to get around SMS,” he said.

Google Voice e-commerce scam shows why you should never share a password

According to the 2022 Business Impact Report from the Identity Theft Resource Center, this issue occurs far too frequently. When asked what led to an account takeover, 29% of businesses said that someone shared account information with a hacker posing as a potential client, supplier, or customer. In comparison, 45% of businesses said that someone clicked on a phishing link or shared account information with someone they thought was a friend.

“Passwords are similar to gum. People shouldn't share,” according to Cappos.

Eva Velasquez, president and CEO of the Identity Theft Resource Center, advised avoiding sharing a one-time code, even if thieves make their justification appear plausible.

Using interested buyers as a ruse on internet marketplaces is one scam that is becoming more and more popular. In many cases, they instruct a seller to read off a one-time code that the buyer purportedly received, with the stated goal of "verifying the seller's identity and legitimacy," which lures in victims, according to Velasquez. In actuality, it's a method for hackers to link the seller's phone number to a Google Voice account. This enables con artists to carry out additional fraud using an anonymous Google Voice number, according to her. The fraud has become so widespread that ITRC made a video explaining how impacted customers can get their numbers back.

Apple or Microsoft contact you? It probably wasn’t them

People are prone to falling for tech support scams based on computer pop-ups or phone calls, in addition to having their passwords or other personal information exposed by clicking on what appear to be legitimate links in their email, messages, or social media. Hackers may pose as representatives of renowned businesses like Apple or Microsoft and offer assistance with a security issue they claim to have found. Customers are tricked into giving unauthorized access to their computers, which opens the door for fraudsters to steal their passwords and other personal information or demand money for fictitious services, according to Pierson.

Keep in mind that legitimate businesses don't randomly approach customers and offer assistance with computer-related problems. Consumers, according to Pierson, should avoid interacting with strangers who approach them, especially if their claims cannot be independently verified. “Googling a phone number is simply not something that we would advise either,” he said.

 

 

For more information on optimizing your IT, securing your network, or setting up a password manager, contact RCS Professional Services to speak with an IT professional or visit our website www.rcsprofessional.com. You can also visit our youtube channel to view our past live stream on Single Sign On (SSO).

 

Sources: https://www.cnbc.com/2022/04/24/what-a-future-without-passwords-would-look-like-when-it-might-happen.html

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-password-removal-for-microsoft-accounts/ba-p/2747280

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us

https://www.idtheftcenter.org/post/google-voice-scam-tries-to-trick-you-while-you-are-selling-items-online/