Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack

Read More

Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.

Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.

Addressing Password Reuse and Complexity

Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:

One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.

A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.

McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.

The Power of Two-step Verification

Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?

Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.

→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?

How does it Work?

The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:

Via Text: Google can send you a text message containing the code.
Via an Authenticator App: You can download a free app that will generate a randomized code at the time of sign-in
Via a Phone Call: You can receive an automated voice message to a non-mobile phone that tells you the code.

This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.

McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.

Adoption and Future Trends

This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.

New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.

→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security

Understanding the Benefits of Two-step Verification

Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.

Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.

→ Dig Deeper: Let’s Make Security Easy

Implementing Two-step Verification: A Step-by-Step Guide

Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.

From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.

→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification

Challenges and Limitations of Two-step Verification

While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.

Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.

Final Thoughts

In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”

Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.

To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.

The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.

Read More

Malwarebytes said the goal of these tactics is to lure victims into downloading malicious software

Read More

The surge in these attacks has prompted DomainTools to delve into their origins and implications

Read More

Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams.

Read more in my article on the Hot for Security blog.

Read More

With the digital lifestyle becoming more prevalent, Wi-Fi connections have become a necessity in our day-to-day lives. We frequently connect our devices to available Wi-Fi at various locations such as hotels, restaurants, cafes, and airports. The ability to be connected anywhere, anytime is extraordinary, but it also presents a significant security concern. Unsecured Wi-Fi networks can expose our personal and sensitive data to potential hackers.

These hackers can gain access to our personal data stored on our devices or observe our online activities, thereby infringing our digital privacy. Sometimes, they purposely set up deceitful free Wi-Fi connections or hotspots to entice unsuspecting users and exploit their data. Therefore, it’s important to understand the risks associated with unsecured Wi-Fi connections and adopt certain preventive measures to ensure the safety of our personal data.

Risks of Using Free Wi-Fi or Hotspots

Using free Wi-Fi or hotspots can indeed be convenient for users when they’re away from their secure home networks. However, such networks usually lack proper security measures, rendering them highly susceptible to various cyber attacks. Hackers often target these networks as it is easier to infiltrate and access users’ data.

The most common risk is the interception of data, where hackers can view and steal sensitive information such as usernames, passwords, and credit card details. They can also inject malware into your device through the insecure network, further compromising your data and device’s security. Additionally, the Wi-Fi you’re connecting to might be a rogue hotspot set up by hackers, designed specifically to steal user information. Therefore, the use of such networks should be approached cautiously.

→ Dig Deeper: KRACK Hack Threatens Wi-Fi Security – What it Means for You

McAfee Pro Tip: The most secure Wi-Fi network is the one that remains inactive. Deactivating the Wi-Fi signal on your device ensures that your device remains invisible, preventing your mobile from automatically connecting to any available Wi-Fi network. Pick up more tips on this blog.

Preventive Measures When Using Wi-Fi Connections

Despite these risks, there are several steps that you can take to ensure your cybersecurity while using Wi-Fi connections. Firstly, it’s a good practice to turn off your Wi-Fi when you’re not using it. This prevents your device from automatically connecting to available networks, reducing the risk of connecting to an insecure network. Equally important is avoiding the use of sensitive applications or websites, like online banking services, when connected to a public network.

→ Dig Deeper: Elevate Your Financial Security: How to Safely Bank Online

Another preventive measure is to use only websites that support HTTPS protocol. The usage of HTTPS, as against HTTP, ensures secure communication over the network as the data is encrypted. This reduces the chances of your data being intercepted by hackers. Hence, always look for “HTTPS://” in the address bar of your internet browser before sharing any sensitive information.

Advanced Security Measures

For an extra layer of security when using public Wi-Fi or hotspots, you might want to consider investing in a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept and view your data. While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet.

→ Dig Deeper: On Public Wi-Fi, a VPN is Your Friend

It is also advisable to keep all your devices, browsers, and apps updated with the latest security patches. Hackers frequently exploit known vulnerabilities in outdated software, so ensuring you have the latest updates can help prevent unauthorized access to your data. Enabling automatic updates ensures that your software is always up-to-date, further protecting against potential threats.

→ Dig Deeper: Why Software Updates Are So Important

Enhancing Protections at Home

Protecting your home Wi-Fi is equally important. Always password-protect your home network with a strong, unique password, and consider changing the default user name and password that come with your router. Default logins can be easily found by attackers, making it easier for them to gain unauthorized access. Additionally, changing your router’s default Service Set ID (SSID) can make it more difficult for hackers to identify and target your network.

Another step you can take is to set up a guest network for visitors to your home. This limits their access to your main network, where your sensitive information and devices are connected. Be sure to change the password for your guest network regularly, especially after hosting guests. Lastly, turning off your network when you’re not using it, especially when you’re away from home for extended periods, can reduce the risk of unauthorized access.

→ Dig Deeper: How to Secure Your Home Wi-Fi

Enhancing Protections on Mobile

Smartphones have become indispensable tools for communication, work, and leisure. However, with the convenience of accessing Wi-Fi networks on these devices comes the responsibility of ensuring their security.

First and foremost, prioritize trusted networks, such as your home or office, over open or public networks. Ensure that your connections are encrypted, preferably using WPA2 or WPA3, for data protection. Create robust, unique passwords for both your Wi-Fi network and your device connections.

Furthermore, employ two-factor authentication (2FA) for added security, especially for accounts linked to Wi-Fi access. Again, a VPN can further bolster your defenses by encrypting your internet traffic, making it indispensable when using public Wi-Fi networks. But it’s also important to keep your mobile device’s software up-to-date to ensure you benefit from the latest security patches.

Finally, be wary of connecting to mobile hotspots created by other devices, as these can pose security risks if not adequately secured, and regularly audit app permissions on your mobile device and restrict access to sensitive data whenever possible.

By following these measures and best practices, you can significantly enhance the security of your mobile devices when connecting to Wi-Fi networks, safeguarding your digital privacy and peace of mind.

Final Thoughts

With the growing reliance on Wi-Fi connections to access the internet on our devices, it’s crucial to understand the security risks associated with public Wi-Fi or hotspots. Unauthorized access, data interception, and malware infections are some of the key risks when using these connections. However, by adopting appropriate measures such as using secure websites, turning off Wi-Fi when not in use, using VPN, and bolstering home network security, we can significantly mitigate these risks and ensure our personal data’s safety. So the next time you connect to a Wi-Fi network, remember to exercise caution and take steps to protect your personal information.

We encourage you to improve the layers of your digital and device security for optimal protection. Browse McAfee’s software solutions to find the best software that suits your needs.

The post Why Should You be Careful When Using Hotspots or Free Wi-Fi? appeared first on McAfee Blog.

Read More

In today’s digital world, the importance of creating and maintaining secure and complex passwords cannot be overstated. A common misconception is that a password only needs to be memorable. Whilst this is a helpful trait, it does a disservice to the importance of having a secure series of characters. This guide will walk you through why “123456” is not an acceptable password, dispel some common password misconceptions, and provide some tips on how to create a secure password.

Understanding the Importance of Secure Passwords

Security is a necessary concern in the digital age. Every time we create an account, fill out a form, or simply browse the internet, we leave a digital footprint that can be traced back to us. Criminals, hackers, and other malicious parties are constantly hunting for sensitive information they can exploit. This is what makes the creation of secure passwords so vital.

Think of your password as the first line of defense against potential attackers. When your passwords are weak or predictable, like ‘123456’, you effectively leave your front door open to criminals. While it may feel like an inconvenience to memorize complex passwords, consider the potential damage that could be done should your personal or financial information fall into the wrong hands.

→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter

Why ‘123456’ Is Not a Good Password

Some may argue that ‘123456’ is a good password because it’s easy to remember. This is a dangerous misconception. ‘123456’ is an extremely common password, and it’s also one of the first combinations that hackers attempt when trying to break into an account. In fact, according to reports, ‘123456’ and ‘password’ are consistently ranked as the most commonly used passwords year after year.

Another reason why ‘123456’ is not a good password is due to its lack of complexity. Many websites and online services require passwords to include a mix of upper and lower-case letters, numbers, and symbols. This requirement is not arbitrary; it’s a method proven to increase the difficulty for hackers attempting to crack your password. Using ‘123456’ as your password doesn’t meet these requirements, making it an easy target for a hacking attempt.

→ Dig Deeper: Six Easy Steps to Help Keep Hackers at Bay

Essential Checks for a Secure Password

Ensuring that your password adheres to certain safety standards is crucial. Here are some key checks to consider when creating a password:

Don’t Use a Real Word: If your password contains a word that can be found in the dictionary, it’s time to change it. Using names of favorite items or pets can be easily guessed by hackers. Opt for an invented word, a blend of unique phrases or even nonsensical gibberish. The more unique, the better your security.
Mix It Up: Since most password systems are case-sensitive, using a mixture of upper and lower case letters can make your password more secure. Introduce numbers and symbols to make it more complex and avoid obvious choices like birthdays or the infamous ‘123456’.
Default is Fault: All “smart” devices come with default passwords. From your latest smart home appliance to your phone, always change the provided password immediately after setup. This step, combined with regularly updating passwords, can greatly increase your protection.

→ Dig Deeper: Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices

One Password Doesn’t Fit All: Never use the same password for multiple accounts. While it may seem difficult to remember multiple complex passwords, using a password management solution can help keep track of all your login information and generate unique, secure passwords for you.

Your proactive approach to password security is the bedrock of your defense against evolving cyber threats, ensuring your digital life remains safe and sound. Make sure to follow these reminders every time you create and change passwords.

Password Manager As An Option

Password managers are specialized tools that generate, store, and autofill complex and unique passwords for various online accounts. They eliminate the need for users to remember and manually enter their passwords, and this not only simplifies the login process but significantly bolsters security. These tools employ strong encryption to safeguard your login credentials, ensuring your passwords remain inaccessible to hackers. Many password managers also offer the convenience of cross-device synchronization, allowing you to access your passwords securely on multiple platforms.

Cybersecurity threats are more sophisticated than ever, and easily guessable passwords are the first vulnerabilities that malicious actors exploit. So, as you aim to make your 123456 passwords more complicated, consider using a password manager to store all your passwords and help you remember them properly.

Changing Passwords: A Habit to Develop

Changing passwords frequently is a habit we all need to cultivate. Doing so regularly makes it very difficult for cybercriminals to gain access to your personal information. It’s not just about protecting your accounts, but every device that holds your precious data. This habit, though may seem cumbersome initially, will eventually act as a robust shield against potential cyber attacks. Interest in cyber security is rising, and for a good reason. With more of our lives moving online, it’s crucial to stay updated on the latest trends in mobile and digital security. Many resources are available online to help individuals stay safe in the digital world. Maintaining strong, unique passwords and changing them frequently is one of the simplest and most effective ways to safeguard against cyber threats.

How Often You Should Change Passwords

The frequency of changing passwords should be tailored to the security sensitivity of the account and the strength of the existing password. For high-security accounts, such as email or online banking, changing passwords every 60 to 90 days is advisable, while moderate-security accounts can be changed every 90 to 180 days. Low-security accounts may require less frequent changes, and immediate password updates are essential if you suspect a compromise. Strong, unique passwords reduce the necessity for frequent changes, and the use of two-factor authentication further enhances account security.

McAfee Pro Tip: In certain circumstances, it might become imperative to change your password without delay, particularly when a malicious actor gains unauthorized access to your account. Learn more about how often you should change your passwords. 

Final Thoughts

‘123456’ is not an acceptable password due to its predictability and lack of complexity. Choosing secure passwords that are complex, unique, and difficult to guess is crucial in safeguarding your online presence. Coupled with regular password changes, using a password management solution, and avoiding default device passwords, you can ensure your personal and financial information remains secure. In the digital age, a secure password is not just a need, but a necessity. A reliable password manager, meanwhile, is a good, functional option to improve password security.

The post 123456 Is Not an Acceptable Password appeared first on McAfee Blog.

Read More