Cybersecurity Blog

Can’t remember all those passwords? Use a password manager. – 02/22/17


You are supposed to have a unique password for every account. However, considering you have to login to do everything from checking your to do list to booking an appointment with your doctor, keeping track of all those passwords is getting close to impossible. That is why we recommend you use a password manager.

A password manager stores all your passwords, allows to you login using quick keys and will even generate secure passwords for you. All you have to remember is the master password to login to the password manager.

There are many types of password managers on the market. Some are free like KeePass and LastPass, others require a fee.  How do you choose which one to use? To help you out, PCmag has a review of some of the more popular ones.

To help you learn how to use the password manager KeePass, we have created a lovely handout that includes the basics . To make learning even easier,  we also regularly offer a terrific, fun little workshop. Visit the Employee Training Portal for more information and to register.  Our next workshop is March 8, 2017.

 

Increase the security of your Google account with two step verification – 02/08/17

 

It seems like every day, we hear about a new security breach. Yahoo, Adobe, Ashley Madison;  all breached leaving their account holders feeling violated and wondering if their data or identify are safe. To make matters worse these breaches are often not identified until months or years after the attack, giving criminals plenty of time to capitalize on the stolen information. Even if you have a strong password, it cannot protect you if your account provider has its user’s login credentials stolen.

As mentioned in a previous post,  many account providers are now offering two step verification. How does it work? You set up the service by giving them your cell phone number. The next time you login you are asked for your password and then an verification code that is texted to your phone. Worried about losing your phone? You can print off backup codes or give them an alternative cell phone number.

Once two step verification is enabled, if a cyber criminal tries to login to your account you will receive a text with an verification code. Not only does it keep the criminal from logging in to your account, it also alerts you that your login credentials have been compromised and that you need to change your password.

ITS highly recommends that you enable two step verification on all your accounts that offer it, especially on your Google account.  If you are a user who has access to sensitive data or admin access, our recommendation is even stronger.  To make it as easy as possible to enable it, we have created a lovely step by step document that gives clear instructions. We also encourage you to call the Service Desk if you wish to enable it but are uncomfortable doing it on your own.

Dailymotion Accounts Hacked – 12/07/16

Hack concept

Around the 20th of October, 85 million usernames and emails were taken from Dailymotion servers along with 18 million hashed passwords. For those of you who don’t use Dailymotion, it is popular video sharing website. Because the passwords were encrypted, it will take some time for the cyber criminals to crack them. This gives users time to change their passwords on their Dailymotion account as well as change the password for any other accounts using the same password.

Once again this drives home the importance of having a different password for each account. It is not a matter of if one of your accounts will get hacked, it is a matter of when. Limit the damage…use unique passwords.

Dropbox and Adobe Breach Affects Mount Royal Users 10/24/16

In 2012 there was a very large breach of Dropbox  and Adobe credentials. At that time, Dropbox and Adobe passwords were compromised. We have been notified that Mount Royal email addresses were associated with this breach. As a result, we are concerned that some users may have used their Mount Royal password for their Dropbox or Adobe login as well.

If there is any chance that you used your MyMRU password for Dropbox or Adobe we are asking you to change your MyMRU password immediately. This will also change your Mount Royal Gmail/Google and Blackboard passwords. To change your password, please use the “Change your password” link located on MyMRU.

As login credentials for any site can be compromised, we are encouraging everyone to always use a unique password for each of their accounts. Using a password manager such as KeePass is an easy and safe way to generate, keep track of and store your passwords.

For tips on creating strong, secure passwords and using KeePass, please refer to the Creating Passwords section of the mru.ca/itsecurity webpage.  

We thank everyone for doing their part to keep their accounts secure.

Don’t Share your Password – 10/03/16

Don’t ever, ever share your password with anyone for any reason. You never know what they will do once they have access to your accounts.  Watch the video to see what the folks at Cards Against Humanity posted on a fellow staffer’s YouTube account when he shared his password.