PCMag SecurityWatch

Why you should use a password manager.

Views expressed in this cybersecurity-cyber crime update are those of the reporters and correspondents.

 Accessed on 03 May 2022, 2106 UTC.

Content provided by email subscription to "PCMag SecurityWatch."

Source: https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGpFgxgqfdbDVRXPKwQddxlxSNs

Please click link or scroll down to read your selections.

Thanks for joining us today.

Russ Roberts


https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

PCMag SecurityWatch
A Plea for Password Management Best Practices
In just about every SecurityWatch newsletter, I manage to shoehorn in encouragement for readers to use a password manager. I mean, why not? There are free password managers, and many of the paid versions are inexpensive. Adding an extra step to your online routine can be a pain, but the benefits of keeping complex and unique passwords in an encrypted vault rather than using the same password for multiple logins around the web are worth the hassle. Since World Password Day is May 5 this year, now is a good time to talk about password management best practices again.

Password Management Statistics

Bitwarden, one of PCMag's Editors' Choice award-winning password managers, recently conducted a global password management survey and the results are pretty grim. In the US, 31% of respondents experienced a data breach in the last 18 months, as compared to about 1 in 4 globally. More than 8 in 10 (85%) Americans reuse passwords across multiple sites, and almost half of US respondents (49%) rely on their memory alone to manage passwords. That said, Americans are still more likely (44%) to use a password manager than the rest of the globe (34%). 

There were some bright spots in the report. Multi-factor authentication is mainstream these days, with 79% of US respondents saying they use MFA for workplace accounts and 77% for personal accounts. Globally, that number sits at 73% (work) and 78% (personal).

What You Need From a Password Manager

A password manager can make life online a lot easier. The best password managers not only store credentials for websites and apps, but many also help you identify and replace weak and duplicated passwords. 

Most password managers autofill your stored credentials for web forms, which can save you time when you're checking out on shopping sites. Many password managers also include built-in mechanisms for securely sharing passwords with other users, which is useful for families sharing one streaming login or coworkers who all need to access one online account. 

World Password Day at PCMag

My colleagues are working hard to keep all of our password management articles up to date and address reader concerns regarding the topic. Here's a list of our top password-related articles. 

Best Password Managers. PCMag puts a litany of premium password managers to the test and determines which ones are the best value for your money.

Best Free Password Managers. We test the free versions of popular password managers.

Simple Tricks to Remember Seriously Secure Passwords. You need to lock your password manager with one strong master password, and you must remember it yourself. Here's how to do it.

How to Switch to a New Password Manager. Modern password managers make it very easy to switch between services. Just follow these simple steps.

How to Share Passwords Safely. It's perfectly safe and easy to share your passwords, as long as you use the right tools for the job.

Got a Password Manager? Good, But You’re Using It Wrong. Studies show that you probably aren’t using your password manager correctly. Here’s how to fix all your password problems.

How to Use a Random Password Generator. Most password managers include tools for generating random, strong passwords, but not all are created equal. Understanding the differences can help you make an informed choice.

How to Create a Random Password Generator. Do you trust the passwords created by third-party software to be truly random and safe? No? Here's how to build your own random generator for uncrackable passwords.

Get this from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

What Else Is Happening in the Security World This Week?

US Gets 60 Countries to Sign 'Declaration for the Future of the Internet.' The most obvious name absent from the declaration is India, which also happens to be the world’s leading internet-shutdown offender.

Microsoft: Nearly 40 'Destructive' Malware Attacks Have Hit Ukraine. Most of the attacks have been on government organizations or critical infrastructure providers in the country, according to a Microsoft investigation.

US Offers $10 Million for Information on 6 Russian Military Hackers. They carried out cyber attacks on US infrastructure using the NotPetya ransomware.

Hackers Reportedly Target Wind-Energy Companies. Nordex SE and Deutsche Windtechnik AG were both hacked over the past few months, while Enercon GmbH reportedly experienced collateral damage from the Viasat hack.

PCMag Tests the Best Ad Blockers. There are big differences among popular ad blockers. We put them to the test to see which one is best for cleaning up your browsing experience.

Save $50 on IPVanish VPN
If you buy something from our links, we may get a commission from the sale. Learn more here.
Never forget your passwords again! Get 30% off Keeper Unlimited and Keeper Family Plans
How Phishing Scams Work
One of the common comments we receive on our articles about phishing scams runs along the lines of “I don’t see how people keep falling for this stuff.” That’s why I decided this week to publish an excerpt from Neil J. Rubenking’s article on how to avoid phishing scams. It’s easier to get tricked by a scammer than you may think.

“The key to running a credential-stealing phishing scam is creating a replica of a secure website that's good enough to fool most people or even just some people. With the classiest fakes, every link goes to the real site. Well, every link except the one that submits your username and password to the perpetrators. As icing on the cake, the fraudsters may try to create a URL that looks at least a little bit legitimate. Instead of paypal.com, perhaps pyapal.com, or paypal.security.reset.com.

"However, not every phishing page is well done. Some use the wrong colors or otherwise fail to match the page they imitate. Others have totally unconvincing URLs, things like seblakenakkalikalaudimakan.crabdance.com, or X8el87.journal.com. Even these lame fakes can pick up a few suckers, apparently, or the fraudsters would give up.

"When you enter your username and password on a phishing site, the site owners gain full access to your account. To keep you from realizing you've been scammed, they may pass the credentials along to the real site, so it looks like you logged in normally. Your only clue may come when you find that your bank account is empty, or that you can't log into your email, and your friends say they're getting spam from you.”

Protect Yourself From Phishing Scams

To combat the good fakes, take the time to pay close attention to links you receive via chat, email, or SMS. Here are some common phishing signs to look for:

1. Misspellings in the web address
2. A link routes you to a site marked “Not Secure”
3. A link routes you to a page that urges you to take instant action (usually to secure your account or to check a bank balance)

If you have doubts about the link you received, do not click on it, especially if it comes from someone you do not know. It helps to have an antivirus or a security suite installed for extra protection against phishing.

Grindr Reportedly Sold Precise Location Data for Years

Spain Claims Government Officials Were Targeted by Pegasus Spyware

5 Tips for Blocking Mobile Tax Scammers

What Is a Zero-Click Attack?

Do You Really Need to Buy an Antivirus App or a VPN Anymore?

Want more deals like these delivered to your inbox?
DJI Mavic Air 2 Fly More Combo Drone Quadcopter w/ 4K 60fps Video
$988.00 $789.00  

Clip $80 off Coupon Roborock S4 Max 2000Pa Suction Robot Vacuum Cleaner w/ Lidar Navigation
$429.99 $299.99  

Bonus $100 eGift Card 32" Dell S3222DGM Curved 2560x1440 QHD 165Hz 2ms Gaming Monitor
$529.99 $329.99  

Over $50 Cheaper than Amazon JBL Live Free NC+ Active Noise Cancelling Bluetooth Earbuds w/ Wireless Charging
$149.95 $49.99  

Lenovo Flex 5 AMD Ryzen 5 5500U 14" 1080p Convertible 2-in-1 Touch Laptop w/ 16GB RAM, 256GB SSD
$849.99 $577.14  

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant's terms and conditions before you buy. Publisher is not responsible for errors or omissions.


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.