Password Security Tips: Secure Your Accounts

Air Date: 06/02/2020

Password Security Tips: Secure Your Accounts


Password Security Tips: Secure Your Accounts


Dan: Thank you for joining us this morning. It is 8:30 and it's time for a bit wizard's tip of the wand. On the phone. I got Vince and Sam. Good morning guys.

Vince: Good morning, Dan. How are ya?

Dan: I'm glorious. How are you?

Vince: I'm doing okay. I'm a little sad today. I was supposed to go to Ireland to see the Notre Dame Navy game and I was taking my family and we were going to tour Dongle and Dublin, this whole COVID hoax crisis mess, whatever it is you want to call it, has now got the game canceled in Ireland. They're moving it back to the States. They're going to do it, it looks like in Annapolis, which is a much smaller venue.

Dan: That would have been a nice trip to go to Ireland and see all of that. It's too bad that all got taken away from you.

Vince: Yeah, it is what it is, man. But I'm sad.

Dan: The big Irish, playing Ireland. How about that? It's pretty cool.

Vince: Go Irish baby.

Dan: All right buddy.

Sam: There probably is a football stadium in Ireland.

Vince: It's a soccer stadium.

Sam: Oh, it is. I wondered how they were going to do that.

Dan: It's big enough, I guess. I suppose.

Vince: It's just some lines, Sam. All you got to do is put up a couple of forks at the end.

Dan: Calm down, Sam, calm down now. All right guys, let's get with it.

Announcer: Bit-Wizards, Bits & Bytes.

Vince: Well, today we've got some good news for you. Microsoft Windows 10 2004 arrives, but unfortunately it's not going to be for everyone right away. So the latest windows 10 upgrade was released last week, but it won't immediately show up for everyone. Microsoft is sort of taking its time and gradually rolling it out. They'll start to roll it out to the large enterprises. And it's likely going to be the only major upgrade for this year. Sort of an interesting note with around that is that the way that they're naming it, which is obviously Windows 10 and then you have major version releases. And the way that they do that is the 2004 at the end there stands for the first part is 20, which means 2020 and 04 is April. So they're a little late getting this particular one out.

Sam: And the only way you would see that, it's not very clear for everybody, but if you go into the settings on your windows device and then go to about this device, you would see what build of Windows 10 you're running. So this one is 2004 because it's coming out in the year 2020, and it was designed to be released in the fourth month, in April. So if you look at yours right now, yours may be running 1907 or 1903 from last year's releases.

Dan: That's deceiving, those numbers.

Sam: It is.

Vince: Well, it is. And that's why those are the types of things that bit was just trying to stay on top of. And a lot of **inaudible** will ask us, " Well, how long is a software update version viable or how long was it good for?" Well, typically with Microsoft, with operating systems, it's usually an 18 month support cycle. So with this one being released in May of 2020, it's going to have support until December 14 in 2021. Now that doesn't mean that you shouldn't upgrade in between. That just means that that particular version is only supported for 18 months. And that's because technology marches on and we've got to make sure that it's always secure and updated and ready to go.

Sam: Exactly right? In the Windows world, until Windows 10, every couple of years you could count on Microsoft coming out with a new version of Windows. You may be old enough to remember Windows 3. 1 back in the day. It was really the first version of Windows that everybody was getting on when it was just all **inaudible** all around.

Vince: And that's when the dinosaurs roamed the Earth, right?

Sam: Absolutely.

Dan: That's where the mentally men had the swords and they had the big spears.

Sam: Then you had to start the computer up with a hand crank in the front.

Dan: What, it changed?

Sam: Then they had Windows 95, then 98, and ME. And then windows XP was a big one and everybody loved windows XP and ran it for a long time. And then Windows Vista came out after that, then Windows 7 and then Windows 8. So every few years, sometimes six years in between, whatever, they would come out with a new version. And it would take a long time to get people to jump ship to the new version. In fact, Windows XP was probably the most tenacious operating system on the planet. Probably there's still plenty of people listen to this...

Vince: I know [ inaudible 00:04:35].

Sam: ... running Windows XP. So what Microsoft did is they said, " Let's go with Windows 10." So they jumped from Windows 8 to Windows 10. And they said, " But we're going to stay at Windows 10 and we're going to update it every year or two. We'll just keep making sure that we do a new update. So every six months or so." So instead of having a whole new massive version of Windows every four or five years that you have to pay for, now every six months or so, you can just expect that you'll get an in place upgrade to your Windows 10 to the latest version with all the latest features. And at that point, your version will now be supported for the next 18 months by Microsoft.

Dan: Is this something that's a cost or is this a free upgrade?

Sam: It is a free upgrade. Once you have Windows 10 on your machine, which does cost money, originally it was a free upgrade because they wanted everyone to come over. Now, technically you pay for it. But once you have Windows 10 on your machine, all of these six month upgrades, these are free.

Vince: Now there is something that people should be aware of, and it's something that Microsoft started and then stopped, and now they're kind of cranking it up again. And it's a little controversial. It's called a forced upgrade. So with the version 1909 last year, they were trying to make users stay current, right? The reason why they wanted to stay current is to make sure that the proper security updates and things like that are on the machine and running, that it's working with the latest and hardware and stuff like that. But users simply wouldn't upgrade their computers or do anything with them. They always had sort of this, " If it ain't broke, don't fix it," which opened up a ton of security vulnerabilities. And people were getting hacked and having problems and it wasn't working with hardware. And so Microsoft started making the system where the systems always, typically these days, are always connected. And it connects to the internet and then it forces you to actually do an upgrade and to keep your stuff current. And so it looks like they're going to be starting that back up with this specific version, forcing you to do the earlier versions, the version 1909, and some of those, and get you up to at least one version before. So that begs the question, what are the cool new features or items that are in this particular one? And one of the biggest ones I think that's interesting is that there is a new tablet experience for those that have convertible PCs. Since I used the Microsoft Surface Book and I can detach mine and use it as a tablet as well as a laptop, I find that feature very helpful. And I like when they do enhancements, and tablet is one of the areas that they've been able to improve and enhance on the user interface.

Sam: In fact, Microsoft has had almost the opposite approach from Apple on this. So Apple have their laptops and then they have their tablets, the iPad. So you can get a MacBook Pro or MacBook or MacBook Air. Those don't have touch screens. But if you get an iPad, they make a 13 inch iPad now that costs, I was pricing one up yesterday, I think it was like $1, 850? That's high end laptop price there for an iPad, but you get that touch screen device. The problem is, it's running the iPad operating system. Microsoft went a different tack and they said, " Let's have one operating system, Windows 10, that is across all of our devices, whether they have a touch screen or not." And what they're doing now is adding more features for those who do have a touch screen on their laptop. Because I bet a lot of people have touch screen laptops and convertible devices, and they rarely ever use the touch screen portion of it. And Microsoft's saying, " Let's get some new features in there, the tablet experience for those of you who have these convertible PCs."

Dan: Is there any of those upgrades in the new Windows 10 upgrade? Does that also go across with the touchscreen?

Vince: That is correct. Yes, sir it does.

Sam: Exactly right.

Vince: Another thing that's kind of come that's now on parody with Mac is that Windows 10 users are finally getting to get an option that Mac users have had for years. And beginning with this new version just released, 2004, the reset this PC feature includes an option to download the set of files from the cloud instead of using the local installation files. And on systems with fast internet connections, this option could make the reset process quicker and cleaner. And also it gets them the latest files. People don't realize, software is in a constant state of evolution and change and iterative development. So they make little minor updates. Now you've got the build and then you've got the release and then you've got an even micro version number that can go along with the software. So it's constantly being updated.

Sam: And what this means in real life is if your PC is just really come to a crawl and everything seems to be broken on it. And you say, " Man, I just need to start over with this thing." You'll be able to boot up your windows device, holding down a button, on a surface device would be holding down one of the volume buttons, and when it pops up at the boot screen, it'll ask, " Would you like to just re-install windows?" And when you say yes, now it's going to jump on the wifi, it'll ask you for the password, jump on the wifi and it'll go get the latest of everything from Microsoft, give you a clean install of windows on your machine, and you'll be back up and running instead of having the old version of windows that it came with. If you try to reset your machine, you're not resetting it back to whatever it was back in 2017 when you first bought it. So that's a nice new feature. In fact, another feature that's coming across that's on Macs and is now going to be on Windows as well, is after reboot, your apps will come back where you left off, which is a nice deal. So you've got a lot of windows open, but you need to do a reboot because you've done updates and it needs to restart your machine, and now you don't have to close out of all of those windows and make sure you've saved everything across the board. Windows will reboot, come back, and will put everything right back where you left off with all your apps up and running again.

Dan: Well, you just answered my question. I was going to ask, are you going to lose any data? But you don't.

Sam: Correct. This is supposed to keep all of that in the point in time, it's supposed to remember where it is, reboot the machine, and then bring back all of the apps exactly where they were. That's kind of a nice deal.

Vince: And one last quick one before we move to the next segment there, Dan. But Microsoft, a lot of people have complained about the Windows search index. Which, what it does is it goes and it scans your entire hard drive, everything on your machine, it indexes inside and outside of files so it knows where they're at, so that you can find them quicker. Well, one of the problems with that is that takes a lot of disk cycles and CPU cycles in order to make that happen. And so people were complaining it was slowing their machines. But Microsoft, with this release, they said they fine tuned that disk usage of the Windows search indexer to deal with these longstanding complaints that the indexer is a little too aggressive with the way it works. And I can attest to it. I had problems with mine just this last week.

Dan: Just last week, well that's part of the reason.

Sam: Vincent's computer was running slowly. And when we looked, there were a couple of different elements that were making it happen. But one of those was that Windows is constantly searching your hard drive for any new file so that when you search for it, it can pull it up in the search results. So that it doesn't have to start a new search every single time, it's just looking in that index. But the indexer was getting too aggressive and was slowing the entire PC down while it was trying to keep track of all of the different moving parts.

Vince: And every time I pushed a button, I had to wait 10 to 30 seconds before it would do something, very frustrating.

Dan: Oh my gosh, that's pretty slow for you guys. That's probably an ancient time. I was just going to ask, now when the upgrade starts with the 2004 that you're talking about for the upgrades, I guess Bit-Wizards are monitoring that to make sure that everybody, all of your clients are being taken care of. So you're talking about some slow processes that you've got, you were able to find yours out, and I'm sure you do that with your clients as well?

Sam: Yes, absolutely. In fact, that's one of the core reasons for our managed IT services, is that we take care of the things that a lot of people neglect or don't realize are very important. And one of those is making sure all of your devices are kept up to date. So we do a weekly schedule where we push updates to all of the devices we manage, the several thousand devices we have under our management right now. That on Tuesday nights, we make sure that they go out, they check with Microsoft and see if there are any updates that are available, because we don't want them to get left behind and not have the new features, but more importantly the new security things. And oftentimes we'll run into an issue with a client where there's a problem on their machine and we'll see, " Oh, well, there's an update coming this weekend that is going to take care of that." And so we can manage those things appropriately. And those updates are a big part of what we do when we manage our clients ' computers. Whether their Windows or Mac, we make sure that they're kept up to date, including all of the servers as well. And servers are a tough one because servers are a lot harder to reboot because they're usually doing a job that everybody needs access to. If you got your QuickBooks running on that server, how do you reboot it during the middle of the day if everybody's trying to work in there? And so for us, we make sure we do an after hours manual update schedule on all of these servers.

Dan: Gosh. Yeah. I'm sure nothing could be more frustrated than trying to do something and, " Oh, well, we got to upgrade the server. Everything's shut down for a while." That would just stink. Oh, by the way, everybody, if you're just joining us, we have Bit-Wizards' Tip of the Wand on with us, managed IT service. And let's get to the next segment guys.

Announcer: Bit-Wizards, What's Up Our Sleeve?

Sam: So today what I want to talk about are tips for actively managing your passwords. I know we talk about passwords quite a bit on the show, but again, like updates, it's one of those critical pieces that everybody seems to neglect even though we know we should be better at it. And in the past, we've described several strategies that are relatively simple to use, but really adds greatly to the challenge for any hacker trying to break into your account. The first one we've talked about in the past is using some sort of two step verification feature. And a lot of companies are doing this. It started out with financial institutions that wanted to make sure that if you're signing into your bank account, that you are who you say you are. And then it sort of moved over to social networks as well, now. You can't sign in without getting a text message to your phone, just to confirm who you say you are. And now we're starting to see it all over the place, these two step verification services. But then the other one that we often talk about is how and why to use an online password management service. And we talk about this because rather than trying to remember and reuse the same password over and over, you can use a password service that will store all of those passwords for you, securely, only you have access to them. But that way you can have lots of different passwords for different services without having to remember all of the different ones. Unfortunately, an alarming number of people still don't take even the simplest password protection practices. In fact, it's so prevalent that these lax password security events happen that even President Obama recently received laughter when he was joking about passwords in an address to the tech security leaders at a conference. And he said, " It's just too easy for hackers to figure out our usernames and passwords, like password." And everybody laughed. And he said, " Or 123457." And everybody laughed again. And he said, " Because those are some of my previous passwords." And according to security experts, the core problem with passwords is the trade off between security and convenience. Simply making a password more complex can actually backfire because then it becomes impossible to remember. So passwords, they say, are the worst system in the world, except for all the other systems. So what they recommend is assigning different tiers to your passwords. Using your best, most complex ones for work and banking, but devoting less effort to those that don't really matter so much. And I couldn't agree with this anymore. If you're sharing your Netflix with your parents or your brother or someone like that, you're sharing your Netflix, it's okay to have a weaker password on there because you could always reset it if you need to. But do not use that same password to get into your Facebook account or especially into your bank account or even more into your work account and your work email.

Dan: I was going to ask, do you find that some people will have the same password for everything?

Sam: Yes.

Vince: Yes, they do. They do it all the time.

Sam: Well, or a handful of passwords.

Vince: Or a handful of passwords and they don't want to manage the complexity. But even worse, they use passwords that there are giant lists that are created and the hackers have. And then they run these penetration attacks. They cycle through and test all these passwords on a system. And they'll do things like 123456, or password, or monkey, or let me in, or Mustang or God even. 69, 69, 69, or Batman, master, trust no one, ABC123, trust no one. I mean, it's crazy stuff that people put. Or even stuff like that... we talked a little bit about fishing where people can go in and get a little bit of information about you. Using your child's name or using other types of things that people could easily find out about you to make your passwords it'd be crazy because somebody might... Because they know I like Notre Dame football. Maybe they look to see if my password is Notre Dame. Right? Or go Irish. I would never use that as a password, ever.

Dan: Or your name.

Vince: Yeah. Or my name.

Dan: Because I've known people that have done that.

Vince: Well, they do. And so your sports team, your birthday, or especially just not using just your birth year, because oftentimes when you go to a service or something like that, they mask all but the last two. So people will do that. Don't use them on the same account. It's like having all your cash and credit cards in one wallet and then getting your wallet stolen by keeping them all together. Swear words, phrases, famous athletes, car brands, movie names. Those are all standard types of things. And we want you to use passwords of eight characters or more with mixed character types. And we want you to change your passwords often. I know that stinks, but if you just follow these things, you are making it so much harder for people to get into your systems and get access to your private and most critical data and information.

Sam: If someone tasks their computer with trying to figure out your password, it might start with the letter A and then AA, AB, AC, AD, and it's going to work its way through the alphabet. And if that didn't work, it'll keep going. And you think, " Well, okay, that's going to take forever to go through this." Although computers run very quickly, but because it does take a really long time to figure out every possible variation of an eight letter password, instead, before they even started that, they try what they call a rainbow table. They say, " Let me look to see if they've used any of the commonly used passwords." And it's not a list of five or 10. It's a list of the top 1000 or 2000 passwords that people have used. And they know with a level of certainty that maybe 80% of the passwords they hit are going to fall into this list of the top 1000 passwords. So that's why it's important that your passwords be unique. And we even have strategies for that on how to set up those unique passwords so that you can make sure your password isn't showing up in somebody else's dictionary of passwords.

Dan: I see. So if we want to get into maybe your account, we should probably type in Bit-Wizards. I bet you those are your passwords.

Sam: Well, I guess we're changing our admin password now, you just said it on the air for everybody to hear.

Dan: I just wanted to ask you something though. In your professional opinion, how often should somebody change their passwords?

Sam: Oh, okay. Yeah. Depending on how secure those are. For a very secure system, especially one that has your financial information, I would recommend even doing it once a month. Now, a lot of these password managers are able to do that for you. They're able to go in the background, sign in as you, because they have your password, and then change that password to something new that it creates. Then it stores that new password, saves it with the account, and then you don't even have to touch it and it is rotating those passwords for you. And you could effectively rotate those every single day and it wouldn't matter, but you would be almost impossible to get hacked at that point because you wouldn't even have access. You wouldn't even know your password. It would just be stored in this password manager that is updating it for you all the time. But if you're manually doing it, I would say yes, once a month is probably a good strategy for those secure accounts.

Vince: I'm looking at passwords, as they start to develop this more, we'll get away from passwords and go to more biometric things like your fingerprint, or maybe even a retina scan. iPhones and iPads are using facial recognition now, and I think those are better mechanisms for being able to securely access things. This is why two factor authentication or two form authentication is so critical these days because you get that ability to not only use the password, but then also there's another additional level or factor that's checked, whether that's a phone call or a text message to your phone, something that's in your person that they know will actually do it.

Announcer: Bit-Wizards, From the Spell Book.

Vince: All right. So we're going to go with an easy one today. And it's kind of funny because a lot of people think they know what it means, but it's called an online presence. It's not necessarily an IT term, it could also be considered a marketing term. But what it is, is it encompasses everything that represents your business online. Your website, your social pages, your mobile apps and any and all content that you have. And in today's digital world, you need a really strong presence in order to be viable. It's where people go first to find out who you are, about you, and it's where they get the first impression is the online impression that they get of your business. So it's really important that you keep those things up to date, and you're going to build this presence as you grow. And you need to remember when you do this, that you want to keep your brand and your messaging consistent. You want to use proper logos, colors, font, and voice. And additionally, you want to make sure that you integrate in with your IT and keep it secure and all those things as well.

Sam: Your online presence is the modern day equivalent of your storefront Window. Now, when people are checking out your business, they're not sticking their face up to the glass after hours and trying to see what you have in the store. What they're doing is they're looking online. And it's not just your website. I mean, that is a big part of it, but it's even the social media that you have, your company's Facebook profile, Instagram page, if you have one. And so it's thinking collectively of that entire presence, because this is the first impression that you make with your potential clients through that online presence. In fact, Bit-Wizards, we even do a thing called a curve analysis where we can take a website or web presence, and we can do an analysis on it and see how does it work for content and usability and reachability, and even the visual look of the site. Is it up to date? Is it representing who you are as a company? So it's important to think of that holistically with your online presence.

Dan: And so the online presence you guys at Bit-Wizards can kind of take that and mesh it with their business so that they'll be able to identify you with your presence on social media or with your website to let them know that, " I'm here. And this is what we're all about."

Vince: Absolutely. That's part of our digital marketing and software development and web development services that we do over and above our managed IT services.

Dan: And like you said, we have to have consistency with your logos and probably consistency with your information. So it's not scattered everywhere.

Vince: Yeah. And the thing is a lot of people don't understand that it's not enough just to have a presence or a page up there. These days, it's all about the content that you have, becoming a thought leader. Because think about the millions and billions and trillions of pages that exist out there on the internet. How do you make yours relevant with respect to search so that you stand out? That somebody, when they're looking for say real estate services in Fort Walton Beach or real estate services in the Southeast, if you've got a wider area, that you come up to the top of that search? And then once you get them to that search page, that postage stamp that's floating out in the middle of the ocean at night, right? Because that's what it's like, trying to find you on the web. Once they do find you, what are you going to look like? Are you going to look like a webpage from the 1990s and early 2000s? Or are you going to be modern, up to date, a great user experience, good colors, represent your brand well, have great usability on your site, make it easy for users to find stuff, information that they want to know that's relevant to the business. They are making a choice. In fact, when they go to your website, the studies have shown by the time they actually call you, they're 60% to 80% through the buying process at that point. So at that point, they've already built their decision pretty close that they're going to go with you. Now, a little bit of common customer service and a little bit of a finesse, you can bring them the rest of the way. And the deal is that you don't get to control the sales cycle the way you used to in the older days. Now customers have access to a ton of information and things with which to make their decision and to compare and make buying decisions.

Dan: Now that's very good information, Vince. And by the way, I know that this time in the show, you'd like to make some good comments about one of your great clients.

Sam: Yes, absolutely. I want to give a big Bit-Wizard thank you and shout out to Erica George-Saintilus and the team over there at 1118 Hospital Drive here in Fort Walton Beach. They're a family practice and general medical clinic. What we love about Dr. Saintilus is her use of technology to streamline while providing that personalized care. When you walk in, everything is automated for you, they hand you an iPad and you can sign in with all your information. You don't have to fill out a clipboard full of pages that have been photocopied 73 times and try to figure out what it is that it says anymore. In fact, all your information is already stored and you're just going through and verifying that nothing has changed and it streamlines the whole process. We take care of their IT for them top to bottom because we know they're doing an amazing job of taking care of the people in our community and we're just proud to be a part of that and to partner with them and help them with their technology needs, specifically within their medical offices here in Fort Walton Beach.

Dan: Got it.

Vince: And not only that, some of our wizards, that is their doctor, including mine. She is my doctor.

Sam: And mine too.

Dan: Part of the family. I see. Well, Vincent, Sam, it's been wonderful having you guys on the show today, and great information as always. And I would highly recommend anybody that needs managed IT service to look you up, Bit-Wizards. How can they get ahold of you?

Sam: 864-4558. Give us a call and we'd love to get working with you.

Dan: Thanks guys. And we'll talk to you next Tuesday. Have a wonderful week.