What is Two-Factor Authentication (2FA) and what use is it to me?

You may be using password managers to securely store your passwords and other information, but what happens if your master password gets discovered (perhaps through keylogging or maybe someone found that post-it note with it written on it)? Well 2FA can definitely assist with this dilemma. 2FA is an extra security step (something you have) in addition to your password (something you know). In general 2FA is a time-based code that is regenerated every so many seconds. It can be software-only (such as [Google Authenticator][play-store-google-authenticator or Authy, or hardware backed (such as a Yubikey). The reason 2FA is so beneficial is that even if your password (master password for your password manager or passwords for online accounts) is compromised, they will not be able to log in to your accounts without the 2FA code. Even if they have access to your 2FA key (especially a Yubikey), if you have set up a password on the 2FA application they still won’t be able to access your accounts. Good security practices utilise a layered approach so that if one layer becomes compromised all is not lost.


As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)

We’ve done the research, so you don’t have to!

Thanks for reading!

read more

Password manager recommendations

Over the years I have used and tried a few different password managers – if you don’t know what a password manager is, see our post here. I am a strong proponent of open source software and definitely recommend this avenue. Open source software has the benefit of being able to be publicly vetted, whereas closed source is just that closed off software that cannot easily be audited or inspected by the public. So then what are the best password managers to use? That depends on your requirements – though instead of going into too much detail I will just jump straight into the recommendations. In my experience, the two best password managers that I have come across are KeePass (specifically, KeePassXC, which is a community fork of KeePass), and Bitwarden. Both of these password managers have their pros and cons – and for most people Bitwarden is going to be the best option. Here’s why:

Bitwarden

  • Free
  • Open source
  • Strong encryption
  • Supports many browsers:
    • Google Chrome
    • Mozilla Firefox
    • Opera
    • Microsoft Edge
    • Safari
    • Vivaldi
    • Brave
    • Tor Browser
  • Also compatible with Windows, Mac OS and Linux as desktop applications
  • Automatically syncs, with the option to host your own Bitwarden server
  • Password generator
  • Premium option ($10US / year), which includes:
    • 1GB encrypted storage
    • 2 factor authentication (2FA) login for extra security
    • Password hygiene & vault health reports
    • TOTP authenticator key storage & code generator
    • Priority customer support

KeePassXC

  • Free
  • Open source
  • Supports strong encryption
  • Offline only by default (though you can sync using a cloud service)
  • Compatible with Windows, Mac OS and Linux
  • Password generator

In any case, you should consider using a password manager if you aren’t right now. In addition to password managers you you should also consider enabling 2FA on all online accounts that support it. If you would like more information, please see our post [here][ The importance of regular backups


As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)

We’ve done the research, so you don’t have to!

Thanks for reading!

read more

What is a password manager (and what is it not)?

Password managers are a convenient way of, well, managing your passwords. This is fairly straightforward, but there are software that manage passwords – but are not in my mind password managers. For example, operating systems and browsers have password “rememberers” that store passwords for you, but they are not necessarily stored in an encrypted state. So while they offer slight convenience, there is no benefit to security because the information is kept in plain text – sometimes even if there is the option for a “master password”. For this reason it is not recommended to use these, but to opt for an actual password manager. Examples of these password “rememberers” are:

  • Internet browsers that ask you if you want to save your password (e.g. [Internet Explorer][wikipedia-internet-explorer], [Mozilla Firefox][firefox-homepage], [Google Chrome][chrome-homepage], [Safari][safari-homepage])
  • Apple’s [Keychain][what-is-keychain-access]
  • Linux Password and Keys

These are but a few examples, and is recommended not to use these because as mentioned earlier, the details are stored in plain text. What this means is that if someone gets access to your computer, they will be able to extract them and read them as if you typed them into Notepad.

So then if all these are not password managers, what are they? Password managers are actually dedicated programs, browser add-ons or websites that are designed to securely store passwords and login information. The benefits of using proper password managers are primarily convenience and security through:

  • Storing login details (and other information such as form auto-fill data) securely by encrypting everything with a master password
  • Allowing you to create much stronger passwords and different passwords for each website / service

For recommendations on which password manager you should be using, see our post here.


As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)

We’ve done the research, so you don’t have to!

Thanks for reading!

[wikipedia-internet-explorer][https://en.wikipedia.org/wiki/Internet_Explorer] [firefox-homepage][https://www.mozilla.org/en-US/firefox/] [chrome-homepage][https://www.google.com/chrome/] [safari-homepage][https://www.apple.com/safari/] [what-is-keychain-access][https://support.apple.com/guide/keychain-access/what-is-keychain-access-kyca1083/mac]

read more

What is redundancy and how can it save your (virtual) life?

Data redundancy, simply put is having the same data replicated in two places. There’s more to it than that but for a rudimentary understanding it is one way to think about it. Data redundancy is not the same as a backup. A backup is a “snapshot” of your data at a particular time, whereas redundant data is literally the same data - hence why it is referred to as redundant. If you have your own backup solution such as a Network-Attached Storage (NAS) device, then it is a good idea to have at least two disks installed and mirrored. This way if something happens to one disk, if it fails for whatever reason, you have the other disk with the same data on it. If your NAS supports hot swapping, you can simply purchase another hard drive (of the same size and speed) and replace the failed drive. The NAS will copy the data to the new drive and your redundant array will be back up once it is done without skipping a beat. There are numerous ways in which you can implement data redundancy, which will be covered in future posts.


As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)

We’ve done the research, so you don’t have to!

Thanks for reading!

read more

The chink in the armour of information security isn’t where you expect

When people envisage computer systems being hacked they may imagine a shadowy figure furiously typing away on a keyboard in a dark basement. Or they might think about some complicated wall of code or fancy high-tech gadgets to break into these systems. The reality is, unfortunately, much more benign than Hollywood would lead us to believe. In fact, it isn’t penetration testers or hackers that put information or computer systems at risk – it’s actually the users and administrators. Probably one of the most common weaknesses would have to be passwords. Users – even administrators tend to create weak passwords because they are relatively easy to remember, the problem is, they are even easier for computers to calculate. The best defense against this is of course to use a password manager, see our post here for recommendations on the best (and most privacy-respecting) password managers. Next, administrative configuration is a common weakness in systems that is often overlooked. What this means is when administrators set up systems, whether it be websites, servers or any number of systems such as network environments, too often they will leave certain settings as the default. At worst, they leave the login details as default, so if this is an internet-facing device, anyone who stumbles upon it will be able to login and most likely do whatever they please, including changing the login details – nice.


As always reader participation is not just welcomed, but encouraged! If you have any suggestions, corrections or anything in between, feel free to leave a comment. If the content of this blog is gobbledygook and you are in need of data recovery or other IT services, head on over to our Web Shop (currently undergoing maintenance). Want a good laugh? Check out our blog created entirely by artificial intelligence (AI)

We’ve done the research, so you don’t have to!

Thanks for reading!

read more