The Power of Two

The Power of Two

A one-time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password based authentication; a number of implementations also incorporate two factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows.

The most important advantage that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will be no longer valid. A second major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the previous session, thus reducing the attack surface further.

OTPs have been discussed as a possible replacement for, as well as enhancer to, traditional passwords. On the downside, OTPs are difficult for human beings to memorize. Therefore they require additional technology to work.

An extra layer of security that is known as “multi factor authentication”

In today’s world of increasing digital crime and internet fraud many people will be highly familiar with the importance of online security, logins, usernames and passwords but if you ask them the question “What is Two Factor Authentication?” the likelihood is they will not know what it is or how it works, even though they may use it every single day.

With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for criminals (either in organised gangs or working alone) to gain access to a user’s private data such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature.

How does it work?

Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.

Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity.

Historically, two-factor authentication is not a new concept but its use has become far more prevalent with the digital age we now live in. As recently as February 2011 Google announced two factor authentication, online for their users, followed by MSN and Yahoo.

Many people probably do not know this type of security process is called Two-Factor Authentication and likely do not even think about it when using hardware tokens, issued by their bank to use with their card and a Personal Identification Number when looking to complete Internet Banking transactions. Simply they are utilising the benefits of this type of multi factor Authentication – i.e. “what they have” AND “what they know”.

Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email, because the criminal would need more than just the users name and password details.

So if you’re in need of some help securing your system, or even just some free friendly advice, get in touch with us on 0800 878 878 or email office@techs.co.nz

Viruses are getting smarter

Viruses are getting smarter

Ransomware Example

What would your first thought be seeing the above on your computer, laptop or cellphone? Would you start to wonder “What has my family been looking at?” or “What have I come across browsing the internet by mistake?”

Within the last year we have been seeing an increasing trend in viruses called Ransomware.

‘Ransomware’ is a type of malware/virus that attempts to extort money from a computer user by infecting and taking control of the victim’s computer, cell-phone, or the files or documents stored on it. Typically, the Ransomware will either ‘lock’ the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.

The ransom demand will then be displayed, usually either via a text file or as a webpage in the web browser. This type of malware leverages the victim’s surprise, embarrassment and/or fear to push them into paying the ransom demanded. Ransomware may arrive as part of another malware’s payload, or may be delivered by an exploit kit such as Blackhole, which exploits vulnerabilities on the affected computer, device to silently install and execute the malware.

In almost all cases, payment of the ransom still does not restore the computer to normal use. As such, we strongly recommend that no payment be made and give us a call straight away. You may have never heard of this type of virus or even been affected. Prevention is simple, make sure to have up-to-date antivirus (Eset nod antivirus for example). Stay away from unsafe websites (Adult content, kids free game downloads or pirated music, movies or tv shows). Good idea if you have kids is to take interest in what they do online so they and your computers are safe.

Backups are also highly recommended; there was a case in America recently when a police station themselves was hit with another type of randomware that encrypted all computers and network drives, files. Due to this police station having no backup, the police had to pay the ransom (At least the criminals were honest enough to send the police the de-crypt code to unlock the police station pcs !).

Remember we are here to help you regarding any Information Technology issues like viruses or malware. We are but a phone call away.

So if you’re in need of some help with Viruses, or even just some free friendly advice, get in touch with us, 6-370 8093.

To discuss how Tech Solutions can help call us on 0800 878 878 or email office@techs.co.nz.

Tracking a Lost or Stolen Mobile Device

Tracking a Lost or Stolen Mobile Device

You have misplaced your mobile device; your phone or iPad or tablet is gone! Stolen! Lost! TIME TO PANIC! Yes? No, it is not time to panic (yet) as there are several ways to locate your device. If you locate the device and it has been stolen, not lost, ensure you contact the police rather than going to get it yourself.

Do the simple things first. Call your phone, can you find it that way? Someone else can possibly answer the call. Sending your phone a text, especially with a reward offer, can help too. Always apply common sense around meeting people to get your device back. If neither of these work then it’s time to get technical!

Can Android, Windows or Apple help?

Yes they can, by default, Windows, Android and Apple devices have limited capabilities to find your device. If you have not set your device up the standard way these may not work. Also unless your device has a keypad lock enabled anyone who can access your settings can turn these settings off. Apple and Android offer these services more of a way to protect your data on the device than stop/discourage theft, however see ‘Prevention is better than cure’ below. They also work only if the phone is both on and online.

Apple: Apple uses a cloud based service called “Find my iPhone/iPad/Mac”. You must have enabled iCloud and enabled “find my iPhone” on this device before this will work for you. Head over to icloud.com and log in using your Apple ID credentials. Once signed in, you should see your iCloud dashboard with different icons. Click on the “Find My iPhone” icon. From here you can see all your devices and their location. The device can be made to play a sound, in case you lost it down the back of the sofa! You can also activate “Lost Mode” which locks down the device and displays the message of your choice. As a last resort, and this will mean ‘Find my iDevice’ won’t work anymore, you can erase all data too (factory reset).

Android: The Android OS has a service called Android Device Manager (ADM). You must have enabled Location Services to locate your phone and also enabled remote wipe to wipe it. Head over to google.com/android/devicemanager and log in with your Google ID. From there you can see you devices and their locations, if enabled. Each phone will give you the option to ring, lock or (if enabled) as a last resort wipe the device.

Prevention is Better than Cure

As always it is best not to lose it in the first place, but being prepared for the possibility is second best. By default most mobile devices can be found, just ensure the settings are enabled as mentioned above and (for your security) enable some form of lock screen code. There are some apps that you can install now to really help you can recover your device in the future. These apps have anti-theft (and anti-malware in the case of Android) in mind, not just the data protection offered by default. For further help with these applications or any concerns with your mobile device contact us here at Technology Solutions

Android Anti malware and Anti-theft

Avast! Free Mobile Security http://www.avast.com/en-nz/free-mobile-security

ESET Mobile Security & Antivirus http://www.eset.com/us/home/products/mobile-security-android/

Android & Apple Anti-theft only: Lookout https://www.lookout.com/features/ios

So if you’re in need of some help tracking your device, or even just some friendly advice, get in touch with us.

To discuss how Technology Solutions can help your business call on 0800 878 878.

How to Make a Strong Password

How to Make a Strong Password

Two essential password rules:

Following two rules are the minimum that you should follow when creating a password.

Rule 1 – Password Length: Stick with passwords that are at least 8 characters in length. The more character in the passwords is better, as the time taken to crack the password by an attacker will be longer. 10 characters or longer are better.
Rule 2 – Password Complexity: Your password should contain at least one character from each of the following groups.

  1. Lower case letter
  2. Upper case letter
  3. Numbers
  4. Special Characters

This is often called the “8 4 Rule” (Eight Four Rule):

  • 8 = 8 characters minimum length
  • 4 = 1 lower case + 1 upper case + 1 number + 1 special character.

Just following the “8 4 Rule” will ensure your passwords are much stronger than before for those of you who don’t follow any guidelines or rules when creating a passwords. If your banking and any financially sensitive website passwords doesn’t follow the “8 4 Rule”, I strongly suggest that you change those passwords as soon as possible to at least follow the “8 4 Rule”.

Guidelines for creating strong passwords:

  1. Follow “8 4 Rule
  2. Unique Characters. Should contain at least 5 unique characters. You already have 4 different character if you’ve followed “8 4 Rule”.
  3. Use a Passphrase.  Use a ‘passphrase’ to easily remember the passwords. You can use initials of a song or a phrase that are very familiar to you e.g. “ At Technology Solutions, we love strong passwords!” can be converted to a strong password “@TS0l,wlsp!”

Another method of ensuring the use of strong passwords, and dealing having to remember lots of them, is to use a password manager. A password manager gives you the option of totally random and long passwords, and means you don’t have to remember them all. I will cover the pros, cons and best practice of the current best password manager, LastPass, in the next newsletter.

To discuss how Tech Solutions can help call us on 0800 878 878 or email office@techs.co.nz.

Email size does matter

Email size does matter

Email size when sending and receiving may have a limit, it all depends upon who you send your email through. We hit this issue from time to time, customers asking for assistance when their email seem to stop. It will often present itself as “I can receive email but I don’t think my emails are going out.”

Why is there a maximum email size limit

Mainly for security reasons, all email server providers limit the maximum email size that an email account can receive. Otherwise, if there would be no maximum email size limit, the email server would risk to be bombarded with very large emails, causing it to cease working properly.

Some free email address providers also enforce commercial limitations on the email size: the free account gets a low maximum email size limit, but you can increase the maximum limit by upgrading to a paid account.

What happens when you hit the maximum email size limit?

Obviously, if you send an email that exceeds the maximum email size limit of the recipient’s email provider, your email will bounce off and you will receive an email error back in your mailbox. Usually, you will receive one of the following error messages:

  • “Attachment size exceeds the allowable limit”;
  • “552: Message size exceeds maximum permitted”;
  • “System Undeliverable, message size exceeds outgoing message size limit”;
  • “The size of the message you are trying to send exceeds the global size limit of the server. The message was not sent; reduce the message size and try again”.

Common provider limits

So to help we thought we would summarize the popular email services email limits. This is the stuff you would find in the terms and conditions when you sign up for a service from an Internet Provider, and we all read those – yeah right.

Yahoo/Xtra
Send and Receive limit: 20MB (per message).

Vodafone/Clearnet/Paradise
Send and Receive limit: 10MB (per message).

Orcon
Orcon do not specifically talk about email limits but instead have a “fair use” policy.

GMail
Send and Receive Limit: 25MB (per message).

Outlook.com/Hotmail
Send and Receive Limit: 10MB (per message).

Can you bypass these maximum email size limits?

A simple answer would be: no, you can’t bypass these maximum size limits. However, there are workarounds:

  • you can try compressing the attachments, just be warned some file formats compress better than others;
  • some email clients have the ability to break up large attachments into smaller chunks and then send it as multiple emails and reassemble them at the receivers end;
  • the most useful workaround is to upload the attachments to a cloud storage service (like DropBox, Google Drive or SkyDrive) and include the download link in your email.

References:

Outlook productivity blog
Gmail attachments
Yahoo Xtra Mail Support
Vodafone Terms and Conditions

So if you’re in need of some help with planning some upgrades, or even just some free friendly advice, get in touch with us, 6-370 8093.

To discuss how Tech Solutions can help call us on 0800 878 878.

Facebook Security Settings

Facebook Security Settings

The Facebook Settings You Should Check

This year (2013) Facebook have made several changes to it’s privacy policy and your settings, if you haven’t looked at your profile settings lately then now would be a good time to do it.

If you’re like the most of us here, you like to share your social life with a select group of friends and not the rest of the world, there are a few settings you should make sure are in place going forward.

See your profile as others see it

First thing you should do is see how the rest of the world (except your friends) see your profile. Click the gear icon in the upper right-hand corner of your Facebook page and select Privacy Settings, now click Timeline and Tagging in the left pane, now click View As to the right of Review what other people see on your timeline.

If you’ve limited access to your timeline to friends only, the public will see only your profile and cover photos, a link for contacting you (which you can limit to friends of friends), the people you’re following, and the groups you belong to. A tip here, you can view your timeline as a specific Facebook user, click View as Specific Person at the top of the window and enter the person’s name.

Privacy Settings

You’ll find these as a drop-down option when you click the gear icon in the upper right-hand corner of your Facebook page on the Web. Here, you can tailor the audience for your posts. You can go back and make all your posts private in this section, access the Activity Log (see the next section), and determine how widely you want to distribute future posts by default.

You can also set who can contact you and how. This is where FB removed the feature “look up my timeline by name”, but you can still control who finds you by searching an email or phone number. We recommend you set these to “Friends” Only, and turn the Do you want other search engines to link to your timeline – Off.

Activity Log

In your activity log, you can view and edit your posts, messages, posts you’ve been tagged in, photos, likes, and comments. You can edit or delete any activity dating back to when you first joined Facebook. You can access your Activity Log via Privacy Settings – Use Activity Log.

Timeline and Tag Settings

After you’ve clicked into your privacy settings, look at the left-hand column for finer grained control of your Timeline and tags. If you want to know who’s tagging you in posts before your name publicly appears on someone’s timeline — and deny them if you choose — make sure the “review posts” setting is turned on. We also recommend you turn on “Review tags people add to your own posts before the tags appear on Facebook” and that you set “Who sees tag suggestions when photos that look like you are uploaded?” to No One.

We hope this helps and if you have any questions about Facebook security, or even just some free friendly advice, get in touch with us, 6-370 8093.

To discuss how Tech Solutions can help call us on 0800 878 878