3 quick and easy ways to declutter your digital life

Unless you're living under a rock, you’re probably aware of dozens of recent data breaches involving huge — and therefore implicitly trusted — companies (*cough* Facebook) where your sensitive information was mishandled and put at risk. 

Privacy is a major issue these days, and the best way to prevent your data from being exposed in a breach is to start small, at home. 

1) Let’s get physical

Clean the digital clutter from your space. We hope you don’t leave sensitive data lying around in your home or workplace, but data that could be compromised in a physical breach could include anything on your computer or phone — think old PDFs containing medical information saved to your desktop, photos on your phone of your driver’s licence or passport — that you'd be better off trashing or saving to a more secure cloud service.   
 
Put yourself in a criminal’s mindset: if you were looking to commit fraud and you stole someone’s laptop or smartphone, what would you look for first? That’s the kind of info you should be deleting or securing.  

2) Delete old, out-of-use email accounts

Why are you hanging onto that embarrassing email address from high school? Unless you believe cutieblond91@hotmail.com could serve you in adult life, it’s best to give it the boot, because email accounts — even dated ones — are a hacker’s goldmine. Through an email, someone could gain access to almost any other piece of info about you — everything from logins to other accounts, to passwords, financial data, the information of all your contacts, your mother’s maiden name and the make of your first car.  
 
Before deleting an email account, go through it and download any data you may want, and double-check to make sure there are no other services you use currently that are still connected with the old email, like Spotify, PC points, you credit card, Netflix, et cetera. Search out any subject lines associated with account creation, go into the security settings and check for any third-party apps with account access. 
 
If you don’t want to get rid of the email altogether, you should at the very least change its password to be long and strong.  

3) Get rid of app accounts you don’t need anymore

Remember when you downloaded Runkeeper last January and used it to track your one New Year’s resolution workout? Well, it really doesn’t need to be on your phone if it’s not in regular use. Apps like this track far more than calories burned — they also track your location (among many other prized informational nuggets), even when turned off.  
 
Companies store data they’re given long after you delete their apps, so going forward, don’t download apps or create accounts online for no reason. The more of your data that’s out there, the tougher it is to manage. 

Decluttering digitally is about being proactive with your privacy — it's about paring down the amount of your personal data available to only what you need and use, so it doesn’t fall into the wrong hands. 

To get the right information at the right time, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

 

On Tinder? Russia may swipe right on your personal data

Russian intelligence agencies are asking Tinder, one of the most popular dating and hookup apps worldwide, to hand over user data so they can monitor citizens, purportedly in the interest of national security.  

This is unquestionably scary for Russian citizens — this is a country with a long history of prosecuting gay people, for one thing, so for individuals to have their sexual preferences and habits on display at a national level is disturbing to say the least.  

If the aim of Russian spy agencies is to find ways to compromise individuals for state interests, then dating data could be some of the most damning info about people out there. 

What data does a dating app collect on you?

Tons! You may not “super like” it, but Tinder acquires info including (but not limited to): your Facebook likes; links to your Instagram photos; your education; your age; the age range of people you’re interested in; how many Facebook friends you have; your locations; when and where every conversation happened with every single user you’ve ever messaged on the app — and those conversations in their entirety. It’s tough to access your own data, and even tougher to delete it.  

Not limited to Russia

The reverberations of this can be felt internationally: it’s not just Russian citizens’ data the app could be compelled to surrender.  

Tinder is one of 145 apps and sites from which Russia’s internet and censorship authorities can demand data. By Russian law, Tinder could be pressured to relinquish the private information of any of the 50 million users across the planet. 

Swiping left on privacy

It remains to be seen whether Tinder will comply, but if Russia is a big enough part of Tinder’s business, there’s no reason to assume the app will uphold user privacy agreements.  

This is a concern for anyone who’s ever used Tinder, not just Russian citizens or people who may want to visit the country, but anyone involved in politics or corporations; if the Russian government can find something on you, they could conceivably use it against you.  

Our own government has similar power

Western democracies aren’t innocent of this kind of behaviour — and Canadian or U.S. authorities could use existing laws to the same ends. Our governments at home could request private info from social media sites and there would be very little that an individual could do about it.  

In theory, though, accountability and due process are embedded into our laws, whereas in Russia, human rights are beside the point.  

As if you needed another reason to ditch the dating apps…

As always, be careful about what you do and say online, because there’s no way to guarantee that private message to your match is truly private. 

Here are a few steps to make dating online safer: 

  • Only share what you need to, even in supposedly private messages 

  • Move off the platform as soon as you’re comfortable; consider talking to your crush using a more secure method 

  • Check the terms of service of apps you’re using, and choose apps that limit data retention. If you can delete your own data, do that too! 

  • If you stop using an app, contact the company to have your profile removed 

  • Lobby for better privacy protections from your government — if you don’t make it an issue, they won’t either! 

To get the right information at the right time, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

U.S. demanding visa applicants' social media details

That Facebook rant about Trump may come back to haunt you should you decide to apply for a visa to the States.  

Whether you or your children aim to travel to the United States for business or education, your social media details could be surrendered to the U.S. State Department. You won’t be notified, but your past posts on Facebook, Twitter, Instagram or any other form of social media may be combed through by authorities and you could be denied entry as a result.  

Why, and why now?

This is an idea the U.S. toyed with in the early days of Trump’s presidency, back when the ban on people from predominantly Muslim countries was imposed. Now they’re going forward with it. The new visa application form has a section listing various social media platforms and asking people to fill in the names of any accounts held on those platforms over the past five years.  

The official reason is that this information can confirm applicants’ identities, and ID online extremism. But intelligence agencies can already access most of this info and have large data sets about you, so in reality, the new legislation may be more about speeding up border agencies’ processing and facilitating identification of people they’d rather not have in the U.S. 

Regardless of the logic behind it, this puts a damper on free speech, and places too much control of individuals’ personal information in the hands of authorities.  

Objective power based on subjective opinions

The truly damaging part of all this is that crossing a border is considered a privilege, meaning there’s now even more power in the hands of border guards themselves, who could react depending on their mood that day, their feelings around their own political affiliations, something you posted on Facebook that was meant to be a joke.  

This kind of data can easily be taken out of context and used to make a decision that could have profound personal or business repercussions on individuals. There's no room for appeal, so the concerns are very real.  

Think before you post

Unfortunately, there continues to be no reasonable expectation of privacy when it comes to social media.  

This has always been the case, but now more than ever it’s a good idea to think before you post that controversial opinion, that sensitive information, or that private comment. Don’t share data using an online tool that you wouldn’t want to be public.  

Freedom of speech laws exist only to prevent criminal prosecution by the state, not to prevent states or businesses from using material you post to make discriminatory decisions. 

So if you’re planning to apply for a visa, it couldn’t hurt to go through your social media accounts and delete old posts, enhance your privacy settings, and remove anything overly political. Of course, you have the right to post what you want, but protecting yourself in this case is about prevention. 

To get the right information at the right time, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

Toronto cops using facial recognition to nab lawbreakers

Facial recognition may have been banned for agencies this month in San Francisco, but in the bustling Canadian city of Toronto, police are using the technology to generate leads in investigations as more and more crimes are caught on video.  

Officers have conducted more than 2,500 facial recognition searches since the half-million-dollar system was purchased in March of last year.  

How does it work?

Toronto police use artificial intelligence to compare any photo or video evidence they gather against a mugshot database. That evidence can include anything from government surveillance, to public or private enterprises’ footage captured on security cameras.  

This is a controlled use of facial recognition that has obvious benefits for the public. In fact, in the case of the Toronto police, they had 80% accurate matches against their mugshot database; 60% of the time they were able to rely on these matches to further investigations. Though it’s far from perfect, it’s much more accurate than other jurisdictions using this method of identification.  

Extreme uses of facial recognition A.I.

Not all police forces are using facial recognition in appropriate ways. The U.K. police are notorious for their Minority Report-esque way of fighting crime before it happens — using software that has a shocking 98% error rate, and that wrongly targets women and people of ethnic minorities.  

Beyond the Western world, China has some of the most extreme uses of facial recognition on the planet. An entire city — particularly the Muslim minority population living there — is monitored 24/7 for facial recognition as well as gait recognition (the unique way people walk).

This city had a database breach where all this biometric data leaked out, which illustrates one of the worst aspects of these types of A.I.-driven recognition tools: the fact that once it’s out there, anyone could copy that pattern and abuse it. You can’t change inherent aspects about yourself the way you can easily change a password. 

Part of the investigative tool set

Toronto police are describing the way they use facial recognition as “part of the investigative tool set” but not as conclusive evidence on its own — and this is a good approach. It’s not foolproof and involves more error than DNA testing, for example, but because it’s regulated and part of a holistic way of identifying culprits, the risk is limited. 

Public consent needed

Canadian politicians are finally waking up to the importance of controlling any technology that has the potential to infringe on citizens’ privacy rights. Democrat MP Charlie Angus is sounding the alarm on Capitol Hill about the perils of tech that tracks people, saying that as a country we need to discuss guidelines for the legitimate uses of surveillance.  

Ask the right questions

Privacy is all about control and consent. We need to ask the important questions about facial recognition: what level of civilian oversight is provided, how long will the photos and videos be stored, and when investigations are closed, when does the data go away? Being informed and asking the right questions can prevent dangerous uses and abuses of emerging technologies.  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245. 

Canada's new digital charter: a step in the right direction

Last week, the Government of Canada announced its new “digital charter,” aimed at emphasizing Canadians’ control over their personal data and penalizing big internet companies that break the law, as well as combating online extremism, hate speech and fake news. 

According to a copy of the charter obtained by the Toronto Star, though, the federal government will not immediately impose regulations on huge transnational companies such as Google, Facebook and Amazon — which practically control life as we know it online.

What is the charter?

The charter is being described as a set of principles against which existing or future Canadian laws will be judged, but at present, with no real action being taken, there’s nothing stopping these companies from going about their business as usual. And letting these companies self-regulate is like letting a five-year-old do your grocery shopping — you'll end up with junk that’s not good for anyone.  

These companies have been allowed to run free and create technologies with no regard for consequences — it's always been about the bottom line. Take Amazon, for example: they will deliver any item almost anywhere in the world. No one has stopped to ask whether this is beneficial to society — it’s just assumed that if the business is profitable, it must be a good thing. Amazon’s Alexa feature has been involved in egregious privacy breaches where voice recordings were compromised and sent to the wrong users, but that fact hasn’t dissuaded many people from having an Echo in their homes. 

Facebook may be the worst offender, with multiple privacy violations; as punishment, they’ve been slapped with fines so minimal the company has had no reason to change their data-collecting and privacy-violating behaviours.   

Anti-trust and digital privacy

Anti-trust laws are a broad category of laws that are meant to keep businesses operating honestly and fairly. In the past, these laws in North America have been around protecting profit rather than data. 

Germany has been using anti-trust laws to limit that data gathering, but North America is at least a decade behind Europe’s GDPR (General Data Protection Regulation), which puts privacy at the forefront and imposes strict fines on companies that collect too much data, that use data in undisclosed ways or without users’ full consent.  

What can we do?

It is a good sign that Canada is starting to take digital privacy issues more seriously. We can certainly maintain hope that the government elected this fall will continue to uphold privacy and regulate the online world in a way that protects our data. As citizens, we need to read the party platforms and consider voting in politicians who understand the importance of digital privacy and who demonstrate a commitment to protecting our sensitive data by reining in these big companies. 

To get the right information at the right time, contact the Beauceron Security Team at info@beauceronsecurity.com or 1-877-516-9245.

Protecting your digital identity in the era of mass surveillance – before it’s too late

San Francisco has just become the first U.S. city to ban facial recognition technology, to prevent discrimination and the inevitable curtailing of civil liberties that attends this type of artificial intelligence used by municipal agencies. Other cities are following suit, but despite this progress, the tech’s use is growing.   

If you frequent airports, sports stadiums, malls or grocery stores, facial recognition technology may soon be a big part of your life — whether you like it or not.   

Rather than check individual tickets, some airports are now using A.I. to scan faces as people pass the gates; if you’re paid up and your identity checks out, you’re allowed to board your flight.  Convenient, right?  

However, when the private sector uses our biometric data to discriminate their marketing tactics, we enter dangerous territory when it comes to the protection of your digital identity.  

Malls have been caught using facial recognition cameras to guess your age, gender and even mood to advertise accordingly, luring you to certain stores or kiosks where you’re likely to spend money.   

Even grocery stores can identify you in the aisles by your age and gender, displaying products on screens based on your marketing demographic. 

What is biometric data?

Biometric data — fingerprints, retinal scans, gait recognition (the way you walk), voice recognition, DNA, facial scans — are unique to the person, and aim to quickly confirm your identity.   

For individuals, the main benefits of using biometric data such as facial recognition are speed and convenience. You can avoid rummaging in your pockets for your concert or game tickets at a stadium. You can skip the lines, and just walk past scanning tech that can do the work instantly.   

For corporations, the benefits are more to do with the ability to sway purchasing behaviour. And for governments, they get to monitor and control populations by combining biometric and other surveillance data with artificial intelligence. 

Privacy concerns amid surveillance

The convenience of these technologies comes at a steep cost, especially regarding privacy. The most extreme example is China, where the government is known for abusing biometric data collection: they publicly shame people who jaywalk; they can capture facial scans and recognize citizens’ gaits to prevent those with a low social score from flying or from purchasing real estate; they can track anyone’s location at any time, often unfairly targeting ethnic or religious minorities.   

Closer to home, Toronto has been piloting the Sidewalk Labs project, a data-driven smart city initiative that facilitates things like snow removal and traffic planning, and can curb crime by way of sophisticated security cameras. But because Sidewalk Labs have refused to de-identify people, privacy expert Dr. Ann Cavoukian and others have denounced it as little more than a data mine that could cause harm if that data is leaked or abused.  

Glaring flaws in biometrics

Beyond surveillance, biometric identification has a major flaw: you can replace a compromised credit card, but if there’s a breach of your biometric data, you can’t change your face. Not easily, anyway!   

There’s a big possibility of false positives, too. In London last year, the Metropolitan Police misidentified and fingerprinted a 14-year-old black boy, and figures reveal this kind of mistake is no anomaly; in fact, facial recognition software wrongly identified members of the public as criminals 96% of the time.  

In its current iteration, facial scanning can also be racist and sexist; these technologies are prone to error when it comes to recognizing women and people of colour.  

Yet another issue: It can be used to advertise to you without your permission in malls and grocery stores, even in taxis. And with all facial recognition in the public sphere, the individual can never be sure when or how their sensitive data is being used, or whether or where it’s being stored.

The cost of convenience

While there are obvious pros to facial recognition — such as increasing border security and facilitating police efforts to track down dangerous criminals — as a society we need to ask how much of our personal data we’re willing to sacrifice in the name of safety and convenience. If it’s becoming too much, we need to call on legislators to stand up for citizens’ privacy before we become even more accepting of surveillance tech and all the risks that go along with it.   

Awareness training is the first step towards protecting your digital identity. Reach out to the Beauceron team to get informed on how our learning content can support your organization, info@beauceronsecurity.com

Verified.Me app makes proving your identity easy

Last week, banks in Canada announced the launch of Verified.Me, a free app that helps you prove your identity online.   

Because practically every online service requires a different username and password, it can be tough to prove who you are when you’re logging into your various accounts. Not only do you need to remember dozens of these credentials, but you often need to answer security questions, show physical identification — and it’s all getting too complicated.

Security AND speed

The goal of the app is to speed up the process of authentication while maintaining security and privacy. Logging into accounts and juggling passwords and identities is a pain, and people tend to sacrifice security in favour of convenience. Verified.Me aims to provide both. 

sign-in partner.PNG

This kind of service is already used by federal agencies like Canada Revenue Agency where you can log into your personal or business tax account through your bank, also known as a “sign-in partner.”  

How does Verified.Me work?

Think of any online service that requires you to create a username and password; instead, you log into your bank account only, through the Verified.Me app. If the bank deems that particular service to be trustworthy, you can log in automatically.  

You’ve already proven your identity at the bank; it’s the most important — and most tedious — step when opening your account. There are strict regulations in place, you need to show government-issued I.D. and open a real account as the real you. Of all the online entities, banks truly know who you are as a person. 

One identity to rule them all

The idea of a “federated identity” — a way of linking your identity and attributes, stored across multiple identity management systems — is coming up more and more these days, as identity becomes increasingly complex.   

“Single sign-on" (SSO) lets users log in to one service with a single ID and password to gain access to several sites and accounts. SSO is a good idea that has been mismanaged in the past by Google and Facebook and others — companies that have shown they can’t be trusted to manage and secure our digital identities. 

Facebook’s SSO was hacked in 2018, when it was revealed that it had fallen victim to an attack that breached 50 million user accounts. Google’s SSO has issues, too — if someone breaches your Google account, for example, they then have access to your passport information in Expedia, private messages on Tinder, location data on Uber — literally any site or service you access through the Google single sign-on.   

Why trust the banks?

Banks spend more on cybersecurity than any other organization in the country. They’re dealing with huge amounts of money so it makes sense that they have a vested interest in verifying their customers' identity and protecting against fraud.  

Unlike Facebook or Google, their entire business relies on being secure. 

How to get started

Download the Verified.Me app on your phone, open it and choose your bank from the list of options (Scotiabank, RBC, CIBC, TD or Desjardins). You’ll then be redirected to your bank’s app or website, where you can log in using your username or card number and password. Once you’re in, you can add “Connections” to your personal list and use the app to log into all those services.   

You’re in control of how and when your personal information is used, and no personal info is stored in the app — it's a win from all angles!  

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245.  

My McD’s app hack points to importance of securing accounts

It’s not the first “Hamburglar” hack and it probably won’t be the last, but a recent McDonald’s app attack has some lessons to teach us about securing our accounts in the age of digital loyalty programs. 

What happened

A tech writer in Toronto who used the McDonald’s app learned that a scammer had broken into his My McD’s account and purchased more than 100 meals — racking up around $2K in charges. The app was linked to his debit card, and he was oblivious to it all, receiving no notifications from McDonald’s or the bank. 

It’s safe to say that no one could eat that much McDonald’s and survive, so chances are the victim’s username had been reused or compromised, the hacker guessed it or otherwise accessed it, then traded it on the dark web to be exploited by multiple criminals.   

A PR nightmare for Mickey D’s

This looks bad on McDonald’s — especially since similar things have happened in other areas including Quebec and Nova Scotia involving the same app. It’s likely not a widespread issue for McDonald’s specifically, though, but an illustration of what will inevitably happen more and more as these loyalty and rewards programs become more common.

Rewards apps = easy targets

Loyalty programs and apps are attractive targets for cybercriminals: they’re easy to hack, highly profitable, and — let's face it — police don’t care about a $2K McDonald’s bill, so fraudsters can get away with it. We’re seeing many issues with rewards campaigns and users’ accounts being drained  

What should companies do?

Companies could allow users to load the app with a certain amount of money, and set limits, to remove the possibility of a thief racking up a steep bill.  

Corporations could also set up two-factor authentication on their apps, meaning any time someone logs in from a new device that wasn’t previously using the app, it would require them to prove they are who they say they are, and not allow transactions if they can’t validate their identity.   

2FA? We’re lovin’ it!

Two-factor authentication often isn’t built into apps – even though it would be easy enough for these corporations to do – because companies are not subject to any regulatory requirements around security, and because customers just aren’t asking for 2FA.  

The best way to get companies to change their behaviour in Canada is to voice your concerns.  

Supersize your password

If you’re using an app like this, make sure to secure your account by creating long, strong passwords, never reusing passwords, using a password manager, and using two-factor authentication where the app supports it.   

To learn more about protecting your identity at home or at work, contact the Beauceron Security Team @ info@beauceronsecurity.com or 1-877-516-9245 and check out our blog on 7 Reasons to start using a password manager today

Five ways your organization can reduce burnout across your IT team

Beauceron Security ‘s mission is to empower people.

When we do that well, people help their organizations proactively reduce their cyber risk while also improving their ability to respond and recover from cyber incidents.  

Part of that mission involves helping people manage ever-increasing workloads and corresponding stress.

Competing priorities, constant change and financial constraints can create stress in the workplace. When left unaddressed, burnout — long-term, unsolvable job stress — can take over, and that’s bad news for your people and your bottom line.  

Information technology (IT) professionals are no strangers to workplace stress. Small teams of experts are facing increased security risks. In that context, it’s easy to see why so many organizations around the world struggle to build and maintain traditional security awareness programs - they just take too much time in an already too-busy workday.

That’s why we’ve designed a platform that leverages the best aspects of technology to do what computers do best - automate routine tasks and calculate data into meaningful metrics - while letting people focus on what they do best - connecting with other people.

When an organization becomes human-centric, it focuses on connecting and empowering its people and becomes more proactive, reducing the number of incidents and reactive issues teams have to deal with.

That results in less stress for leaders and employees.

Here are some of our tips on how to move to a human-centric approach.

1. Recognize it’s an issue

You can’t solve a problem until you acknowledge it. A  2019 study  that delved into Chief Information Security Officer (CISO) stress levels found that, across 408 CISOs in the United Kingdom and United States, 91 per cent reported to suffer from moderate or high levels of stress. In Canada, the inability to unplug after work hours is reaching pandemic proportions.   

Putting in place the right plan, maximizing the effectiveness of your human and technology resources and prioritizing risk areas are all ways to manage security stress.

When we designed the Beauceron platform, we looked for ways to help security leaders do all of those things through our powerful dashboards, metrics and through engaging every one in an organization to play a greater role in security.

2. Educate and empower your entire team

An educated team throughout your organization will stop security threats before they escalate to your IT department. Beauceron’s library of multilingual courses teaches employees about the important role they play in protecting their organizations.

Employees learn how to identify and report potential attacks, such as phishing e-mails. They also learn steps they can take to protect themselves including account hygiene practices such as using multi-factor authentication and password managers.

If a would-be threat never has the chance to materialize, the potential stressors on already overworked IT professionals can be minimized.  

3. Determine where your risks are

Many CISOs struggle to keep up with ever-changing risks. This can make it tough to pinpoint and address problems.

Beauceron identifies the risky people in your organization and helps them overcome weak points in knowledge and training to better the company’s overall risk score. Assessments are visual and easy-to-understand, helping high-risk employees change their behaviour quickly.  

Beauceron's pioneering approach goes far beyond employee training.

It’s unique scoring system and risk advisor feature helps identify risks not just in people, but in culture, process and technology, providing the world’s most comprehensive human-centric approach to managing cyber risk.

4. Rewarding and recognizing employees

The Beauceron platform comes with built-in rewards and a gamification system designed to get everyone engaged in managing their cyber risk. When education is gamified, people are more motivated to learn, their risk scores are lowered — and your stress is reduced!

Of course, a technology can only do so much. When you’re not spending time doing routine, repetitive tasks, you have time to think about additional proactive ways to help your team.

At Beauceron, we leverage our own technology and others that enable automation so that we can focus on additional ways to reward and recognize our team. That includes professional development opportunities and implementing improved benefits programs such as employee assistance programs (EAPs) that provide counselling and advice on legal, financial and mental health matters.

5. Promote flexibility and fun

 Recognize that individuals within your company have distinct personalities and need different tools in order to succeed.

Some may do their best work remotely, while others need more face-time and collaboration with co-workers.

Some may feel recharged after playing with a furry friend, (did we mention we’re supporting a “Canine Comfort Zone” run by St. John Ambulance?) Therapy dogs are on-site at Atlantic Security Conference in Halifax this month! Show your employees that their uniqueness is valued, and they’ll work harder for you.  

Stress is contagious.

If employees have their needs met, they’ll be more productive and won’t be passing stress along to the higher-ups whose jobs are demanding enough as is.   

Let Beauceron help you educate and empower your team — and reduce stress and burnout!  

Visit our booth at Atlantic Security Conference on April 24 and 25 or reach out to our team to learn more: info@beauceronsecurity.com or 1-877-516-9245. 

 

Seven reasons to start using a password manager today

1) You aren’t alone

If you’re not sure what a password manager is, you’re not alone. And if you’re familiar with password managers but haven’t gotten around to using one, unfortunately you’re in the majority there, too.  

Good news — The Pack Has Your Back. Here’s the rundown! 

2) It’s easier than you think

Think of it as a diary where you’ve written all your secrets. But unlike any diary you kept as a kid, this one has a nearly impenetrable lock, and only you hold the key. In this case, the key is a strong, secure “master password.”  

Most people have weak passwords and use the same passwords on multiple sites and services. (And no, using the same password with a “1” after it does NOT count as a new password!) A password manager does the dirty work for you by generating random, strong passwords for all your logins, and storing them in one place that’s easy for you to access.

3) Less stuff to remember

With a password manager, you only have to remember that one master password. Period. Without a password manager, you have to remember dozens for all of your online accounts and services: phone and internet services, social media pages, banking sites, work and personal email accounts — everything these days requires a password!   

4) We’ve narrowed down the choices

LastPass is widely trusted and offers its best features — like a secure and searchable password “vault” where you can store all passwords, access on all devices, multi-factor authentication, and secure “notes” for files and information beyond just your passwords — for free.  

Other good options include 1Password, Dashlane or Keeper.

Some are free, some come with a small fee. Do your research and see which one best suits your needs. 

5) It’s safer than what you’re doing now

The obvious question people have about password managers is: what if that one master password gets hacked? Then the hacker would have access to all my online services and life as I know it would come to an end!   

Of course no security measure online or in real life is 100% infallible, but your “last password ever” is highly secure. It’s long, it’s complex, it’s got letters, numbers, and other characters that would be almost impossible to crack.   

It’s a lot safer than writing them down on a piece of paper or logging them away in a Google Doc, right? A password manager offers the best combination of security and convenience.

6) Who doesn’t like a good story?

What if I forget my master password? How to beat it: make your password into a story — a memorable phrase or a catchy song lyric.   

Many people don’t realize that a longer password is tougher to crack than a random one. So, for example (don’t use this one!) the password “afd%#T”, though complex and involving symbols as well as upper- and lower-case characters, would be easier to hack than something that tells a story, like “mydog8theblackcat@midnighT.” There are recognizable words in the second one, but it’s longer and therefore harder to crack.   

Make it personal to you.  

7) It’s free and quick

Go to LastPass.com (if that’s the one you choose), click the “Get LastPass Free” button, and enter your email, the master password, and an optional reminder. That’s the basic version. You can add services such as a GB of encrypted file storage and priority tech support if you pay a minor monthly fee.   

Then you just install the extension in your browser — it'll walk you through it, don’t worry — in order to capture and store passwords into its vault as you go about life online.   

It takes seconds. Okay, maybe a minute. But that’s really it!
   

If you want to learn more about how you can reduce your cyber risk at home and at work, contact Beauceron Security to learn more! info@beauceronsecurity.com