British Government Advice Threatens Your Cyber Security

Uploaded on 2020-05-04 in NEWS-Cybersecurity News, FREE TO VIEW

The UK Governments National Cyber Security Centre (NCSC) is recommending that you save your password in your browser.  We don't recommend it. Internet browsers have the ability to save passwords but they are typically kept in a non-encrypted, plain text format.  

It is strongly recommended that you do not use your browsers password saving feature, as this is not a secure password manager.

If a web browser like Chrome, Firefox, or Safari are allowed to store passwords, you're putting your network security severely at risk.For instance: Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. 

This means that if your account is hacked, the hacker has access to all your other accounts.

Passwords have been used as a safeguard against others obtaining information throughout history. The less people who know a passcode or phrase, the more secure the information becomes and the less likely it will ever turn into public knowledge. With the advent of the Internet, and the ability to store everything online, you might think your information is secure. However, there are people out there who want nothing more than to still gain access to the information you hold most private.  

Even if you have your password in a secure location online, almost any site can be hacked into and your information which you thought was secure is no longer protected.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. But do you let your browser remember your passwords and automatically fill them in for you every time you sign into an online account because if you do you could be headed for real trouble.

If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have immediate and complete access to any online accounts that you have allowed your browser to store the passwords for. The UK NCSC says on their website ‘Using the same passwords for all your accounts makes you vulnerable, if that one password is stolen all your accounts can be accessed....It’s good practice to use different passwords for the accounts you care most about...Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to...Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.’

Passwords. They are the bane of so many users' existence, yet they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised.

Yes, it's convenient. and who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window. However, this is not a secure way forward.

The Basics 
Despite being constantly warned, users still insist on passwords like 12345 or ‘password’ for a password.  Even when those users employ incredibly complex passwords, there is still a pitfall in the way of enjoying a truly safe networking experience. This pitfall is when a web browser is allowed to store passwords.

The password saving option can be very helpful if you set different robust passwords for each service. But the truth is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This means that anybody with access to your computer, co-workers, relatives, or anyone that lays hand on your computer, will be able to access these passwords from the browser’s own settings menu.

Do not use your browser password saving feature. One of the best and most secure ways of protecting a password is writing down your password offline., Your password should be something which you will know right away, but you make it very difficult for someone else to figure out in case it ever falls into the wrong hands.

You should never keep just one copy of this list. You should secure a second list some-where, in case this list ever does get lost. For obvious reasons, they should not be kept in the same exact location, but only you and maybe a loved one should know where it is.  The less people who know the passcode and where to find it, the more secure it will be.

NCSC:        StaySmartOnline:     BBVA:     TechRepublic:     University of Minnesota:   

RicksDailyTips     WigglyWisdom:

You Might Also Read:

Stay Cyber-Secure Working From Home:

 

 

 

 

 

« Lockdown Security Apathy Could Be A Big Risk
Hackers Attack Israel’s Water Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

GAM Tech

GAM Tech

GAM Tech is a Managed IT Service Provider that serves small and medium sized businesses in Alberta, British Columbia, Ontario and Quebec.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.

CIS Secure

CIS Secure

CIS Secure is an innovator, integrator and expert advisor supporting the broadest portfolio of powerful, mission-specific C5ISR communications and cybersecurity solutions.