British Government Advice Threatens Your Cyber Security

The UK Governments National Cyber Security Centre (NCSC) is recommending that you save your password in your browser.  We don't recommend it. Internet browsers have the ability to save passwords but they are typically kept in a non-encrypted, plain text format.  

It is strongly recommended that you do not use your browsers password saving feature, as this is not a secure password manager.

If a web browser like Chrome, Firefox, or Safari are allowed to store passwords, you're putting your network security severely at risk.For instance: Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. 

This means that if your account is hacked, the hacker has access to all your other accounts.

Passwords have been used as a safeguard against others obtaining information throughout history. The less people who know a passcode or phrase, the more secure the information becomes and the less likely it will ever turn into public knowledge. With the advent of the Internet, and the ability to store everything online, you might think your information is secure. However, there are people out there who want nothing more than to still gain access to the information you hold most private.  

Even if you have your password in a secure location online, almost any site can be hacked into and your information which you thought was secure is no longer protected.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. But do you let your browser remember your passwords and automatically fill them in for you every time you sign into an online account because if you do you could be headed for real trouble.

If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have immediate and complete access to any online accounts that you have allowed your browser to store the passwords for. The UK NCSC says on their website ‘Using the same passwords for all your accounts makes you vulnerable, if that one password is stolen all your accounts can be accessed....It’s good practice to use different passwords for the accounts you care most about...Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to...Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.’

Passwords. They are the bane of so many users' existence, yet they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised.

Yes, it's convenient. and who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window. However, this is not a secure way forward.

The Basics 
Despite being constantly warned, users still insist on passwords like 12345 or ‘password’ for a password.  Even when those users employ incredibly complex passwords, there is still a pitfall in the way of enjoying a truly safe networking experience. This pitfall is when a web browser is allowed to store passwords.

The password saving option can be very helpful if you set different robust passwords for each service. But the truth is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This means that anybody with access to your computer, co-workers, relatives, or anyone that lays hand on your computer, will be able to access these passwords from the browser’s own settings menu.

Do not use your browser password saving feature. One of the best and most secure ways of protecting a password is writing down your password offline., Your password should be something which you will know right away, but you make it very difficult for someone else to figure out in case it ever falls into the wrong hands.

You should never keep just one copy of this list. You should secure a second list some-where, in case this list ever does get lost. For obvious reasons, they should not be kept in the same exact location, but only you and maybe a loved one should know where it is.  The less people who know the passcode and where to find it, the more secure it will be.

NCSC:        StaySmartOnline:     BBVA:     TechRepublic:     University of Minnesota:   

RicksDailyTips     WigglyWisdom:

You Might Also Read:

Stay Cyber-Secure Working From Home:

 

 

 

 

 

« Lockdown Security Apathy Could Be A Big Risk
Hackers Attack Israel’s Water Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.