British Government Advice Threatens Your Cyber Security

Uploaded on 2020-05-04 in NEWS-Cybersecurity News, FREE TO VIEW

The UK Governments National Cyber Security Centre (NCSC) is recommending that you save your password in your browser.  We don't recommend it. Internet browsers have the ability to save passwords but they are typically kept in a non-encrypted, plain text format.  

It is strongly recommended that you do not use your browsers password saving feature, as this is not a secure password manager.

If a web browser like Chrome, Firefox, or Safari are allowed to store passwords, you're putting your network security severely at risk.For instance: Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. 

This means that if your account is hacked, the hacker has access to all your other accounts.

Passwords have been used as a safeguard against others obtaining information throughout history. The less people who know a passcode or phrase, the more secure the information becomes and the less likely it will ever turn into public knowledge. With the advent of the Internet, and the ability to store everything online, you might think your information is secure. However, there are people out there who want nothing more than to still gain access to the information you hold most private.  

Even if you have your password in a secure location online, almost any site can be hacked into and your information which you thought was secure is no longer protected.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. But do you let your browser remember your passwords and automatically fill them in for you every time you sign into an online account because if you do you could be headed for real trouble.

If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have immediate and complete access to any online accounts that you have allowed your browser to store the passwords for. The UK NCSC says on their website ‘Using the same passwords for all your accounts makes you vulnerable, if that one password is stolen all your accounts can be accessed....It’s good practice to use different passwords for the accounts you care most about...Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to...Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.’

Passwords. They are the bane of so many users' existence, yet they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised.

Yes, it's convenient. and who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window. However, this is not a secure way forward.

The Basics 
Despite being constantly warned, users still insist on passwords like 12345 or ‘password’ for a password.  Even when those users employ incredibly complex passwords, there is still a pitfall in the way of enjoying a truly safe networking experience. This pitfall is when a web browser is allowed to store passwords.

The password saving option can be very helpful if you set different robust passwords for each service. But the truth is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This means that anybody with access to your computer, co-workers, relatives, or anyone that lays hand on your computer, will be able to access these passwords from the browser’s own settings menu.

Do not use your browser password saving feature. One of the best and most secure ways of protecting a password is writing down your password offline., Your password should be something which you will know right away, but you make it very difficult for someone else to figure out in case it ever falls into the wrong hands.

You should never keep just one copy of this list. You should secure a second list some-where, in case this list ever does get lost. For obvious reasons, they should not be kept in the same exact location, but only you and maybe a loved one should know where it is.  The less people who know the passcode and where to find it, the more secure it will be.

NCSC:        StaySmartOnline:     BBVA:     TechRepublic:     University of Minnesota:   

RicksDailyTips     WigglyWisdom:

You Might Also Read:

Stay Cyber-Secure Working From Home:

 

 

 

 

 

« Lockdown Security Apathy Could Be A Big Risk
Hackers Attack Israel’s Water Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.