Blog

Archive for IT Support

How to Get Better Wi-Fi

The cable plan you signed up for promised up to 300 Mbps of blistering Internet speed, but reality has proven to be somewhat different. You’re barely topping 25 Mbps, Netflix doesn’t work upstairs and by 7 p.m., no one seems to be able to stream anything at all.

It’s quite possible to boost your Wi-Fi speed yourself, with the solution being as simple as moving your router or as persnickety as switching Wi-Fi frequencies.

The distance between the router and connecting devices, as well as the number of walls and floors in between, make a big difference. While a Wi-Fi signal can travel hundreds of feet in an unobstructed space, walls and floors can cut that distance by half or more.

Your connection speed can also be influenced by your router—how old it is, how good its processor and antenna are, how good it is at picking up wireless signals and how many devices are using it.

In some cases, your connection speed may even come down to your service provider’s preference for certain kinds of traffic. Service providers prioritize voice traffic first, then their own video services.

What actions can you take to increase your Wi-Fi performance and get your streaming speed back up to par?

1. Check the router

The IP connection between your device and the router or between the router and Internet can get hung up. A restart of the router reboots all its systems, including the network processor and wireless radios.

If your router has a reset button, hold it down for a few seconds. If not, restart it by removing the cable from the power socket, waiting half a minute and then plugging it in again.

If that doesn’t work, check to make sure the router firmware is up to date. Look for the update option under “System” in router software you have installed on your computer. Only download router firmware updates from the manufacturer’s website.

You may also find that resetting and reinstalling your router software may do the trick. For most routers, this is accomplished by holding down the reset button and then reinstalling the software.

2. Turn off Eco mode

Some routers have a power-saving or Eco mode that’s on by default. Eco mode can slow down your Wi-Fi and the actual power savings are minimal. In your router’s settings, look for Eco mode or power-saving mode and turn it off. Also, check to see if your router has an Automatic transmission setting and make sure it’s at 100 percent.

3. Move the router

Most good routers have antennas that try to provide a symmetrical ‘donut‘ of Wi-Fi coverage, so when possible, place the router in an open space centrally located in your house, equidistant from its farthest locations.

Place the router up high to help avoid obstructions.

The materials surrounding the router matter as well. Metal interferes with Wi-Fi signals, while wood does not. Positioning the router’s antenna vertically rather than horizontally also increases signal strength.

4. Check to see if other family members are streaming

Intensive activities like streaming HD video or file sharing can take its toll on Internet speed. Routers can support hundreds of devices connecting, but it’s more about what each device is doing online. For example, if everyone is watching Netflix at the same time, this can cause an overall slowdown.

Distance from the router is important as well. If four people are streaming video but they’re all close to the router, you may not experience any slowdowns. So if everyone simply must watch Netflix or play Fortnite separately and simultaneously, try to move the devices closer to the router with as little wall or floor obstructing the path as possible.

5. Check if your ISP is having a hard time keeping up

Another bottleneck is the speed of the service coming from your service provider. A lot of ISPs oversubscribe, so you can feel the lag in the afternoon when everyone gets home.

Test your connection by running a speed test from a site such as SpeedTest.net at different times during the day (There can be confusing ads on this page, so don’t click on anything but the big “Go” button). You don’t want it to fluctuate too much over the course of a day. The speed should always be at least 80 to 90 percent of what your service provider promises. If that’s the case but you’re still not satisfied …

6. Run a ping test

While a speed test gauges the speed possible based on available bandwidth from the service provider, a ping test gauges latency, which is the delay in communication between your computer (or phone) and a particular website on the Internet. It can tell you how good the quality of your Internet connection is.

Head back to SpeedTest.net, where you’ll receive a ping figure measured in milliseconds. In general, lower numbers are better, but anything under 50 is considered good and under 100 is average.

7. Check to see if you’re on an overcrowded channel

Slow Wi-Fi speeds may be the result of interference from your neighbors’ Wi-Fi networks as all the devices compete to use the same channel.

All routers support the 2.4Ghz frequency, which distributes traffic among a handful of channels. Dual-band and tri-band routers also support 5GHz frequency, which contains even more channels. That frequency tends to be less congested and therefore usually allows faster connections. And with tri-band routers, you get two separate data streams, which can help if two devices are accessing the router on the 5GHz frequency simultaneously.

You may be able to increase your speed by switching to a less busy channel. Download a wireless channel analyzer app such as Wifi Analyzer for Android (no equivalent for non-jailbroken iPhones) or a desktop program such as NirSoft’s Wi-FiInfoView for Windows. Macs have the tool built in; hit Option and tap the wireless icon in your top toolbar, then click Open Network Diagnostics. Open the menu and select Utilities. Select the Wi-Fi Scan tab and choose Scan Now. You’ll see the best 2.4 and 5GHz channels.  These programs show each channel on each Wi-Fi frequency and which ones nearby networks are using.

8. Switch to a different channel

If you discover you’re on an especially crowded channel, you can manually change it. Type your router’s IP address into your web browser. (The IP address is usually on the back of the router, or you can google your router’s model.) You’ll be prompted to enter your username and password, after which you can click through to Wi-Fi settings and select the channel recommended by your Wi-Fi analyzer program.

Check for interference from a nearby cordless device

Baby monitors, older cordless phones, microwave ovens and wireless speakers are just some of the common household gadgets that also use the 2.4Ghz frequency. These can interfere with the wireless signal from your router.

Deal with the conflict by moving the router away from these devices and ensuring that no devices that could potentially interfere lie in a straight line between your router and the gadget you’re trying to get online with.

Stokes, Natasha. “How to Get Better Wi-Fi” Techlicious, Internet & Networking, Tips & How To’s, May 1, 2018

Posted in: IoT, IT Support, Mobile Computing, Networking, Tech Tips for Business Owners, Technology

Leave a Comment (0) →

6 Cool Things in Windows 10 April 2018 Update

Microsoft no longer releases major overhauls to its operating system. Windows 10 is the “last” version of Windows, and Redmond now releases upgrades to it on a semi-annual basis instead of one huge upgrade every few years.

The latest, out today, lacks a descriptive name; it’s just the April 2018 Update. But while it’s smaller than previous releases, there are several noteworthy goodies available to Windows users, many of which aim to save you ti me or help your manage time better.

Speaking of time, the update will roll out slowly, first to the most compatible PCs. The whole roll-out process can take months, but you can install the April 2018 Update manually via the Update Assistant utility from Microsoft’s website.

But unless you’re super-stoked to get the new features, you’re actually better off waiting for the normal Windows Update process, as your machine may not be ready to run the new software reliably. In fact, if you’d rather put off the update, you can go into Settings > Windows Update > Advanced Settings and defer the update for up to 365 days. You’ll still receive security and reliability updates.

1. Timeline

The biggest feature of the April 2018 Update, Timeline was originally planned for the Fall Creators Update. It takes over the OS’s multiple virtual desktop button to add the element of time. For me, usurping the multiple virtual desktop feature for Timeline cluttered up the interface, but your desktops still appear across the top clearly. Only activity from the last 30 days is included.

A plus is that Timeline includes activities you performed on your iOS or Android smartphone if you’ve installed Office or Edge there. It will take time to build up some history with Timeline to see whether the feature really delivers. For it to work between devices, Timeline must store your activity in the Microsoft Cloud; if you don’t want that, you can disable it in Settings or set it only to work on the local machine.

2. Nearby Sharing

Apple devices like Mac computers and iPhones have long included the nifty though underused AirDrop feature. This lets you send a photo or document to someone nearby who’s also using an Apple device. It doesn’t require internet connectivity, just Bluetooth and Wi-Fi (though you don’t even need to be connected to a Wi-Fi router).

As with AirDrop, you need to turn on Nearby Sharing, in this case in the Action Center right-sidebar. And as with Apple’s feature, when you tap an app’s Share icon, nearby recipients with the feature turned on appear as targets. It’s a convenient way to get pictures, websites, and documents to someone nearby without having to email or message.

3. Focus Assist

With all the constant bombardments hitting knowledge workers these days—from Slack, email, social networks, and more—the new Focus Assist feature can help you get things done and take control of your time use. Windows 10 already had a “quiet hours” feature accessible from the Action Center, but the new feature adds the ability to schedule focus times, provides a summary of what you missed when you return from focus, and lets you designate contacts who can still reach you during focus time. You can also allow alarms during focus if you choose.

4. Dictation Anywhere

Microsoft has long been strong in speech technology, with dictation an option for over a decade, and Cortana listening for her name and your command. But now you can enter text with your voice in any text entry area you see, simply by hitting the Windows Key-H hotkey combination. This feature has already made it into some pre-April 2018 versions of Windows, so give the key combo a try. One shortcoming is that it doesn’t punctuate what you say—something I’d expect in this day of speech AI.

5. Edge Browser Improvements

Edge already lets you see which site tabs are making noise on your PC, but with the update, you can now silence them by clicking the mouse cursor on the small speaker icon that appears in the offending tabs. With the update, Edge also gets full-screen capability for PDF and ebook viewing (What? You didn’t know that Edge also had ebook capability, and even a bookstore?).

The April 2018 Update adds the ability to store payment information to speed up online transactions. Printing webpages also gets better with a new clutter-free option. And finally, a Grammar tool shows learners syllable breaks in words as well as parts of speech, such as adjective or noun.

6. Cortana Smart Home Control

Don’t feel like buying another gadget to control your smart home? The Windows 10 April 2018 Update lets you do it from your PC, using Cortana. Just say, “Hey Cortana, set the lights to 25 percent” and your Philips Hue bulbs respond appropriately. Ditto for ecobee, Nest, or Honeywell smart thermostats. Of course, if you don’t want to leave your PC on all the time, you could also do this through the Harman Kardon Invoke smart speaker.

 

Muchmore, Micheal. “6 Cool Things in the Windows 10 April 2018 Update” PC Magazine, April 2018

Posted in: IT Support, Mobile Computing, MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

How to export saved passwords from Chrome to a CSV file

This process shows you how to export your passwords stored in Chrome into a CSV file, so that you are able to import your account credentials into a password manager. However, there’s one big caveat.

At first blush, you may think I’ve lost my mind. Wouldn’t exporting passwords to a text-based CSV file be insecure? Although that may be true, when you want to migrate your passwords from Chrome to a password manager (especially when you have a large number of passwords), the last thing you want to do is rely upon your memory to recall all the URLs, usernames, and passwords. And if you’re migrating away from Chrome—which you might be so inclined to do after reading this piece—you’ll want to export those passwords, such that they can be imported into your password manager of choice.

I’m going to walk you through the process of exporting your password information from Chrome. How you then import that information into your password manager will depend upon the tool you use. Fortunately, many of the better password managers are capable of importing CSV files.

With that said, let’s take care of this.

What you’ll need

You’ll need a working version of Chrome. That’s it. As long as you’ve stored your passwords with that browser, you should be good to.

A word of warning (IMPORTANT!!!)

This exported CSV file stores all your information in plain text. The idea here is to export the file, import it into a password manager, trash the exported CSV file, and then undo the process. If you leave that CSV file on your hard drive, you run the risk of leaving yourself exposed. If you don’t undo Chrome’s ability to export, someone could come along and export the file (more on that danger in a bit). Because of that, it is very important you delete that file after you’ve imported it into your password manager. Or you can always save that file to a USB drive, and then lock that drive up in a safe. Either way you go, make sure to protect that file at all costs.

Exporting

The first thing to do is enable password exporting. To do that, open Chrome and type chrome://flags/ in the address bar and hit Enter. In the resulting window type Password export in the search field. When the search result appears, select Enable from the drop-down.

You will then be prompted to restart Chrome. When Chrome restarts, click on the menu button (three horizontal lines in the upper right corner) and click Settings. In the Settings window, click Advanced and scroll down to Manage passwords. Click the three vertical dots associated with Saved passwords and then click Export.

When prompted, click the EXPORT PASSWORDS button and save the .CSV file.

You can now import that newly downloaded file into your password manager.

Undoing your work

First off, remember to delete that file or tuck it away for safekeeping. Once you’ve done that, go back to Chrome, type chrome://flags in the address bar, search for Password export, and disable the feature (set to Default). Relaunch Chrome and the feature will no longer be available.

THE BIG CAVEAT (IMPORTANT!!!)

Unfortunately, Chrome no longer allows the browser to use a password for profile locks. Because of this, you might consider deleting Chrome from your desktop, if you are migrating to Firefox for example and aren’t planning on using Google’s browser. Otherwise, someone with the understanding of how to export passwords could gain access to that data by following the above process.

In the end, the last thing you should do is allow Chrome to save your passwords. If you do, and a malicious user has access to your browser, there’s nothing keeping them from exporting your passwords to a file and using them to gain access to your accounts. Lock those passwords away in a password manager, and remove the passwords from chrome (Chrome | Settings | Advanced | Manage Passwords).

Consider this a word of warning.

Wallen, Jack. “How to export saved passwords from Chrome to a CSV file” TechRepublic, March 22, 2018

Posted in: IT Support, Mobile Computing, Security

Leave a Comment (0) →

There’s now one less excuse not to use a password manager

password-manager

LastPass becomes a great free option.

LastPass is making its password manager a much better option for people who don’t want to pay. As of today, it’s opening up to everyone the ability to sync passwords between an unlimited number of devices — something that used to be available only to subscribers.

Free users were previously limited to syncing LastPass to a single app, which is pretty limiting in a world where you very possibly need to access those passwords across multiple PCs, a phone, and a tablet. Now, there are no longer any big restrictions on the free version of LastPass (though it’s still offering a $1 per month subscription with some additional features).

Like other password managers, LastPass can be used to generate strong and unique passwords, keep track of which sites and services they belong to, and then enter them when needed. LastPass stores all passwords in the cloud, making them accessible from anywhere. That makes syncing simple, though it also opens the service up to some security concerns (ones that its competitors face as well).

Still, using LastPass or any other password manager is going to be a significant step forward for most people when it comes to security. We’ve seen a steady stream of hacks this year that have compromised usernames and passwords from major sites. Using a password manager lets you use a different password in every location, minimizing the potential fallout of a password leaking out. Password managers can be a bit of a hassle to use (compared to typing in a single memorized password), but it’s worth the effort.

Kastrenakes, Jacob. “There’s now one less excuse not to use a password manager.” The Verge. N.p., 2 Nov. 2016. Web.

Posted in: E-mail, IT Support, Security, Tech Tips for Business Owners

Leave a Comment (0) →

How to protect your Apple ID with Two-Factor Authentication

ios-9-two-factor-authenticationTwo-Factor Authentication strengthens the security of your Apple ID by preventing anyone from accessing or using it, even if they know your password. With Two-Factor Authentication, one of your trusted devices generates a one-time code when you make a purchase or sign in to your Apple ID, iCloud, iCloud.com, iMessage, FaceTime or Game Center account on a new device. Two-Factor Authentication is also required for Auto Unlock so you can unlock your Mac by wearing an Apple Watch.

In this tutorial we’ll show you how to protect your Apple ID with Two-Factor Authentication or, if you’re still using the older and less secure Two-Step Verification, upgrade to Two-Factor Authentication.

Two-Factor Authentication vs. Two-Step Verification

Two-Factor Authentication is the preferred protection system for Apple IDs.

It replaces Two-Step Verification and is more secure because it’s integrated deeply into the bowels of iOS and macOS. The older, less reliable Two-Step Verification system relies on different methods to trust devices and deliver verification codes.

With Two-Factor Authentication enabled, a six-digit code is required to verify your identity using one of your devices or another approved method before you can:

  • Sign in to your Apple ID account page on the web
  • Sign in to iCloud on a new device
  • Sing in at iCloud.com in a web browser
  • Sign in to iMessage, Game Center or FaceTime or a new device
  • Make an iTunes, iBooks or App Store purchase from a new device
  • Get Apple ID related support from Apple

See Apple’s support document for more information about Two-Factor Authentication, including an up-to-date list of countries where this feature is available.

System requirements for Two-Factor Authentication

In order to use Two-Factor Authentication, you must own one of the following devices:

  • iPhone, iPad or iPod touch with iOS 9 or later
  • Mac with OS X El Capitan or later and iTunes 12.3 or newer
  • Apple Watch with watchOS 2 and up
  • Windows PC with iCloud for Windows v5.0 or later and iTunes 12.3.3 and up

Logging into your Apple ID on a device that has software earlier than specified above may yield a message saying Two-Factor Authentication is unavailable so make sure your gadgets meet the requirements and run the latest software.

Protecting Apple ID with Two-Factor Authentication

If your Apple ID is protected with the older Two-Step Verification method, you must first disable it before you can opt in to Two-Factor Authentication, Unfortunately, Apple does not provide a direct upgrade path for Two-Factor Authentication.

If you already use the newer Two-Step Verification system, skip this section and proceed with the steps outlined in the section titled “Enabling Two-Factor Authentication”.

Disabling Two-Step Verification

1) Sign in to your Apple ID account page using a desktop web browser.

2) Click Edit under the Security heading.

3) Click Turn Off Two-Step Verification, then create three new security questions and verify your birth date and phone number when asked.

apple-id-1

You will receive an email from Apple confirming that Two-Step Verification for your Apple ID account has been turned off and the Apple ID account page will reflect the change.

apple-id-2

You can now protect your Apple ID with Two-Factor Authentication.

Enabling Two-Factor Authentication

1) Go to System Preferences → iCloud → Account Details → Security on your Mac. Alternatively, open Settings → iCloud → your Apple ID → Password & Security on your iPhone, iPad or iPod touch.

2) Click Set Up Two-Factor Authentication and follow the onscreen instructions.

apple-id-3

You must provide three security questions and answers, verify your birth date, add a rescue email and verify a mobile phone number where Apple will send you verification codes when your trusted devices are unavailable.

If you see a message that some of your devices are incompatible with Two-Factor Authentication, hit Turn On Anyway to continue. Enrolling in Two-Factor Authentication will replace your iCloud Security Code with your device passcode.

To enable Two-Factor Authentication on the web: log into the Apple ID account page, clickEdit under the Security heading, hit the link “Get Started…” below the Two-Step Verification heading and follow the onscreen instructions.

apple-id-4

The Apple ID account page lists under the Trusted Devices heading all your Apple devices which are capable of generating Two-Factor Authentication codes. Any iOS device with Find My iPhone enabled can generate these codes.

Now all that’s left for you to do is double-check that Two-Factor Authentication has really been enabled by following the instructions below.

Verifying that Two-Factor Verification is enabled

To double check that you’re using Two-Factor Authentication or that you’ve successfully upgraded your Apple ID from the older Two-Step Authentication system to the more secure Two-Factor Verification, do the following:

1) On your Mac, open System Preferences → iCloud, click the Account Details button, then click the Security tab and make sure Two-Factor Authentication is on.

apple-id-5

2) On your iPhone, iPad or iPod touch, go to Settings → iCloud, tap your name to reveal account details, then tap Password and Security and make sure that Two-Factor Authentication is on.

apple-id-6

3) If you own an Apple Watch, open the companion Watch app, go to My Watch → General → Apple ID and verify your Apple ID is showing.apple-id-watch-7

That’s it, your Apple ID account is now protected with Two-Step Verification.

How to use Two-Factor Authentication

With Two-Factor Authentication enabled, you’ll verify your identity by entering both your Apple ID password and a six-digit verification code any time you sign in to the Apple ID page or iCloud.com, make an iTunes, iBooks or App Store purchase from a new device or sign in to iMessage, FaceTime or Game Center on a new device.

apple-id-8

A prompt that goes up on your trusted devices includes a mini-map showing you where the sign-in attempt is coming from. Tap Allow to get a one-time six-digit verification code that you must type into your other device to verify the login attempt.

How to manually generate Two-Factor Authentication codes

You can also manually generate a verification code at any time:

On your iOS device, go to Settings → iCloud, tap on your account name at the top, then hit Password & Security and select Get Verification Code.

apple-id-9

On your Mac, click the Account Details button in System Preferences → iCloud, then click the button labeled Get A Verification Code found under the Security tab.

apple-id-10

Now enter your six-digit verification code into your other device to sign in.

With Two-Step Verification enabled, your Apple ID account will be more secure than ever and you will be able to use advanced features like Auto Unlock in macOS Sierra and watch OS 3 which lets you get into your Mac simply by wearing an authenticated watch.

Zibreg, Christian. “How to Protect Your Apple ID with Two-Factor Authentication.” Mid Atlantic Consulting Blog. idownload Blog, 21 Sept. 2016. Web.


Although the above article pertains to Apple ID, you can add this higher level of security to just about any of your accounts and/or devices.  One thing to realize is that two-factor authentication (2FA) is not a new solution and over the years many different 2FA options have developed. We know that narrowing down your options can be an overwhelming task, so we have done that part for you. We have a few solutions to the problem and will work with you to find the right one to suit your particular needs.

One of our experienced professionals would be a happy to discuss the best options for you and your organization.

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to schedule a consultation.

Posted in: IT Support, Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →

Two-Factor Authentication: Methods and Myths

images

When I mentioned to a few friends that I was writing a feature about two-step authentication, the typical response was an eye-roll and “Oh, that annoying thing?…” Yes, that annoying extra step. We’ve all had that thought when we needed to get a code before we could log in or verify our identity online. Can I please just login without a barrage of requests?

However, after much research about two-factor authentication (often referred to as 2FA), I don’t think I’ll roll my eyes at it anymore. Let’s get to know two-factor authentication a little better, the different options out there, and dispel some myths surrounding that “annoying” extra step.

Most Common Alternatives For Using 2FA

SMS Verification

It’s commonplace for apps and secure services to suggest you add 2FA at least via SMS messages, for example when logging into your account — either at all times or just when doing so from a new device. Using this system, your cell phone is the second authentication method.

The SMS message consists of a short single-use code that you enter into the service. This way, Mr. Joe Hacker would need access to your password and your phone to get into your account. One rather obvious concern is cell coverage. What if you’re stuck in the middle of nowhere without a signal, or traveling abroad without access to your common carrier? You won’t be able to get the message with the code and won’t be able to log in.

But most of the time, this method is convenient (we all live with our phone attached to our hand). And there are even some services that have an automated system speak the code so that it can be used with a landline phone if you can’t receive text messages.

Google Authenticator / App-Generated Codes

Potentially a better alternative to SMS because it doesn’t rely on your wireless carrier, there’s a good chance you’ve already used at least one short-term code generating app. Google Authenticator (made for Android and iPhone) is the most popular app in its category.

After setting up a given service with Authenticator, you’ll be prompted to enter an authentication code in addition to your username and password. You’ll rely on the Google Authenticator app on your smartphone to provide you with a fresh code. The codes expire within the minute, so sometimes you’ll have to work fast to enter the current code before it expires and then the new code is the one to use. Even though the name is Google-centric, you can add a multitude of services to it beyond Gmail, including but not limited to Dropbox, Lastpass, Amazon Web Services, Evernote, and many others.

If you don’t want to rely on Google for this kind service, there are a few alternatives of which Authy is considered the most comprehensive. Authy offers encrypted backups of the codes generated over time, as well as multi-platform and offline support. Lastpass recently launched their own authenticator as well.

These apps will keep generating time-specific codes till kingdom come, with or without an internet connection. The only tradeoff is that setting the app setup is slightly complicated.

Physical Authentication Keys2016-08-19-image

If dealing with codes and apps and text messages sounds like a headache, there’s another option that is on the brink of popularity: Physical authentication keys. It’s a small USB device you put on your keychain (the FIDO U2F Security Key pictured above.) When logging into your account on a new computer, insert the USB key and press its button. Done and done.

Some companies are at work creating a standard called the U2F. Google, Dropbox, and GitHub accounts are already compatible with the U2F token. At some point in the future, physical authentication keys will work with NFC and Bluetooth to communicate with devices that don’t have USB ports as well.

App-Based and Email-Based Authentication

Some mobile apps skip the above options altogether and verify through the app. For example, enable “Login verification” on Twitter and when you log into Twitter for the first time from a new device, you must verify that login from the app on your phone. Twitter wants to make sure that you, not Mr. Joe Hacker, has your phone before you log in. Similarly, Apple uses iOS to verify new device logins. When logging in on a new device, you’ll get a one-time-use code sent to an Apple device you already use.

Email-based systems, as you probably figured out just from the title, use your email account as the second-factor authentication. When logging into an app or service that uses this option, the one-time-use code will be sent to your registered email address.

Myths / FAQ

What are common services where enabling 2FA is recommended?

  • Google / Gmail, Hotmail / Outlook, Yahoo Mail **
  • Lastpass, 1Password, Keepass, or whichever password manager you use **
  • Dropbox, Google Drive, iCloud, OneDrive (and other cloud services where you host valuable data)
  • PayPal and other banking sites you use that support it
  • Facebook / Twitter / LinkedIn
  • Your website hosting provider: WordPress, Softlayer, Rackspace, etc.
  • Steam (in case your game library happens to be worth more than your average bank account balance)

** These are particularly important because usually serve as a gateway to everything else you do online.

If you are wondering whether a certain site or service supports 2FA, twofactorauth.org provides a very comprehensive list.

If there’s a security breach, turn on two-factor authentication ASAP

The problem is that you can’t just flip a switch and turn on 2FA. Starting 2FA means tokens have to be issued, or cryptographic keys must be embedded in other devices. And since 2FA is so heavily reliant on user participation, don’t expect it to be up and running super quickly.

Should I enable two factor authentication or not?

Yes. Especially for critical services that contain your personal data and financial information.

Two-factor authentication is impervious to threats

No. 2FA depends on both, technologies and users that are flawed, so it is also flawed. A 2FA that uses SMS text as the second factor relies on the security of the wireless carrier. It’s also happened where malware on a phone intercepts and sends SMS messages to the attacker. Another way that 2FA can go wrong is when a user isn’t paying attention and approves a request for authentication (maybe it’s a pop-up message on their Mac) that was started by an attacker’s attempt to log in.

Two-factor solutions are (basically) all the same

This may have been true at some point, but there’s been much innovation to 2FA recently. There are 2FA solutions using SMS messages or emails. Other solutions use a mobile app that contains a cryptographic secret or keying information stored in a user’s browser. Reliance on third-party services is something to think about, and should be improved upon, as it has been breached and the authentication has failed in some instances.

Two-factor authentication is an annoying extra with little benefit

Well, with this attitude we’ll never get anywhere. In reality, some businesses or services approach 2FA as a compliance requirement, instead of something that can help reduce fraud. Some companies use the minimum required 2FA that barely does anything, just to check off the 2FA box. As a user, it can be annoying to use 2FA, but if the company is using a flexible authentication method (not just the bare minimum) it can reduce the possibility of fraud. And who doesn’t want that?

It’s the end of 2FA as we know it

Maybe. Everything you’ve just read is about 2FA today, and we don’t know a lot about the future besides that it will change and become more commonly used. The most hope-inducing and cool part of 2FA is that is can become much better as time goes on. Right now, 2FA is still sitting on the outskirts of the crowd. So, it will be interesting to see if 2FA security and ease of use can improve enough that it becomes a tool we all love.

Pope, Devin Kate. “Two-Factor Authentication: Methods and Myths.”TechSpot. TechSpot, 21 Sept. 2016. Web. 06 Oct. 2016.


Although the above article pertains to Apple ID, you can add this higher level of security to just about any of your accounts and/or devices.  One thing to realize is that two-factor authentication (2FA) is not a new solution and over the years many different 2FA options have developed. We know that narrowing down your options can be an overwhelming task, so we have done that for you. We have a few solutions to the problem and will work with you to find the right one to suit your particular needs.

One of our experienced professionals would be a happy to discuss the best options for you and your organization.

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to schedule a consultation.

Posted in: IT Support, Security, Tech Tips for Business Owners

Leave a Comment (0) →

Employee Negligence The Cause Of Many Data Breaches

data-breach

Enterprise privacy and training programs lack the depth to change dangerous user behavior, Experian study finds.

More than half of organizations attribute a security incident or data breach to a malicious or negligent employee, according to a new survey.

Sixty-six percent of the 601 data protection and privacy training professionals surveyed for the Managing Insider Risk through Training & Culture report say their employees are the weakest link in their efforts to create a strong security posture.

Awareness of the insider risk, though, is not influencing many companies to put in place practices to improve the security culture and training of their employees, the Experian Data Breach Resolution and Ponemon Institute report found.

Only 35% say senior executives think it is a priority to ensure that employees are knowledgeable about how data security risks affect their organizations, and 60% say employees are not knowledgeable or have no knowledge of the company’s security risks.

“It’s no surprise that employee-related security risk is their number one concern,” says Michael Bruemmer, vice president of Experian Data Breach Resolution. “As we have seen in our incident response service that we do for clients, about 80% of all the breaches we service have a root cause in some type of employee negligence.”

Training Programs Inadequate

Each of the organizations in the survey has a training program, but many of these programs do not have the depth and breadth of content to drive significant behavioral changes and reduce the insider risk. Only half of the companies agree or strongly agree that current employee training actually reduces noncompliant behaviors.

Forty-three percent of respondents say that training consists of only one basic course for all employees. These basic courses often do not provide training on the risks that can result in a data breach: 49% of the respondents say training in their organization does not include phishing and social engineering attacks. Only 38% of respondents say the course includes mobile device security, and only 29% say courses include the secure use of cloud services.

Less than half –45% — say their organizations make training mandatory for all employees. Even when mandatory, exceptions are made for certain individuals. For example, 29% of respondents say the CEO and senior level executives in their companies are not required to take the course.

Additionally, if an employee doesn’t pass a privacy test or do well on a training course, 60% of the companies in the survey don’t require them to do anything else but check off the right answers on the test, Bruemmer says.

Responsibility Starts At The Top

The responsibility for data protection and cybersecurity should start at the top with company board members and senior management, he notes. Cybersecurity should be one of the top five strategic priorities, he says. And if companies are setting up an organizational structure, the chief information security officer or an executive with that responsibility, must report at a minimum to the CEO, if not directly to the board.

“So cybersecurity, privacy, and data breach response must have a priority at the highest level of the organization,” Bruemmer says. To back up that argument, Bruemmer notes that 29% of the cybersecurity professionals surveyed say that the lack of senior executive buy-in contributed to the inefficient training.

“In this day and age, given the cost of a data breach, which is about $6.2 million per incident, to not spend the money upfront to address the number one cause of data breaches – a relatively low cost compared to some of the other preparations – it just seems like there is a real miss here,” Bruemmer says.

Mitigating the insider risk, according to Bruemmer, should include both culture and training. Sixty-seven percent of respondents say their organizations do not provide incentives to employees for being proactive in protecting sensitive information or reporting potential issues.

The report recommends that companies should provide employees with incentives to report security issues and safeguard confidential and sensitive information, as well as better communicate the consequences of a data breach. Plus, companies should “gamify” training to make learning about potential security and privacy threats fun.

Meanwhile, federal cybersecurity professionals also recognize that people can be their organization’s greatest cybersecurity asset or greatest liability: 42% of cybersecurity executives surveyed for a new (ISC)² and KPMG LLP report say that people are currently their agency’s greatest vulnerability to cyberattacks.

Lack of accountability was also a consistent theme throughout the federal survey results, as some respondents were unable to identify a senior leader at their agency whose sole responsibility is cybersecurity. Federal cybersecurity executives are still struggling to understand how attacks could potentially breach their systems a year after hackers stole the personal information of 22 million people from the Office of Personal Management databases, according to the (ISC)² report.

Yasin, Rutrell. “Employee Negligence The Cause of Many Data Breaches.” N.p., n.d. Web.


In 2015 43% of data breaches were a result of employees, half were intentional, and the other half accidental.  So let us help you with the “accidental”…

Phishing, spearfishing, socially engineered email and links are designed to get your employees to open the door to malicious attacks, and they appear in various ways. We believe that the best approach is to take a defensive stance by arming your staff with the most updated information.  And since we believe that knowledge is power, we have put together a presentation to explain the many deceptive tricks of hackers and the most common mistakes made by end users. We also have a method to reinforce training by creating a phishing scheme which will test who will “click”.

Employee awareness is the key to fighting the cyberwar!

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to set up an appointment for a security consultation.

 

Posted in: Business, IT Support, Security

Leave a Comment (0) →

Ransomware Alert: Don’t be Unlucky With Locky

locky 2Ransomware is a rapidly growing plague on computer users, and the latest variant of Locky adds malicious Word macros to its weaponry.

If you must open Word documents created by others, here are some ways to ensure you don’t become a ransomware victim.

When you’re unlucky enough to get Locky

Locky ransomware show up in many formats, but in most cases it’s disguised as an invoice, shipping document, or similar-seeming legitimate attachment. Typically, those attachments are Word or Excel documents, but the malware might also be hiding inside a ZIP or RAR file.

No matter how Locky arrives, the end effect is the same — and frighteningly obvious. You’ll discover that all your documents are encrypted: not just those on the infected computer, but also files on mapped external drives and network locations. Even cloud-based documents are at risk. It can also disable Windows’ volume shadow copies.

It gets worse: Locky will look for bitcoin wallets and try to encrypt them as well.

Locky can even store information in the Windows Registry.

Here are some reminders of ways to protect yourself from this latest variant:

The first line of defense remains unchanged

Regular Windows Secrets readers should already know the first rule of blocking ransomware and similar forms of malware: Don’t open email attachments that did not come from truly trusted sources. I’d even avoid attachments forwarded by those you know well — you can’t know the original source of the document.

Note that the ransomware payload typically isn’t triggered by simply viewing the email message; you have to open the malicious attachment to become infected.

The next best defense is using an email service that filters your email. If you never see the attachment, you won’t be tempted to open it. Many major Interest service providers will filter and clean email — it’s in their interests to protect their subscriber traffic.

If your ISP doesn’t provide effective mail filtering and cleaning, you should sign up for one of the free providers that do. You can, for example, forward your mail through Gmail or Outlook.com. I also recommend creating a separate account on one of the free, online mail services; then use that address for the sites that might lead to more spam in your inbox.

Many of the malicious emails and attachments look as if they came from legitimate businesses. It can be hard to tell a bogus FedEx notification from a real one. If you’re suspicious of an email, open it on a platform that’s less likely to be hit by ransomware. For example, I often use my iPhone to open up suspect mail. If it proves safe, I will then open it on one of my Windows machines. But even that’s not foolproof. As noted in a recent Reuters story, some OS X machines saw their first successful ransomware attack. The “KeRanger” exploit was piggy-backing on torrent sites. (That’s what you get for illegally downloading media — I jest: there are legitimate reasons for using BitTorrent.) Experts reportedly expect to see new forms of attachments on Macs.

Preventing infection by blocking macros

Locky’s use of Office-based macros is somewhat unique. If you’re unlucky enough to launch the malware, and if you’ve not taken precautions to block certain macros, the encryption process will begin. Microsoft’s Malware Center hasposted tips for protecting yourself from bogus macros.

It starts with checking whether you have any Word docs or Excel worksheets that contain macros. If you don’t have or use macros, take the following steps to better protect yourself from malicious documents that might slip onto your machine.

  • Open a Microsoft Word document.
  • Click the File tab and then Options.
  • In the Trust Center, click Trust Center Settings.
  • In the Macro Settings section, check that the default Disable all macros with notification is enabled.
  • Click OK.

If you do use macros, the better option is: Disable all macros except digitally signed macros. This will ensure that unsigned macros don’t launch when you open a document.

Looking for the yellow banner when opening files

If you have a newer Office platform — 2010 through 2016, it knows where opened documents have come from. Opening Word or Excel email attachments will trigger the yellow warning shown in Figure 1. (The wording will vary slightly with different Office versions.) Earlier platforms might also display the warning — if you’ve installed specific updates. But as I’ve pointed out in a Patch Watch column, the updated Office versions weren’t perfectly successful when dealing with file opening on older platforms.

lockey image

Figure 1. Office’s warning that a document that arrived in email could be malicious

If you’re using .docx and .xlsx formats, newer Office versions tend to be more effective at spotting and blocking macros. But the key is still to always watch for the yellow banner at the top of opened files. If the document came via the Web, you can enable macros — but, again, only if you truly trust the source.

What do you have access to?

An often overlooked step for limiting damage from ransomware is checking what you have access to from your PC. If you can browse to a location on an internal drive, on an external USB drive, in the cloud, and so forth, the ransomware payload has access to that location, too.

With that in mind, review how your backup software is set up. It’s one of the reasons I don’t completely trust Windows 10’s File History system; it saves a copy to an external USB hard drive that you — and ransomware — have full access to. File History makes no attempt to hide the location of archived files; hiding them would help protect them from ransomware encryption.

I wouldn’t turn File History off, but I would add the old-school method of rotating backup media (to multiple, external USB drives). Combine that strategy with cloud backup that includes versioning. In short, never rely on one backup system.

Ransomware is getting only cleverer at tricking computer users into downloading and launching malicious code. As it adapts, so too must we. Open only those attachments you expected to receive — and don’t worry if your friends think you are a tad paranoid when you call them to check that they really sent an email with any form of attached file.

A little paranoia helps keep us all safe.

Bradley, Susan. “Don’t be Unlucky With Locky” Windows Secrets March 17, 2016

Posted in: IT Support, Security

Leave a Comment (0) →

One in the eye for ransomware: Microsoft adds new macro controls to Office 2016

Office 2016As you probably know, a lot of ransomware arrives by means of believable-looking Word documents.

You receive an email that looks just like a customer requesting a quote, or an invoice that you need to pay, or a courier delivery that went astray.

You’re supposed to consult the attached document for details…

…but when you do, there’s some problem viewing it, but you can fix that…

…if only you click the [Options] button and enable macros.

The problem is that a macro is essentially a miniature program embedded inside the document, and it can do almost anything that a regular program can do, such as connecting to a web server, downloading some software, and running it.

In other words, an email telling you to enable macros in a document is as dangerous as an email telling you, “Please download and install this unusual version of NOTEPAD.EXE, ignoring all security warnings, to read this email properly.”

Macros don’t run by default, for security reasons, but an outright block on macros can get in the way, because many legitimate Word and Excel files use macros for perfectly unexceptionable purposes, such as helping you fill in forms or perform complex calculations.

That means that in most businesses, users can enable macros if they think they need to – so that just one bad judgement call could let ransomware, or any other malware, into the organization.

Microsoft has therefore added a new policy option into Office 2016 that allows finer control over documents with macros.

You can now limit the functionality of the macro programming system so that even if users normally have the chance to enable macros, they can’t if the macros came in an Office file from the internet.

The option is well-named: Block macros from running in Office files from the internet.

Is this end of ransomware?

Sadly, the answer is,”No.”

Malware, including ransomware, can arrive in many other ways.

Instead of using attachments containing Word macro downloaders, crooks can use numerous other infection techniques.

A common trick is to send a .js attachment (JavaScript) instead of a .doc file; scripts written in JavaScript have much the same powers as those written as Office macros, and protection based on controlling macros won’t help in this case.

And crooks can also use booby-trapped documents that work by exploiting bugs in Word itself, so that no macros are needed at all.

Lastly, there’s still plenty of malware that get in without using email, thanks to USB flash devices, malvertising, and booby-trapped websites.

Nevertheless, if you are using Office 2016, this new anti-untrusted-macro execution protection is well worth using.

Dicklin, Paul. “One in the eye for ransomware: Microsoft adds new macro controls to Office 2016” Naked Security March 23, 2016

Posted in: IT Support, MS Office Tips and Tricks, Security, Tech Tips for Business Owners

Leave a Comment (0) →

How to Stop the Free Windows 10 Upgrade

Windows10updateMicrosoft’s Free Windows 10 Upgrade Offer is perhaps the most generous the company has ever been with a new software upgrade. Anyone who has Windows 7, Windows 8 and Windows 8.1 can take advantage of the Windows 10 Upgrade offer and get it running on their old notebook, desktop or tablet in hours. It’s unprecedented. For some it’s also unwanted.

No matter how much you plan for a software upgrade to be painless, things are going to happen. The hardware requirements for Windows 10 are the same as Windows 8 and Windows 7, but that doesn’t mean everything flawlessly works. Some have reported their printers not working after the upgrade or software that they rely on every day simply not loading up anymore. Initially, Microsoft only upgraded those who actively sought out the software refresh. Yes, you can go back to your earlier version of Windows after the upgrade, but that’s not enough. Some don’t want to risk installing a new operating system on their devices at all.

Instead, they want a way to block the Windows 10 update and silence the Free Windows 10 Upgrade Offer that won’t stop trying to grab their attention from the Taskbar.

Here’s how to stop the free Windows 10 Update on your system:

Before we Begin

Before we begin, it’s important that you understand the ramifications of stopping the Windows 10 Upgrade in its tracks. Windows 10 is absolutely free to download and will receive free upgrades over time. Unless there’s a feature in Windows 7 and Windows 8 that you absolutely can’t live without – like Windows Media Center – stopping the upgrade isn’t the best idea.

That’s because Windows 7 and Windows 8 don’t have long, always-updating lifespans of their own. Support for both operating systems will eventually expire. When they do, you’ll be more vulnerable to the kinds of internet threats that could put your personal information at risk.

As for reasons not to upgrade. Early reports that Windows 10 monitored users when explicitly told not have been debunked by Microsoft. You can disable the Cortana personal assistant and the operating system does have controls for avoiding sharing location. Privacy is a legit, if slightly overblown worry with any software upgrade like this.

Stopping the Free Windows 10 Upgrade

Microsoft has so embedded the Free Windows 10 Upgrade Offer into Windows 7 and Windows 8 that there’s no real way to get away from it without a software upgrade. There’s no toggle that you can push to permanently ignore it, for example. You’re going to need to download some extra pieces of software onto your device to fully suppress it.

A straight forward and easy to use software utility for stopping the free Windows 10 update is called Never10. Developed by Gibson Research, there’s not a lot to it really. The utility kills the upgrade with a single button press. There’s nothing to configure.

Never10 can be uninstalled once you have killed the upgrade offer, but it’s a good idea to keep it around in case you ever decide that you do want to upgrade. Lots of people report having a great experience with this tool.

GWX Control Panel

GWX CP 1_7_1 Only

The appropriately named GWX Control Panel is pretty feature rich. (GWX stands for “Get Windows 10.”) The app itself isn’t all that attractive but it does its job very well.

After it’s installed, you get a breakdown of how your system was changed to accommodate the Free Windows 10 Upgrade Offer. A breakdown shows you if the icon for the offer is enabled and how much space Windows Update is using on your system to store the upgrade in case you ever decide to take advantage of it.

It then gives you the option to start reversing every change it lists. There’s a button for disabling the icon that always pops-up asking you to download operating system. Another button lets you quickly delete anything that Windows Update downloaded to your system. This is option is a life-saver, the Windows 10 download can take up as much as 4.8GB on a single device. That’s a lot of space.

You’ll want to click the Disable ‘Get Windows 10’ App button to insure that you and no one else in your household ever accidentally gives the upgrade the go ahead. You’ll also want to click the Prevent Windows 10 Upgradesbutton too.

GWX Control Panel can be configured to monitor your device and make sure that none of these settings chance, just a virus scanner, but I’d say that might be overkill at this point. Only enable this if you suddenly find yourself looking at the upgrade offer without warning again.

Again, keep GWX installed so that you’re able to reverse the decision in the future.

Good luck stopping the free Windows 10 Update. We hope this helps.

Pope, Travis. “How to Stop the Free Windows 10 Upgrade” GottaBe Mobile April 3, 2016

 

Posted in: IT Support, MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 2 12