British Government Advice Threatens Your Cyber Security

Uploaded on 2020-05-04 in NEWS-Cybersecurity News, FREE TO VIEW

The UK Governments National Cyber Security Centre (NCSC) is recommending that you save your password in your browser.  We don't recommend it. Internet browsers have the ability to save passwords but they are typically kept in a non-encrypted, plain text format.  

It is strongly recommended that you do not use your browsers password saving feature, as this is not a secure password manager.

If a web browser like Chrome, Firefox, or Safari are allowed to store passwords, you're putting your network security severely at risk.For instance: Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. 

This means that if your account is hacked, the hacker has access to all your other accounts.

Passwords have been used as a safeguard against others obtaining information throughout history. The less people who know a passcode or phrase, the more secure the information becomes and the less likely it will ever turn into public knowledge. With the advent of the Internet, and the ability to store everything online, you might think your information is secure. However, there are people out there who want nothing more than to still gain access to the information you hold most private.  

Even if you have your password in a secure location online, almost any site can be hacked into and your information which you thought was secure is no longer protected.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. But do you let your browser remember your passwords and automatically fill them in for you every time you sign into an online account because if you do you could be headed for real trouble.

If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have immediate and complete access to any online accounts that you have allowed your browser to store the passwords for. The UK NCSC says on their website ‘Using the same passwords for all your accounts makes you vulnerable, if that one password is stolen all your accounts can be accessed....It’s good practice to use different passwords for the accounts you care most about...Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to...Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.’

Passwords. They are the bane of so many users' existence, yet they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised.

Yes, it's convenient. and who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window. However, this is not a secure way forward.

The Basics 
Despite being constantly warned, users still insist on passwords like 12345 or ‘password’ for a password.  Even when those users employ incredibly complex passwords, there is still a pitfall in the way of enjoying a truly safe networking experience. This pitfall is when a web browser is allowed to store passwords.

The password saving option can be very helpful if you set different robust passwords for each service. But the truth is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This means that anybody with access to your computer, co-workers, relatives, or anyone that lays hand on your computer, will be able to access these passwords from the browser’s own settings menu.

Do not use your browser password saving feature. One of the best and most secure ways of protecting a password is writing down your password offline., Your password should be something which you will know right away, but you make it very difficult for someone else to figure out in case it ever falls into the wrong hands.

You should never keep just one copy of this list. You should secure a second list some-where, in case this list ever does get lost. For obvious reasons, they should not be kept in the same exact location, but only you and maybe a loved one should know where it is.  The less people who know the passcode and where to find it, the more secure it will be.

NCSC:        StaySmartOnline:     BBVA:     TechRepublic:     University of Minnesota:   

RicksDailyTips     WigglyWisdom:

You Might Also Read:

Stay Cyber-Secure Working From Home:

 

 

 

 

 

« Lockdown Security Apathy Could Be A Big Risk
Hackers Attack Israel’s Water Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.