Login
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals.
Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy.
Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them.
If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt.
Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.
If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all.
Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official.
Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.
Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device.
Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online.
Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.
The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.
Authored by: Christy Crimmins and Oliver Devane
Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup).
An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament.
Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information.
It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.
For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog.
According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.
The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
The red box on the right image shows that the ticket site accepts payment via Bitcoin.
Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp.
Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.
In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.
As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.
Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check.
For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection.
For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!
The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.
Passwords: we entrust our most important data to these strings of letters, numbers, and special characters. So, we should make sure our passwords are words or phrases that we can easily remember, right? While this might be the most convenient option, there are more secure ways to digitally lock up your most sensitive personally identifiable information (PII). In celebration of World Password Day, we’re diving into how you can practice top-notch password security without compromising convenience.1
Over the years, the password has remained a good first line of defense against cyberattacks. However, most of us tend to choose passwords based on memorable things from our lives, like family names or our pets’ birthdays. As it turns out, these details are easy for hackers to find on social media sites like Facebook or LinkedIn. It’s also human nature to opt for convenience, and for many people that means setting easy-to-remember and easy-to-guess passwords. Plus, out of convenience, people often reuse passwords across multiple accounts and services. The downside is that if one account becomes compromised, all accounts become compromised.
As an alternative to single-word passwords, many security experts advocate for passphrases over passwords. Passphrases are longer strings of words and characters that are easier for you to remember and harder for nefarious software and cybercriminals to guess than random strings of upper and lowercase letters, numbers and symbols. But, according to a study, the average American internet user was projected to have 300 online accounts by 2022.2 Can you imagine memorizing 300 different passphrases? We can all agree that sounds pretty unrealistic, so users tend to look for other solutions.
If the answer is yes, you may want to reconsider, as there are several risks associated with this practice. Although it’s convenient to have your browser save your passwords, they tend to do a lousy job of safeguarding your passwords, credit card numbers and personal details, such as your name and address.
Let’s take Google Chrome, for example. Unlike most dedicated password managers, Chrome doesn’t use a primary password to encrypt all your credentials. (Note that some browsers do use one, and are therefore more secure, though you’ll still need to trust your browser provider.) This makes your Chrome-stored passwords relatively weak to “local” attacks. For example, if someone gets hold of—or guesses—your Windows password, they can then see all the logins stored in your browser’s password manager.
Another consideration to note is that the security of all your accounts is tied to your browser account’s security. Let’s say you use the sync option to make your credentials available on all your devices. This means that logins are stored in the cloud and, though encrypted, if someone manages to hack into your browser account, they will gain access to all your logins.
What can you do to help ensure your online profiles are kept safe without spending hours managing a complex list of passwords? Here are some easy ways to lock down your digital life without sacrificing convenience:
A password manager is a software application that stores your passwords and other sensitive information. You can install it on computers or mobile devices and store all passwords in an encrypted file (or database). The best option is to use a password manager like McAfee True Key to store and create strong, random passwords for each site you visit. You’ll have one primary password that grants access to the rest of them—ideally, a long and random passphrase that you can remember. Once everything is set up, it should be seamless. As you log in to new sites, the password manager will offer to save your credentials for later use.
One of the best ways to protect your accounts against unauthorized access is to turn on two-factor authentication for every site that offers it. Using two-factor authentication means a site will prompt you for a unique security code, in addition to your password, whenever you log in to an account for which you have enabled this feature.
Two-factor authentication adds an extra layer of security by requiring another form of identification after you enter your username and password. Some services send a temporary passcode over text message. Others require the user to approve login attempts from new devices using an app. If someone steals your device or gains access to your account details, they’re out of luck unless they also have access to this second piece of information. Two-factor authentication is available on a wide range of websites and can help keep your accounts safe from would-be hackers, so you should always use it when available.
A VPN, or virtual private network, encrypts your data and masks your online behavior from snooping third parties. When you go to a website, your computer connects to the server where the site is hosted, and that website can see a certain amount of data about you and your computer. With a VPN, you connect to a private server first, which scrambles your data and makes it more difficult for digital eavesdroppers to track what you’re doing online.
VPNs can provide users with greater peace of mind when on the go. Say you’re traveling on a business trip and need to connect to the Wi-Fi network provided by your hotel. Shifty characters often lurk on unprotected, free networks (such as those provided by hotels, coffee shops, airports, etc.) to lift PII from people handling sensitive emails, making banking transactions, or shopping online. McAfee Safe Connect VPN encrypts your online activity with bank-grade encryption to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once and enjoy unlimited data protection.
With your growing number of accounts all requiring passwords—emails, social media profiles, online banking—it’s no wonder that people tend to reuse passwords across multiple sites. This may be convenient, but it creates significant security risks if a suspicious actor manages to obtain one of your passwords and attempts to use it elsewhere. That’s why having strong passwords matters.
Do yourself a favor and opt for a dedicated password manager that will auto-save and store your credentials for you, so you only have one password to remember. Who says security and simplicity can’t coexist?
The post This World Password Day, Here’s How a Password Manager Can Simplify Your Life appeared first on McAfee Blog.
Passwords: we entrust our most important data to these strings of letters, numbers, and special characters. So, we should make sure our passwords are words or phrases that we can easily remember, right? While this might be the most convenient option, there are more secure ways to digitally lock up your most sensitive personally identifiable information (PII). In celebration of World Password Day, we’re diving into how you can practice top-notch password security without compromising convenience.1
Over the years, the password has remained a good first line of defense against cyberattacks. However, most of us tend to choose passwords based on memorable things from our lives, like family names or our pets’ birthdays. As it turns out, these details are easy for hackers to find on social media sites like Facebook or LinkedIn. It’s also human nature to opt for convenience, and for many people that means setting easy-to-remember and easy-to-guess passwords. Plus, out of convenience, people often reuse passwords across multiple accounts and services. The downside is that if one account becomes compromised, all accounts become compromised.
As an alternative to single-word passwords, many security experts advocate for passphrases over passwords. Passphrases are longer strings of words and characters that are easier for you to remember and harder for nefarious software and cybercriminals to guess than random strings of upper and lowercase letters, numbers and symbols. But, according to a study, the average American internet user was projected to have 300 online accounts by 2022.2 Can you imagine memorizing 300 different passphrases? We can all agree that sounds pretty unrealistic, so users tend to look for other solutions.
If the answer is yes, you may want to reconsider, as there are several risks associated with this practice. Although it’s convenient to have your browser save your passwords, they tend to do a lousy job of safeguarding your passwords, credit card numbers and personal details, such as your name and address.
Let’s take Google Chrome, for example. Unlike most dedicated password managers, Chrome doesn’t use a primary password to encrypt all your credentials. (Note that some browsers do use one, and are therefore more secure, though you’ll still need to trust your browser provider.) This makes your Chrome-stored passwords relatively weak to “local” attacks. For example, if someone gets hold of—or guesses—your Windows password, they can then see all the logins stored in your browser’s password manager.
Another consideration to note is that the security of all your accounts is tied to your browser account’s security. Let’s say you use the sync option to make your credentials available on all your devices. This means that logins are stored in the cloud and, though encrypted, if someone manages to hack into your browser account, they will gain access to all your logins.
What can you do to help ensure your online profiles are kept safe without spending hours managing a complex list of passwords? Here are some easy ways to lock down your digital life without sacrificing convenience:
A password manager is a software application that stores your passwords and other sensitive information. You can install it on computers or mobile devices and store all passwords in an encrypted file (or database). The best option is to use a password manager like McAfee True Key to store and create strong, random passwords for each site you visit. You’ll have one primary password that grants access to the rest of them—ideally, a long and random passphrase that you can remember. Once everything is set up, it should be seamless. As you log in to new sites, the password manager will offer to save your credentials for later use.
One of the best ways to protect your accounts against unauthorized access is to turn on two-factor authentication for every site that offers it. Using two-factor authentication means a site will prompt you for a unique security code, in addition to your password, whenever you log in to an account for which you have enabled this feature.
Two-factor authentication adds an extra layer of security by requiring another form of identification after you enter your username and password. Some services send a temporary passcode over a text message. Others require the user to approve login attempts from new devices using an app. If someone steals your device or gains access to your account details, they’re out of luck unless they also have access to this second piece of information. Two-factor authentication is available on a wide range of websites and can help keep your accounts safe from would-be hackers, so you should always use it when available.
A VPN, or virtual private network, encrypts your data and masks your online behavior from snooping third parties. When you go to a website, your computer connects to the server where the site is hosted, and that website can see a certain amount of data about you and your computer. With a VPN, you connect to a private server first, which scrambles your data and makes it more difficult for digital eavesdroppers to track what you’re doing online.
VPNs can provide users with greater peace of mind when on the go. Say you’re traveling on a business trip and need to connect to the Wi-Fi network provided by your hotel. Shifty characters often lurk on unprotected, free networks (such as those provided by hotels, coffee shops, airports, etc.) to lift PII from people handling sensitive emails, making banking transactions, or shopping online. encrypts your online activity with bank-grade encryption to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once and enjoy unlimited data protection.
With your growing number of accounts all requiring passwords—emails, social media profiles, online banking—it’s no wonder that people tend to reuse passwords across multiple sites. This may be convenient, but it creates significant security risks if a suspicious actor manages to obtain one of your passwords and attempts to use it elsewhere. That’s why having strong passwords matters.
Do yourself a favor and opt for a dedicated password manager that will auto-save and store your credentials for you, so you only have one password to remember. Who says security and simplicity can’t coexist?
The post This World Password Day, Here’s How a Password Manager Can Simplify Your Life appeared first on McAfee Blog.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and countless snapshots of your furry companion. Next, open your laptop or desktop and check to see how many documents you have saved — perhaps all the research reports you have saved to defend your graduate thesis or an important slideshow you’re presenting to your boss on Monday. If you had to guess, would you say the total number of these various pieces of data is into the thousands? Now imagine if all this data was suddenly gone. What would you do?
You might be thinking, “That will never happen to me.” However, this situation is more common than you think. More than 60 million computers will fail worldwide this year, and over 200,000 smartphones are lost or stolen every year. That’s why we’re celebrating World Backup Day by sharing how you can properly back up your files and find peace of mind knowing that your data is safe and sound.
A backup is a separate copy of your important and sentimental digital files and information. Storing all that data in one place, like a personal computer or smartphone, can prove unsafe. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should your device get wiped or stolen.
It’s important to recognize that data loss isn’t something that only happens to huge corporations or unsuspecting victims in spy movies. Everyone is susceptible to data loss or theft and backing up that data is an easy step to protect all your information and prevent cybercriminals from taking what isn’t theirs.
Data is one of the most important assets in the modern world. As we illustrated earlier, people collect countless files that contain valuable information they want to keep safe. Luckily, there are two common and inexpensive ways that a user can store their data and their ever-important backups.
Although “the cloud” became a major buzzword years ago, its definition is still cloudy for some folks. The cloud exists in remote data centers that you can access via the internet. Any data you’ve uploaded to the cloud exists on dedicated servers and storage volumes housed in distant warehouses, often situated on campuses full of such warehouses. Data centers are owned by cloud service providers, who are responsible for keeping the servers up and running.
To keep your data physically safe from theft and destruction, and to make sure it’s available whenever you want to access it, data centers run extensive cooling systems to keep the electronics from overheating and have at least one backup generator in case of power outages. But how do they make sure that this data is secure in the cybersphere? Cloud systems use authentication processes like usernames and passwords to limit access, and data encryption to protect data that is stolen or intercepted. However, it’s important to remember that passwords can be hacked. Typically, the service provider holds the encryption keys to your data, meaning that rogue employees could, theoretically, access it. Likewise, your data could also potentially be searched and seized by government entities.
This begs the question: Trust or don’t trust? Because cloud storage companies live and die by their reputation, you can rest assured knowing that they go to great lengths to use the most advanced security techniques and provide the most reliable service possible. To help ensure the security of your data should you choose to store or back it up to the cloud, keep anything truly sensitive in a private cloud behind a firewall.
With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you can access anytime. These drives are a reliable way to achieve data redundancy. An external hard drive doesn’t rely on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach to backing up your data. It’s your responsibility to regularly perform backups yourself and store your hard drive in a safe location. While cloud solutions offer huge amounts of storage, storage space on hard drives are limited, so you may have to purchase more than one device. Look for an external drive with at least a terabyte of space to accommodate all your data, which tends to accumulate quickly.
As you’re cleaning out your garage and tidying up your home, take the same care to do some digital spring cleaning this World Backup Day. Give your devices, apps, and online accounts a good decluttering and gain more peace of mind knowing that all your valuable data is stored in a safe, secure place … and that you have a backup in case something goes awry. Remember, proactivity goes a long way toward shoring up your cybersecurity and protecting your information.
The post It’s World Backup Day! Here’s How You Can Preserve Your Files appeared first on McAfee Blog.
Today we wrap up Mobile World Congress (MWC) 2021. Whether you joined online or attended the hybrid conference in person, one thing is certain: today’s groundbreaking technology is paving the way for our future connectivity. Fittingly, the theme of this year’s event was Connected Impact, representing the role mobile connectivity plays in an ever-changing world, where flexibility and adaptability are critical. Here are four of the key consumer takeaways from this year’s conference:
COVID-19 truly put the power of online connectivity to the test. While 2020 was supposed to be the year of 5G connectivity, this was put on pause as the world faced social and financial uncertainty. Instead, the spotlight fell on legacy technologies to create a new normal for users. Consumers quickly had to figure out how to live their best lives online — from working from home to distance learning to digitally connecting with loved ones.
To help foster online connectivity for all, 5G must step back into the spotlight. Although publicly available 5G networks have been around for two years, it is unlikely that many users see much of a difference between 5G and LTE. For users to feel the impact of 5G, mobile carriers must expand the frequencies at the low and high ends of the spectrum, which is where 5G networks operate.
Qualcomm led the 5G announcements on Monday with the unveiling of its second-generation Qualcomm 5G RAN Platform for Small Cells (FSM200xx). This platform brings major enhancements to radio frequencies and is designed to take millimeter wave performance to more places: indoors, outdoors, and around the globe. According to Qualcomm, these advancements aim to facilitate greater mobile experiences and accelerate 5G performance and availability to users everywhere— thus reshaping opportunities for homes, hospitals, offices and more.
Technology and connectivity played a crucial role in our daily lives in 2020—and therefore, unsurprisingly, spending on health and wellness tech grew by 18.1%. But now, we must ask ourselves what role technology will play post-lockdown.
While they did not have a physical appearance at MWC this year, Samsung provided a sneak of their new wearables: they introduced the One UI Watch user experience, a new interface designed to make the Galaxy Watch and smartphone experience more deeply connected. Samsung also announced its expanded partnership with Google, promising to deliver better performance, longer battery life, and a larger ecosystem of apps to the Galaxy Watch. Although they did not unveil any hardware at MWC, Samsung did ensure that users can expect to see new devices like the Galaxy Z Fold 3 and the Galaxy Watch 4 at their Galaxy Unpacked event happening in July/August of 2021.
2020 also shone a bright light on the key role technology plays in the consumption and distribution of creative arts and entertainment. Lockdown put an even greater responsibility on streaming platforms — and the devices they are accessed on — to deliver content right to people’s homes.
To help meet entertainment consumption needs, Lenovo announced not one, not two, but five new Android tablets during MWC. Its largest tablet is the Yoga Tab 13, which features a built-in kickstand, 13-inch display with 2,160 x 1,350 resolution, up to 12 hours of battery life, and more. Lenovo is pitching this model as its “portable home cinema,” perfect for streaming on the go. It also unveiled the Yoga Tab 11 and the Tab P11 Plus, which are expected to be available in EMEA in July following the Yoga Tab 13’s June release date. For users hoping for a more compact, budget-friendly device, Lenovo also announced the Lenovo Tab M8 and the Lenovo Tab M7. Whichever model you select, one thing it certain — digital devices have and will continue to be instrumental in consumer entertainment.
These exciting announcements are a great representation of what the future holds for mobile technology and greater connectivity. The advancements in mobile connectivity have already made a positive impact on consumer lifestyles, but the rise in popularity of these devices has also caught the attention of cybercriminals looking to exploit consumers’ reliance on this technology.
More time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of the increase in connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware and more. For users to continue to live a connected life, they will need to take greater care of their online safety and ensure that security is top-of-mind in any given situation. Taking these precautions will provide greater peace of mind in the new mobile-driven world.
The post The Future of Mobile: Trends from Mobile World Congress 2021 appeared first on McAfee Blogs.
World Password Day isn’t the most popular day on the calendar, but it’s an important reminder that good password hygiene is essential to staying safe online. This World Password Day, we’d like to talk about improving your password hygiene, how you can help your friends and family improve theirs, and what the future of authentication holds.
The SolarWinds hack in 2020 is one of the most devastating hacks in the history of the internet. Close to 20,000 company’s systems were compromised, losing billions of pieces of data in the process. If you’re one of the 37% of Americans that go long periods of time without updating passwords*, large-scale attacks like SolarWinds can be devastating. By stealing so many login credentials simultaneously, attackers can potentially access exponentially more accounts by reusing leaked credentials on different sites. Unfortunately this is not an isolated event, data breaches from websites and services we frequently use continue to happen through 2021 as well.
According to a recent survey we conducted, 34% of Americans have reused the same, or similar, password more than once. By using the same password for multiple accounts, attackers only need to find one password, creating a domino effect that makes it easier to access more accounts. If that password is weak, it becomes even easier to tip over that first domino.
Our guidance is to create strong, hard-to-guess passwords to protect your accounts. We recommend creating a unique password for every online account, using more than 16 characters, with upper and lower case letters, some numbers, and special symbols, to make a stronger than average password. How are you supposed to remember all of those strong passwords, though?
Well, password managers, especially those included in comprehensive security suites like McAfee® Total Protection, do much of the heavy lifting for you. For instance, McAfee’s integrated password manager not only helps you create stronger passwords and store them, but will also autofill your credentials and log you into websites as well. These convenient features extend beyond just your computer and can be used on other devices like your phone and tablet. Best of all, password managers that are an integrated part of a security suite can be monitored, so you’ll be alerted if your passwords get exposed in a data breach.
You’ve already taken a step towards improving your password hygiene by reading this blog post. But the next step is, have an honest look at your passwords. Do you write them down, use the same for many accounts, or use weak ones? Then it may be time for a change to better protect your accounts and the personal info in those accounts.
If you’re like a certain member of my family—that will remain nameless, Mom—who kept their passwords written down in a notepad, making the change to a password manager (McAfee’s, naturally) was a life-changing moment. Not only did it help her see just how often she was using the same login credentials, she now has an easy way to store, auto-fill, and even generate strong passwords across all her accounts and devices. An intended bonus was that she also realized how many accounts she was no longer using!
Now that you know more about what makes a strong password and how to protect them, let’s talk about why strong passwords are just the start of keeping your accounts safe. You’re probably already using Two-Factor Authentication for apps and services, but you may not have heard the term before. Two-Factor Authentication, or 2FA, is the second layer of protection to authenticate or prove you are the owner of this account. If you’ve received a text message or an email to confirm a new account signup, that’s a type of 2FA.
Text messages and email aren’t the only types of 2FA. There are USB keys, apps, and even systems built-in to your phone, like facial recognition to open phone apps, for example. Some popular 2FA options are USB keys and Google Authenticator.
The great thing about 2FA is that it helps make your strong passwords even more effective by stopping an attacker from using stolen credentials. If you fell victim to a phishing attack that looked like your bank’s website, the attacker would have your email and password combination. Without 2FA, they could log into your account and pretend they’re you. With 2FA in place, it becomes much harder for an attacker to access your account because they’re missing that last important piece of information.
Humans are almost always the weakest link when it comes to securing information. But by committing ourselves to better password practices, with help from the latest technology, we can make sure passwords are a strong link in our security chain; one that will only get stronger in the future.
For instance, using a device like a key-fob, new passwordless systems can authenticate a user without entering their login details. Not only does this make logging into your accounts lightning fast, you also never have to remember a complicated password again.
Biometric locks, like FaceID, are another example of passwordless entry. Using your face, or a fingerprint to authenticate yourself makes it much harder for attackers to break into your accounts.
We hope this Password Day post has helped answer some questions about password hygiene and how to take better care of your online accounts. Online security changes from day to day, so staying aware of new technologies and building safe new habits is essential. Perhaps one day this day will no longer need to exist on our calendars, as we look to a future where we might not need passwords at all. While we collectively make strikes towards this future, let’s celebrate this day while it lasts.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post World Password Day: Make Passwords the Strongest Link in Your Online Security appeared first on McAfee Blogs.
FreshRSS 