Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords.
In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Google is giving back some privacy control? (You read that right)
(TECH NEWS) In a bizarre twist, Google is giving you the option to opt out of data collection – for real this time.
It’s strange to hear “Google” and “privacy” in the same sentence without “concerns” following along, yet here we are. In a twist that’s definitely not related to various controversies involving the tech company, Google is giving back some control over data sharing—even if it isn’t much.
Starting soon, you will be able to opt out of Google’s data-reliant “smart” features (Smart Compose and Smart Reply) across the G-Suite of pertinent products: Gmail, Chat, and Meet. Opting out would, in this case, prevent Google from using your data to formulate responses based on your previous activity; it would also turn off the “smart” features.
One might observe that users have had the option to turn off “smart” features before, but doing so didn’t disable Google’s data collection—just the features themselves. For Google to include the option to opt out of data collection completely is relatively unprecedented—and perhaps exactly what people have been clamoring for on the heels of recent lawsuits against the tech giant.
In addition to being able to close off “smart” features, Google will also allow you to opt out of data collection for things like the Google Assistant, Google Maps, and other Google-related services that lean into your Gmail Inbox, Meet, and Chat activity. Since Google knowing what your favorite restaurant is or when to recommend tickets to you can be unnerving, this is a welcome change of pace.
Keep in mind that opting out of data collection for “smart” features will automatically disable other “smart” options from Google, including those Assistant reminders and customized Maps. At the time of this writing, Google has made it clear that you can’t opt out of one and keep the other—while you can go back and toggle on data collection again, you won’t be able to use these features without Google analyzing your Meet, Chat, and Gmail contents and behavior.
It will be interesting to see what the short-term ramifications of this decision are. If Google stops collecting data for a small period of time at your request and then you turn back on the “smart” features that use said data, will the predictive text and suggestions suffer? Only time will tell. For now, keep an eye out for this updated privacy option—it should be rolling out in the next few weeks.
Looking to refresh your virtual rooms? Check out Zoom’s Immersive View
(TECH NEWS) Zoom’s new Immersive View feature will help you feel like you’re back in the workplace or classroom again – or wherever you want to be.
If you’re tired of feeling separated from your coworkers, friends, or classmates, Zoom has a new feature that will make you feel like you’re all in the same place once again. At Zoomtopia, Zoom’s annual user conference, the company announced its Immersive View feature that they say will allow for a “more engaging and collaborative way to meet”.
With Immersive View, video participants can all be arranged in a single virtual space. Hosts can choose from one of Zoom’s immersive virtual scenes and embed video participants within that scene.
To make sure your scene is as natural as possible, hosts can move around and resize a participant’s image so they can look like they are sitting on a chair in a classroom or conference room. For added fun, you can even set a custom background. So, if you’d rather be part of the Galactic Senate Chamber, you can create your own scene.
Up to 25 video participants can be in the same virtual space. Any additional people after that will show up as a thumbnail strip on the top of the screen. And, at any time, you can change the view back to Speaker View or Gallery View if you want to.
How to get started with Zoom’s Immersive View
Immersive View is available on Windows and macOS for desktop. By default, all Free and single Pro accounts using Zoom 5.6.3 or higher will have the feature enabled.
To use the feature, first start your Zoom meeting or webinar on your desktop. In the top-right corner, click “View” and select “Immersive View”.
To place participants into the scene, choose between automatically and manually. By choosing automatic, as many participants as the layout will allow will be added to the scene. If you choose manual, you can add and remove participants as you’d like. Since Immersive View will use the first 25 participants, manual works well for larger meetings. If participant No. 26 needs to speak up, you can remove someone and add No. 26 in.
After you’ve made your choice, select one of the provided virtual backgrounds or upload your own image. If you choose to use your own custom background, make sure to follow Zoom’s virtual background specs for the best results.
Finally, click “Start” to launch your scene, and, now, you’re all set!
Those that aren’t using Zoom 5.6.3 or higher will not be able to see the Immersive View. Instead, they will see either the Gallery View or Speaker View with a black background.
Currently, Immersive View isn’t available in breakout rooms yet. Also, recordings of Immersive Views aren’t supported. Depending on your recording settings, recordings will appear in Gallery View or Speaker View.
Considering all the video call fatigue going on right about now, the timing of Zoom’s Immersive View feature couldn’t come at a better time. It will be refreshing to see a video call without just heads inside boxes.
Create a pandemic-friendly sign-in with this touchless technology
(TECH NEWS) In an era where touchless communication is paramount, Wellcome brings touchless employee and visitor sign-in technology to the workplace.
Touchless technology is becoming more and more common these days and for good reasons — health and safety. Due to the COVID pandemic, social distancing is crucial in helping decrease the amount of positive coronavirus cases.
Unfortunately, some work environments require in-person employees, contractors, and visitors. And now, some businesses are even starting to bring more of their workforce back into the office. While we can hopefully assume they all have some safety protocols in place, the front desk interactions haven’t changed much. This makes it difficult to manage and see who’s in and out.
But to fill in that gap, meet Wellcome. Wellcome is a touchless sign-in platform for employees and visitors. According to their website, the app “helps you manage the workplace effectively, making it safe and easy for everyone” who’s in the office.
And the platform does this by implementing the following features in its tool.
Employee Touchless Check-in
By uploading a list of employees to the Admin, employees automatically receive an email with a one-click “Wellcome Pass”. This pass can be added to their Apple or Android digital wallet.
Once at work, employees scan their pass on an iPad at the reception desk. Then, they will see a customizable confirmation screen with the company’s health and safety guidelines messaging. This reminder can help ensure everyone is following the rules and staying safe.
Visitor Touchless Check-in
For visitors without a Wellcome Pass, they can still scan the QR code on the iPad using their device. The QR code will direct them to a customized check-in form where they can select their host and fill out a health questionnaire on their mobile device.
COVID-Safe Visitor Screening
Based on how a visitor answers the health screening questionnaire, it will grant or deny them access to the office. This health COVID screening will help HR managers “protect the office by restricting access to visitors that might be infected.”
Via email, Slack, and/or SMS, Wellcome will immediately notify the host when they have a visitor and send them the visitor’s contact details. It will also let them know if their visitor was granted or denied access based on the health screening. If a visitor is denied access, the host is instructed to not meet the visitor, but contact them another way.
If there is a potential or confirmed COVID-19 case at work, Wellcome makes it easy to identify and notify anyone who may be at risk. To do this, the HR manager just needs to search by a person’s name and date range in the Admin. Search results will pull up anyone that could have come in contact with the infected person.
The Admin will also notify all employees and visitors that need to self-isolate and get tested. If needed, Wellcome also lets you download and submit a tracing report.
Manage Office Capacity
Wellcome tracks workplace capacity and occupancy data to help maintain social distancing. If occupancy reaches the capacity limit, the Admin will be notified to “take steps to reduce occupancy in order to stay within the required limits.”
In the Admin Dashboard, reports are available to view the status of current capacity. It can also predict what the occupancy will be each day so companies can plan ahead.
Employees have the option to pre-book when they want to come into the office. The app displays how many slots are available for each day, and it can send out a calendar reminder. Through the Admin, HR managers can see who will be coming into the office. This is Wellcome’s other way of making sure capacity limits are always within range.
Also, setting up Wellcome is pretty simple. All you need is an iPad. You install the app on it and leave it at the reception desk for employees and visitors to check-in.
For companies who have employees and visitors in and out of the office. Wellcome does sound appealing, and it looks like they will benefit a great deal from the platform. And, if you’d like to check it out, Wellcome lets you use the app free for 14 days. Afterwards, you can select a plan that works best for you.
Business Entrepreneur2 days ago
How to effectively share negative thoughts with your business partner
Business Entrepreneur5 days ago
Why receiving big funding doesn’t guarantee startup success
Business Entrepreneur1 week ago
‘Small’ business was once a stigma, but is now a growing point of pride
Opinion Editorials3 days ago
Basic tips on how to handle common (and ridiculous) interview questions
Opinion Editorials5 days ago
Be yourself, or be Batman? A simple trick to boost your self-confidence
Social Media3 days ago
Twitter branches out into voice chat – what could go wrong?
Business Entrepreneur1 week ago
3 types of clients you should fire as a freelancer (without feeling guilty)
Business Entrepreneur2 weeks ago
Tesla: One company, or a collection of innovative startups?