At ThreatSTOP we are unapologetic security geeks, we also happen to be security minimalists. In fact, we think anyone passionate about The Cybers aims to maximize protection with the fewest tools. Why? Because tools break, they have vulnerabilities, they cost money, they require care and feeding, etc. etc.. Is it crazy to think you can secure a network really well with only ThreatSTOP, a firewall, a DNS server, and good password hygiene? Heck no, that's not crazy, what is crazy is that a huge percentage of businesses (skewing to SMB of course) don't even check those minimums off the security must-have list, while lots of companies conversely have become collectors, with a SOC that looks like a virtual RSA tradeshow. So while we daydream about a future where enterprises don't have either zero or 70 different security products that aren't playing nice together, check out our favorite new tool (hah!) for managing passwords:
Google has announced a ton of new password protection features this week after releasing Chrome 88. The new browser version provides users with an easy shortcut to identify weak or compromised passwords and quickly change them. The new key icon will appear under your profile avatar, and clicking it will begin Google’s check for weak passwords. If found, the browser will immediately alert you and offer a one-click password change. Chrome 88 will also let users manage and update multiple passwords in the same place. This feature is currently available for desktop and iOS versions, and will be available for the Android Chrome app soon. Google has already seen a 37% reduction in compromised credentials in 2020 based on the Chrome Safety Check features and other improvements made last year. Today, Chrome’s safety check is used 14 million times every week.
In addition to periodically checking your passwords using Chrome’s simple password check, always make sure that your passwords are strong and secured in the first place. Even if you are able to catch a compromised password and change it, it may have already been used for data theft or extortion from your accounts.
ThreatSTOP's Security Team says "go do these things, right now, before you get smacked with a breach and get all kinds of bad publicity":
- Use complex passwords – create passwords that are at least 8 characters long, and make sure that they’re not in the Top 200 Most Common Passwords.
- Do not reuse passwords – we know it’s tempting, but since data breaches are constantly occurring, even to the largest and most well-known services, using the same password for multiple accounts puts you at high risk of having many of your accounts breached.
- Implement two-factor or multi-factor authentication – this process helps ensure that even if threat actors have cracked or stolen your passwords, they still cannot access your accounts without knowing the other authentication factors as well.
- Protect yourself from malicious emails – do not click on links or attachments in emails before checking the email thoroughly and making sure it is legitimate.
- Monitor your traffic – detect suspicious repeated attempts and add their source IPs to your firewall block list to block further attacks.
- Block malicious traffic – use a security solution that protects your network from malicious inbound traffic, so that malware cannot download itself on to your machine, as well as from malicious outbound traffic, so that if the malware has already sneakily made its way in, it cannot send your passwords back to its C2 servers.