Category Archives: Security

Windows Pin Security: 4 digits strong enough?

All of us know that the recommended password length is increasing all the time. Currently a complex password is recommended to be 14 characters or more. Instead of a long and complex password, you can also login using Windows Pin Security. The Windows 10 Pin can be as short as 4 digits. Pin is considered to be BETTER than a password. However, the pin looks fairly weak. Is it not?

On the face of it, yes. PIN appears to be grossly inadequate as a protection mechanism. But it is not. Obviously, Microsoft must have thought about it! How is the Windows Pin Security strong enough? Here are the reasons:

Why Windows Pin Security is better than passwords?

  1. PIN works only on that device. Therefore, even if someone knows your PIN, they need physical access to your PC.
  2. PIN is not visible on the network (Wi-Fi or network cable). Password can be stolen just by monitoring your Wi-Fi. PIN is typed locally on the PC. No chance of it being visible on the network.
  3. Many laptops have a special hardware chip for encrypting stuff. Using this chip to manage the PIN makes it impossible for hackers to find the pin. (This chip is called TPM. Never mind what it means.
  4. If someone steals the laptop, they have to guess the pin. As you would expect, there is a lockout setting with TPM chips. If the laptop does not have TPM, you can still use BitLocker and apply a group policy setting to limit failed logins.
  5. It is easy to get your passwords using various methods. Let us not go into details of what these methods are. What you need to remember is never to click on a random link in email or browser and never reveal the password to anyone. (period).
    If PIN is stolen from you, using the same methods which work with passwords, you are still safe because of the 4 reasons listed above.

If you forget your own pin, you must login using another method and reset the pin. Also note that if you enable biometric login (face recognition or fingerprint), creating a PIN is mandatory. Why so? Because, for whatever reason if biometric does not work, you need an equally secure alternative to login (login / password is less secure).  That is why you also need to set up a PIN. These new methods of secure login are called Windows Hello.

In short, if you have a choice, always use PIN (and biometric) instead of username and password with Windows 10.

Windows Pin entry button

Irritating = Extremely Useful – The “Enable Editing” button

Since Office 2013, you will often see a yellow bar at the top asking you to Enable Editing. Unless you press this button, you cannot type anything or format any content. This may sound irritating, but it is a very useful feature. It safeguards your interests.

enable editing

The reason is simple. Even today, many viruses travel through Office documents – as macros. These files arrive either through email, downloaded from Internet or copied from USB drives. In these cases, there is a great danger of the file infecting your PC. To prevent this from happening, these files are now opened in a special way. Here you can read the file but not edit it.

If you trust the source, you will have to click the Enable Editing button. Unless you want to edit it, don’t Enable Editing. Just read and take the required action.

SharePoint – Part 3: Secure Document Sharing

You can learn how to decide WHO can do WHAT with the documents (or other content) which you have shared. If you are using OneDrive for Business, by default, all documents can only be viewed and edited by YOU – and nobody else.

This video contains SPS 2010 screenshots. However, the concepts are still the same as of Feb 2015.

Immediate Action Required: Apply Internet Explorer security issue patch

Using Internet Explorer was very risky for the last few days due to the recently discovered bug.

Unless you solve this problem, please do not use Internet Explorer.

To solve the problem, Apply Internet Explorer security issue patch.

Just go to Windows Update in Control Panel and Check for updates – apply all critical (recommended) updates NOW.

For details see this article http://www.theregister.co.uk/2014/05/01/internet_explorer_patch/

This patch is available for Windows XP as well.

http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx

Windows Update settings

Go to Control Panel – Windows Update and make sure it is set to automatic checking and installing updates.

You may temporarily want to disable this setting when you are in very low bandwidth places. But remember to put it to automatic whenever you are back to home or office.