Tag Archives: security

Windows Pin Security: 4 digits strong enough?

All of us know that the recommended password length is increasing all the time. Currently a complex password is recommended to be 14 characters or more. Instead of a long and complex password, you can also login using Windows Pin Security. The Windows 10 Pin can be as short as 4 digits. Pin is considered to be BETTER than a password. However, the pin looks fairly weak. Is it not?

On the face of it, yes. PIN appears to be grossly inadequate as a protection mechanism. But it is not. Obviously, Microsoft must have thought about it! How is the Windows Pin Security strong enough? Here are the reasons:

Why Windows Pin Security is better than passwords?

  1. PIN works only on that device. Therefore, even if someone knows your PIN, they need physical access to your PC.
  2. PIN is not visible on the network (Wi-Fi or network cable). Password can be stolen just by monitoring your Wi-Fi. PIN is typed locally on the PC. No chance of it being visible on the network.
  3. Many laptops have a special hardware chip for encrypting stuff. Using this chip to manage the PIN makes it impossible for hackers to find the pin. (This chip is called TPM. Never mind what it means.
  4. If someone steals the laptop, they have to guess the pin. As you would expect, there is a lockout setting with TPM chips. If the laptop does not have TPM, you can still use BitLocker and apply a group policy setting to limit failed logins.
  5. It is easy to get your passwords using various methods. Let us not go into details of what these methods are. What you need to remember is never to click on a random link in email or browser and never reveal the password to anyone. (period).
    If PIN is stolen from you, using the same methods which work with passwords, you are still safe because of the 4 reasons listed above.

If you forget your own pin, you must login using another method and reset the pin. Also note that if you enable biometric login (face recognition or fingerprint), creating a PIN is mandatory. Why so? Because, for whatever reason if biometric does not work, you need an equally secure alternative to login (login / password is less secure).  That is why you also need to set up a PIN. These new methods of secure login are called Windows Hello.

In short, if you have a choice, always use PIN (and biometric) instead of username and password with Windows 10.

Windows Pin entry button

Warning: Office 365 SPAM – Phishing attack

DO NOT respond to any mails which ask for Urgent Upgrade. Here is a sample mail which I just received.

image

There is a link called UPGRADE NOW.
DO NOT CLICK ON THIS LINK.

This link leads to an authentic looking Office 365 login page. Needless to say, it is a fake page. This is called a Phishing attack.

image

DO NOT put your password there.
Just delete the mail permanently and do not think about it again.

I have already informed the relevant authorities in Microsoft. They will do the needful.

If you are in another country or region, you may not receive this particular type of mail. But in any case, do not trust any such mails. If you are an IT person, go to the Office 365 Admin page and check if there is a genuine need for license upgrade. If you are not an IT person, just alert your IT team.

Be safe!.

Security Neglect: Office 365 Worst Practices

Everyone is worried about putting corporate files, data and emails on the cloud – or Office 365. This worry continues after deploying Office 365. Paradoxically, the actual efforts put into maximizing Office 365 are inadequate. Of course, Microsoft data centers follow and often create new, global security standards. However, there is Security Neglect at the individual tenant (customer) level. Most do not even know that there is a Office 365 Secure Score. Find out more. Reading time 7 min.

Security Neglect - Secure score

Continue reading Security Neglect: Office 365 Worst Practices

Irritating = Extremely Useful – The “Enable Editing” button

Since Office 2013, you will often see a yellow bar at the top asking you to Enable Editing. Unless you press this button, you cannot type anything or format any content. This may sound irritating, but it is a very useful feature. It safeguards your interests.

enable editing

The reason is simple. Even today, many viruses travel through Office documents – as macros. These files arrive either through email, downloaded from Internet or copied from USB drives. In these cases, there is a great danger of the file infecting your PC. To prevent this from happening, these files are now opened in a special way. Here you can read the file but not edit it.

If you trust the source, you will have to click the Enable Editing button. Unless you want to edit it, don’t Enable Editing. Just read and take the required action.

Office 365 prevents confidential data leakage: Are you using it?

This is a brief article. I will cover it in more detail later. But this is just to inform all the readers that such a sophisticated facility exists within Office 365 and they should take advantage of it.

I have observed that although Office 365 is a popular product, all customers do not really notice, appreciate and utilize this powerful platform to the fullest extent.

One such feature is called Data Loss Prevention. It helps you control, monitor and prevent leakage of confidential data, customer privacy related information, financial data, etc. by any employee through Email. This feature is also being extended to SharePoint.

Exactly how to activate the feature and configure it is beyond the scope of this article. It is not even the intention of writing the article. Just understand what it does and if you find it useful and relevant to your business – make sure your IT team implements it.

What does DLP in Office 365 do?

In simple terms, it monitors every outgoing mail message and checks if any pre-defined restricted information is being sent outside your organization.

If it does find such a mail, it can either warn the user, capture the reason for sending it, prevent the user from sending it, forward it to a compliance officer, delete the mail, follow an approval process and so on.

You choose what is objectionable, sensitive, confidential or privacy related data. You create the rules and DLP follows it faithfully.

To make your life simpler, many ready-made rules are available. These rules are created as per stringent government and banking guidelines. You can start with a ready-to-use template and then refine it as needed.

In short, Try it, Assess it and Use it.

SharePoint – Part 3: Secure Document Sharing

You can learn how to decide WHO can do WHAT with the documents (or other content) which you have shared. If you are using OneDrive for Business, by default, all documents can only be viewed and edited by YOU – and nobody else.

This video contains SPS 2010 screenshots. However, the concepts are still the same as of Feb 2015.