Newsletter Archives

• Hackers are using two-factor authentication to infect you

  Posted on April 14, 2025 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We’ve all seen those are-you-human tests that websites use to screen out data-scraping bots — e.g., click all the cars, enter the code we texted you, etc. — but, unfortunately, malicious hackers are now exploiting our trust in these common dialog boxes to trick us into installing malware on our PCs.

  It’s natural for us to simply click through whatever process a particular website may use for two-factor authentication (2FA). But hackers are taking advantage of that sense of familiarity to bypass our usual security measures and infect our machines.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Public Defender Are You Human, ClickFix, Multifactor Authentication, Newsletters, Passkeys, Social Engineering, Two-factor authentication

• Passkeys in Turbo Tax?

  Posted on February 20, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  I hit this last night logging into QuickBooks online, but you may also see it when logging into TurboTax on a system that supports passkeys.

  A passkey is a modern authentication method designed to replace traditional passwords, offering enhanced security and user convenience for accessing online accounts and applications. Unlike passwords, which are user-generated and vulnerable to various attacks, passkeys are automatically generated using public-key cryptography. It’s tied to that PC. So even though I set up a passkey for this computer, it doesn’t mean that I am mandated to use a passkey on all computers. If I logged into a PC that didn’t support passkey technology, it would require my two-factor authentication to log in. Intuit may have supported this before, but this was the first time it popped up — encouraging me to use it.

  The main thing is that passkeys are phishing resistant.

  Are they immune to attacks?  Nothing is immune. Given enough time, energy, computing power, and especially adversary-in-the-middle attacks, the latter being when the attacker manipulates login in forms to expose alternative, weaker logins or device compromises in which the private key could be exposed. But it does mean that the attacker will be encouraged to go down the street and attack your neighbor. Ultimately, that’s our goal — to make it just a little bit harder so that the attacker will find the weak link elsewhere.

  Security Multifactor Authentication, Passkeys, Patch Lady Posts

• Protecting your identification

  Posted on February 3, 2025 at 02:41 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  There is some sort of unique code in every country and jurisdiction, usually a number, that identifies you to the government — especially for tax purposes.

  In the United States, it’s our Social Security number (SSN). But no matter where you live, protecting that ID is critically important. I’ll discuss that here in the context of the US, but the same caution applies similarly everywhere.

  Read the full story in our Plus Newsletter (22.05.0, 2025-02-03).

  On Security Backup, Federal Trade Commission, Government IDs, Multifactor Authentication, Newsletters, Patch Lady Posts, Social Security Number, SSN

• You clicked on that phish?

  Posted on November 11, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It happens. You fell for it. You clicked on something you shouldn’t have. You followed a link. You entered your password on a site that wasn’t legitimate.

  In these instances, you didn’t suffer an intrusion to your computer. Instead, your login credentials were impacted. What should you do?

  First, don’t panic. In the case of many attacks these days, your operating system is still intact — not impacted in any way. The once standard reaction “I got hacked, so I’ll restore my computer from a clean backup or reinstall from scratch” probably isn’t necessary. In fact, it may be irrelevant to your response.

  Read the full story in our Plus Newsletter (21.46.0, 2024-11-11).

  On Security Adversary-in-the-middle, CISA, Credentials, Exchange, Microsoft Compliance Portal, Microsoft Purview portal, Multifactor Authentication, Newsletters, Passwords, Patch Lady Posts, phishing, Security, Trusted Devices, Two-factor authentication

• How my Internet outage caused security problems

  Posted on September 23, 2024 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  I live in a city with electricity, high-speed Internet, and all the other customary modern conveniences.

  In that same city dwell squirrels, birds (including beautiful hummingbirds), possums, kit foxes, bees, and too many others to mention. Although they’re lovely to have around, they are not necessarily the best of neighbors. Interaction with them doesn’t always work out, and sometimes that affects my technology — and even my security.

  Read the full story in our Plus Newsletter (21.39.0, 2024-09-23).

  On Security Insects, Internet, Internet connectivity, ISPs, Multifactor Authentication, Newsletters, Patch Lady Posts, Performance, Security, Squirrels, Wiring, Xfinity

• Dealing with regulated security

  Posted on August 26, 2024 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Being in charge of the technology and security at my office means providing the best security that does not interfere with our people’s ability to do their jobs effectively.

  Sometimes that can be difficult because of the regulations that control my line of work, most of which come from taxing authorities. I’ll be US-centric in my comments here, knowing little about regulations in other countries. But I’ll bet most are similar. So hopefully, my suggestions will help you choose better security while accommodating the realities of your business, the systems you use, and the online resources you require.

  Read the full story in our Plus Newsletter (21.35.0, 2024-08-26).

  On Security Authenticator Apps, Cisco Duo, ID.me, IRS, Login.gov, Multifactor Authentication, Newsletters, Patch Lady Posts, SSA, Two-factor authentication

• Setting up MFA properly

  Posted on May 20, 2024 at 02:45 CDT by Peter Deegan • Comment in the Forums

  

  ISSUE 21.21 • 2024-05-20

  MICROSOFT 365

  

  By Peter Deegan

  Is that multifactor authentication setup complete and truly ready to handle any situation?

  Two-factor (2FA) or multifactor (MFA) authentication is just the start of securing your important accounts.

  All too often, I hear from people who’ve set up extra login verification and can’t get it working. It might have been configured in such a way that access is allowed when your phone is lost or stolen, SMS (text messaging) isn’t working correctly, or the authentication app is broken.

  Read the full story in our Plus Newsletter (21.21.0, 2024-05-20).
  This story also appears in our public Newsletter.

  Microsoft 365 Authentication Apps, Authy, Legacy Contact, Multifactor Authentication, Newsletters, Recovery Codes, Recovery Passwords, Two-factor authentication

• Phones and MFA

  Posted on April 22, 2024 at 02:44 CDT by Susan Bradley • Comment in the Forums

  HARDWARE

  

  By Susan Bradley

  How do you plan for getting rid of your old phone?

  Eventually, you will get a new phone. Perhaps you dropped your iPhone 9 into the bathtub. Perhaps your iPhone 7’s battery gives you a mere seven minutes of talk time. Perhaps you were seduced by the iPhone 19. Or, worse, perhaps your phone was lost or stolen.

  Eventually, you will get a new phone.

  Read the full story in our Plus Newsletter (21.17.0, 2024-04-22).

  Hardware Migration, Multifactor Authentication, Newsletters, Patch Lady Posts, Phones, Smartphones

• Hardening your operating system

  Posted on December 4, 2023 at 02:41 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Several years ago, it was considered a best practice to protect business computer systems by “hardening” them.

  You would turn off unnecessary services, disable features, and basically follow a checklist provided by the Center for Internet Security (CIS). But now our protection must be much more than hardening the operating system. We must harden our perimeter and — more importantly — our browsing.

  You probably spend as much time surfing on a phone as you do surfing on a computer. Today’s big picture is that there are more and more people who use tablets or phones, touching traditional PCs only at the office. The result? Attackers are targeting business users through email, and home users through browsing.

  What can we do to harden these?

  Read the full story in our Plus Newsletter (20.49.0, 2023-12-04).

  On Security Attack Surface Reduction, Multifactor Authentication, Newsletters, OpenDNS, Patch Lady Posts

• Dealing with MFA

  Posted on June 6, 2022 at 02:41 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  In my excitement about the three-day weekend for Memorial Day, I left my phone at the office.

  In years past, I would merely confirm that the phone was safe and sound at the office by using a finder app such as Find My Phone or Life360. Then I’d just get the phone the next time I was at the office. Yes, I used to be able to live without the phone for a day or so.

  Read the full story in our Plus Newsletter (19.23.0, 2022-06-06).

  On Security Multifactor Authentication, Newsletters, On Security, Patch Lady Posts

• How to use two-factor authentication the right way

  Posted on May 9, 2022 at 02:43 CDT by Lance Whitney • Comment in the Forums

  SECURITY

  

  By Lance Whitney

  Two-factor authentication is still one of the best ways to protect your accounts. But there are right and wrong ways to use it.

  More websites and companies now offer two-factor authentication (2FA) to better protect your logins and accounts. The idea is to use a second form of authentication so that you’re not solely dependent on your password. The goal is to prevent your account from being accessed and compromised in case your password is ever leaked or stolen. And here’s how that can happen.

  Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).

  Security Multifactor Authentication, Newsletters, Security

• Removing MFA

  Posted on April 25, 2022 at 02:45 CDT by Will Fastie • Comment in the Forums

  

  ISSUE 19.17 • 2022-04-25

  Look for our special issue on Monday, May 2!

  MICROSOFT 365

  

  By Will Fastie

  How many times have articles in this newsletter told you that multifactor authentication (MFA) was a good idea and suggested that you turn it on?

  A lot. It’s good advice.

  Just the other day, I turned on Microsoft 365 MFA for one of my clients. It’s too embarrassing for me to describe the mistake I made. Suffice it to say that it was an accident, because I didn’t intend to turn it on.

  Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).
  This story also appears in our public Newsletter.

  Microsoft 365 Microsoft 365, Multifactor Authentication, Newsletters
• « Older Entries