Every few weeks, we hear the news that another major corporation and their website has been hacked, just last week we heard about Equifax being hacked and data on millions of users being compromised. We of course only hear about the major newsworthy hacks which have been discovered or disclosed, but the scary truth is that around 30,000 websites are hacked every single day.
Often these hacks mean your personal information has also been compromised, most likely without your knowledge as often website owners either do not know they have been hacked, or choose to keep it quiet. In this post, I cover the important reasons for why you should use a password manager to protect your online identity, and how to get started with LastPass, a free password manager.
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access their account–a username and password.
As an online security best practice, you need to have long, complex and unique password for every web account you use.
Strong passwords need to be:
- Long – The more characters in a password, the longer it would take a hacker to guess your password.
- Complex – By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
- Unique – You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important?
If you use the same email address and passwords for multiple websites that you log into (as a lot of people do), what happens when one of those websites gets hacked?
The hackers now have your username and password on a list that will be used to try to log into thousands of other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once and get access to all your personal data and details. If those same login details are used for your email account as well, they can now access
If those same login details are used for your email account as well, they can now access pretty much anything. Any site they cannot get into, they can simply issue a password reset, which will come to your email, which they now have access to. Identity theft at this point is a high possibility.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Keeper Security’s list of the most common passwords of 2016. Do you recognize any of them?
These are all lazy password, achieved by just pressing keys which are next to each other on the keyboard, and are easily hackable in seconds by automated hacking tools.
|1. 123456||10. 987654321||19. 555555|
|2. 123456789||11. qwertyuiop||20. 3rjs1la7qe|
|3. qwerty||12. mynoob||21. google|
|4. 12345678||13. 123321||22. 1q2w3e4r5t|
|5. 111111||14. 666666||23. 123qwe|
|6. 1234567890||15. 18atcskd2w||24. zxcvbnm|
|7. 1234567||16. 7777777||25. 1q2w3e|
|8. password||17. 1q2w3e4r|
|9. 123123||18. 654321|
Password Managers vs. Browser Password Storage
A Password Manager such as LastPass not only remembers your login information but also helps you generate long, complex passwords and stores them and other useful information securely.
You may have noticed that your browser prompts you to save login details, but be warned that the password storage built into your browser is a solution of convenience, but is not secure. Anyone using your computer can access those saved details and login to websites, plus you will not have access to those details from other devices. Also bear in mind that if you lose your device or it is stolen, or your hard drive dies, or any disaster, you have lost all those details.
LastPass vs. Other Password Managers
There are numerous excellent options for Password Managers available:
It is also worth mentioning that if you use BitDefender Anti-Virus then this includes a simple password manager called BitDefender Wallet.
Ultimately, using any one of these password managers is a good choice, but I personally recommend LastPass, especially for business users, because it offers the most value in free vs. paid features and is the most configurable with additional security options and options.
So as well as passwords, it is great for storing bank details, licences, card details etc and is very easy to share passwords with other people. It is also very secure, you can set your LastPass to auto lock after xx minutes so that anyone else using your computer cannot access your passwords without your master password. You also have the option of 2-factor authentication.
However, it can be over complicated for the same reason if you are not very competent with computers, in which case one of the simpler solutions might be better for you for personal use.
Here is a review of the top password managers for 2017
Watch LastPass Tutorial for Beginners
LastPass Free vs. Premium
LastPass Free has everything you need to securely store and fills passwords on a single kind of device (for example, a Mac computer, a PC Computer, an iPhone, an Android Phone).
But if you want to access LastPass on different kinds of devices, you will need to upgrade to LastPass Premium for $24/yr. LastPass also offers Business and Enterprise versions that focus on sharing data among multiple users and creating rules and policies for your staff/users.
If you need help to get LastPass configured or require some training, then please contact me.
I have been testing out Solarwinds MSP backup, and one of the features this has is that you can restore the backup to a virtual disk, which is in VMware vmdk format.
I have tended to use Oracle VirtualBox locally for my virtual machines since it is compatible with a lot of appliance templates and vhd images you can download online and is free and has a small footprint. Although Windows 10 now does include a cut down version of hyper-v allowing you to run virtual machines, you do need the PRO version of Windows, which I did not have at the time of writing this, I was running Windows home edition.
While the vmdk file does work with VirtualBox natively, I discovered that it does require some work to get it to boot and you cannot do much else with it, which includes shrinking it. This is one thing I needed to do in order to reduce the amount of space used by my restored virtual disk image.
Firstly in order to get the vmdk to boot I had to enable EFI mode in virtualbox settings.
I then had to run bootrec/rebuildbcd
To compact the disk, I discovered I have to convert the vmdk to a VDI file. thankfully this turned out to be quite simple.
If you will not be using a dynamic disk, and do not need to shrink it, then you can skip these first 3 steps obviously.
1. Delete Unnecessary Files from the VM
- The best way to do this is to run the Windows disk cleanup tool, including the option to “clean up system files”
2. Defragment the Disk
- If you want to also shrink the disk, then Using the Windows defrag tool will help with the shrink process.
3. Clean any free disk space
After the disk has been defragmented, the virtual Windows drive will still have unused space containing garbage bits and bytes. These garbage bits and bytes are from the contents of files that used to occupy that space but that are no longer there.
The most effective way to clean free disk space on a Windows drive is to overwrite the unused space with a bitstream of zeros or to zero-fill any free space.
Windows does not come with a native utility to zero-fill unused space but you can find the excellent SDelete tool at Microsoft’s TechNet: http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
4. Convert the disk
If your vmdk image file is already connected to a guest VM, then you need to remove it, otherwise, the process will not work.
- shutdown the VM
- go into the virtual media manager and remove the vmdk file from the guest VM
Open CMD prompt, and navigate to your VirtualBox folder, from here you will execute VBoxManage, using the coneMEdium command to clone the VHD and convert to VDI.
c:\Program Files\Oracle\VirtualBox> VBoxManage clonemedium disk --format VDI [drive]:[\path_to_file\sourceFile.vmdk] [drive]:[\path-to\destinationFile.vdi]
Obviously, replace the [drive]:[\path_to_file\myserver.vmdk] with your source and destination paths.
This conversion process will actually shrink down the VHD by default if you are using a dynamic disk, and should get it down the minimum required. If it hasn’t sufficiently reduced it, then you can try to run this command.
VBoxManage modifyhd --compact "[drive]:\[path_to_image_file]\[name_of_image_file].vdi"
I have been having some WIFI problems the last couple of months where devices would randomly lose access to the internet, some devices couldn’t even connect to the WIFI access point, others could connect but were just slow as hell. Even wired devices seemed to be having problems. After trying everything possible, I finally thought that maybe something on the network was sucking all the bandwidth, as some devices did still have a connection.
So I logged into my router and checked the connected devices bandwidth usage and saw that PC which was showing high usage. Lo and behold windows update was running, which was sucking all the bandwidth and killing the network for everyone else.
After further investigation, I discovered that one of the new features introduced in windows 10 is the ability to get updates through P2P (like how torrents work) to improve download speed. This can be a major network bottleneck due to the number of p2p connections that get opened up. So disabling this was the first step.
go to Windows Update -> Advanced Options -> Choose how updates are delivered
PCs on my local network, this will still allow you to get updates from other computers in your local network only, and not external computers, which will save your available bandwidth.
Although making this change while updates are already downloading doesn’t seem to have any effect, so you would have to stop the downloads for the setting to take effect. This also did not solve the issue by itself, it improved things, but everything was still slow.
My next step was to go into my router admin and set some throttling so that individual computers had a limit on how much bandwidth they could consume. Although if you have a basic/cheap router from your ISP then you may not have such an option available. In which case you can try setting thr throttle on the individual pc’s using BITS.
The updates happen through 2 main windows components: WUDO and BITS.
WUDO is the Windows Update Delivery Optimization is part of the Windows Update for Business and is used for the P2P installation that I disabled already.
The Background Intelligent Transfer Service (BITS) is commonly used by Windows to download updates, so this can also be tweaked using group policy.
To open the Local Group Policy Editor from the command line:
- Click Start , type
gpedit.msc in the Start Search box, and then press ENTER.
To set a bandwidth rule on the BITS:
- Navigate to
Administrative Templates ->
Background Intelligent Transfer Service (BITS)
Limit the maximum network bandwidth for BITS background transfers
- Set it to
- Set the time range and maximum transfer rate
I have recently been setting up MSP Control (formerly WebsitePanel) on my new CFML Developer server. Unfortunately, it doesn’t support MariaDB out of the box and so won’t detect if you have it installed. Fortunately, this is an easy hack.
- Open up your MSPControl database in SSMS, and open the providers table.
- Now find the MySQL providerID that matches your MariaDB install
i.e. MySQL 5.7 for MariaDB 10.1
- Now add a new entry into the SERVICES table, using the providerID you got from the last step and the appropriate serverID for the server you want to add it to. You get he ServerID from the servers table, or just edit the server in the control panel and get it from the URL.
- Now just edit this server in MSP Control, and you should see MySQL listed, just edit and setup as you would MySQL.
- Now you just enable MySQL on your hosting plans.