Author Archives: Roger A. Grimes

Using a password manager: 7 pros and cons

I’ve written about what I consider the best current password advice for websites and services you need to keep secure. In a nutshell, here’s the advice again:

  • Use multi-factor authentication (MFA).
  • Where MFA is not an option, use password managers, creating unique, long-as-possible, random passwords for each website or security domain.
  • Where password managers aren’t possible, use long, simple passphrases.
  • In all cases, don’t use common passwords (e.g., “password” or “qwerty”) and never reuse any password between different sites.

Google makes good on promise to remove some Symantec PKI certificates

I was updating some online passwords this week when I ran across the following digital certificate error when trying to access my cable provider’s website, brighthouse.com, using Google Chrome:

grimes certificate 1 Google

Digital certificate error message

Over the last few years digital certificate errors have gotten less common. This one intrigued me for a bunch of reasons, not the least of which was that the certificate involved in the error was being used by a fairly big company and not some mom-and-pop shop that might not know their computer security from a hole in the ground.

To read this article in full, please click here

Experience an RDP attack? It’s your fault, not Microsoft’s

I’ve seen blog posts and forum threads bad mouthing Microsoft and Remote Desktop Protocol (RDP). Usually it’s in conjunction with someone complaining that a ransomware or cryptominer variant had successfully compromised their environment through RDP. The rants are often followed by calls for everyone to dump Microsoft Windows and how “Microsoft security sucks!”

It’s not only boring and pedantic. It’s a case of blaming the wrong culprit.

To read this article in full, please click here

Wanted: Data breach risk ratings, because not all breaches are equal

I recently downloaded every known, recorded data breach by the Privacy Rights Clearinghouse, which has been the most thorough and stalwart public recorder of data breaches in the United States for over two decades. The data file contained just over 8,600 data breaches. I found a few dupes and some missing or erroneous information, but overall, it’s the best public, non-profit, and free source you’re going to find.

To read this article in full, please click here

Are home security cameras ready for business use?

After decades of lowering crime, rates are on the uptick again. It’s no surprise then that the global home security camera market, led by low cost consumer IP “cams”, is expected to be worth $8 billion by 2023. Starting as low as $30 per camera, everyone from Amazon to your cable provider, to your trusted WiFi vendor is trying to sell you a home security camera. Just plug in your IP camera and be alerted on your phone anytime something moves is the promise.

To read this article in full, please click here