Welcome!

API Journal Authors: Chris Kocher, Elizabeth White, Peter Silva, Carmen Gonzalez, Jonathan Fries

News Feed Item

F-Secure Shares How to Avoid Changing All Your Passwords Every Time There's an Online Attack

Security Experts' Dirty Little Secret: They Don't Change Their Passwords Very Often, Because They Don't Need To...

SAN JOSE, CA -- (Marketwired) -- 08/19/14 -- Did you know 1.2 billion passwords were reportedly stolen by Russian hackers? Before that it was Heartbleed. After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But according to F-Secure Labs, there's a better way. With the right password management habits, you won't need to change all your passwords every time you hear about an online attack.

"Changing all one's passwords won't hurt, but it is cumbersome. Not only that, it's a Band-Aid fix that stops short of offering a stronger and more long-term solution," said Sean Sullivan, security advisor at F-Secure Labs. "Data breaches are the new reality, and it's no longer a question of if it happens to you, but when." Sullivan says rather than being told to change all their passwords, consumers need practical advice worth following. So when the next breach is disclosed, they will be in control and will only need to change those passwords they know are affected.

"The dirty little secret of security experts is that when there's a data breach and they recommend to 'change all your passwords,' even they don't follow their own advice, because they don't need to," continued Sullivan. "Unless I find out about a breach with a specific account, I don't worry about my passwords. That's because I use a tool to remember my passwords for me, and a few simple techniques that help to manage my accounts so as to minimize the risk."

So what are the successful strategies to avoid the hassle of changing passwords constantly? Sullivan points out a few key things:

Diversify to reduce your risk. Segregate your accounts by creating separate email addresses for different functions. For example personal, professional, financial. That way if one email is broken into, it won't compromise all your other information too. "Why not have a separate email address for your financial accounts? Then don't give that address to anyone but those financial institutions," Sullivan shares. A bonus: if you get banking-related email in your personal account, you'll know immediately that it's not legit.

When possible, use a different username than your email. Some services let you pick a unique username other than your email. When possible, it's good to take this option as it's that much more info a hacker needs to know. And use two-factor authentication when available.

Use a unique password for each online account. Using the same password to access different accounts is rolling out a red carpet for hackers. If a password for your Facebook account is stolen, criminals can hop over to your email and other accounts and try the same password there.

Don't give online accounts any more data than is absolutely necessary. The less that is there to be compromised, the better.

If you are notified about a breach to a specific account, change that password. This goes without saying.

Changing your account password habits may take a little effort, but in the long run it's easier and less stressful than having to change all passwords after news of every breach. And it's worth it to keep your personal data and online identity safe. Sullivan suggests starting small, taking care of one account at a time and building up until all your passwords are handled.

"This is the post-PC issue people need to worry about because all their accounts are in the cloud," states Sullivan. "There are two types of people in the world: Those that manage their accounts well, and those who are going to be in a world of trouble. Which group do you want to be in?"

It's easy with the right tools

Then how does one remember so many unique passwords and log-ins, and manage them effectively? F-Secure's password manager, F-Secure KEY, makes sure proper password management is as easy and painless as possible. With F-Secure KEY, there's just one master password to remember, so it's easy to have a unique password for each account. Usernames, passwords, PIN codes, and other important data are stored in one secure app.

F-Secure KEY now has a completely updated and refreshed mobile version. The new mobile user interface features a Favorites ring that makes it easy and fast to access all one's most commonly used account credentials. All versions of F-Secure KEY help you generate unique, strong passwords. KEY includes a news feed from F-Secure Labs, so you can stay up-to-date on major hacking incidents. Strong encryption protects all your data.

F-Secure KEY is free to download and use on any device -- Android, iOS, Windows, and Mac. To use Key with the same master password on an unlimited number of devices and sync passwords across devices via a secure European cloud, upgrade to the premium version, starting from $1.84 per month. F-Secure KEY is available via the Apple App Store, Google Play, and at f-secure.com/key.

Get the app!

More information
Infographic: Dealing with Passwords
Safe & Savvy: 1.2 Billion Passwords Stolen, But Does it Affect Me?

F-Secure -- Switch on freedom

F-Secure is an online security and privacy company from Finland. We offer millions of people around the globe the power to surf invisibly and store and share stuff, safe from online threats. We are here to fight for digital freedom. Join the movement and switch on freedom.

Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | facebook.com/f-secure

Media Contact:
Mark Karayan
LEWIS PR for F-Secure
415.432.2400

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.