Your Office 365 Password

Seems most of my posts here are about security but it’s a while since I’ve nagged about passwords so here goes..

All your passwords are important. However, your Office365 one more so as if it is compromised it’s possible someone could be into all your emails, your documents and the whole of your Office365 infrastructure which could be devastating.

I’m not going to go into detail on how to choose a secure password as there are plenty of good resources on that but I will put a couple of links at the bottom of this post.

We often set a temporary password for people. This can be “Password1$” or “Change$Me”. As you can see, they’re on this web page for everyone to see but that doesn’t matter as they’re temporary and nobody is still using either of those……are you? We’ll use something different from now on but it’ll still be temporary.

Managing passwords can be a PIA. It is for us too so we do empathise. Try a secure password manager program, they work well. We used to say not to write your passwords down but let’s admit that may be necessary these days. Better a small notebook of recorded passwords that you keep safe than the same, easy to guess password used on lots of services.

Here are a few bullet points on things you should NOT be considering:

  1. Something simple so I can remember it
  2. My kid’s name and birthday
  3. The same password I used for something else
  4. Using the number 5 for an “S”, the number 3 for and “E” and so on. No more secure than using the original letters these days.
  5. You company name or anything else everybody connects you with

For password managers, we use Roboform at Lorica and have done for years. I’ve also heard good things about Dashlane. Try one using a few passwords and sites that aren’t too important to you and see how you get on.

https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

https://www.microsoft.com/en-us/safety/pc-security/protect-passwords.aspx

Clever hack – keep an eye out for it.

There’s a new hack that is infecting a lot of popular sites which tries to get users to install a virus by hijacking webpages and replacing all the text with random symbols, then telling users that they are missing an important font which prevents them from loading the page correctly:


If you see a pop-up dialog like the one above with the Chrome logo asking you to update your Chrome font installation, leave immediately! This one is a really nasty infection, and you don’t want to get it anywhere near your PC.

Please share this with your friends and family and warn them not to fall for this. It’s a pretty well-executed attack and it’s easy to fall victim to this one. They’re welcome to subscribe to this blog too.

Remember to browse safely and don’t click on anything that seems even remotely suspicious. This particular virus can infect some of the more popular sites and blogs you’ve visited in the past, so don’t assume that just because it’s a site you trust that this installation alert is legitimate! They are infecting the owners of these sites without their knowledge and preying on their visitors, so be careful!

How to spot a phishing email

I know I’m repeating myself here but people keep getting caught out despite all the warnings.

As it can be potentially catastrophic, here it is again.

A frightening proportion of people are very poor with spelling and grammar but that’s OK for most of us. However large financial institutions, and hopefully most professional organisations, try and make the effort to:

  • Provide a consistent corporate identity
  • Spell and use grammar correctly
  • Avoid sending you emails with links to click on that you aren’t expecting

So, check the following email that I received this morning and take notice of the multitude of points that all clearly identify it as being fraudulent.

  1. NatWest wouldn’t use an email address of info@drewery.co.uk
  2. “Requirred” with the letter “r” twice? I know some people can’t spell but that’s easy to spot
  3. “Unrecognized” – My account is with NatWest in the UK and they don’t spell with USA spelling (letter “z”).
  4. The link/button to click on – just don’t ever do it!
  5. The link is obviously NOT NatWest when you hover over it.
  6. The general formatting is nothing like the usual emails that I get from NatWest