Archive

Archive for the ‘passwords’ Category

5 passwords you should never use

August 29th, 2014 No comments

This is part three of three posts on stronger passwords.

Part 1: Create stronger passwords and protect them

Part 2: Do you know your kids’ passwords?

The news is filled with stories about hackers cracking passwords. You can help avoid being a victim by never, ever using these passwords:

  1. Password. Believe it or not, this is still a common password. Don’t use it.

  2. Letmein. We recommend that you use passphrases that are memorable. Just don’t use this one. It ranks high on several lists of the most-used passwords.

  3. Monkey. This common word appears on many lists of popular passwords. It’s also too short. Make passwords at least eight characters—the longer the better.

  4. Your pet’s name. While you’re at it, don’t use any passwords that can be easily guessed, such as the name of your spouse or partner, your nickname, birth date, address, or driver’s license number.

  5. 12345678. Avoid this and other sequences or repeated characters such as 222222, abcdefg, or adjacent letters on your keyboard (such as qwerty).

Bonus password tips

Don’t use the same password for multiple sites. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Change your passwords regularly, particularly those that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data.

For more password guidance, see Create strong passwords.

 

5 passwords you should never use

August 29th, 2014 No comments

This is part three of three posts on stronger passwords.

Part 1: Create stronger passwords and protect them

Part 2: Do you know your kids’ passwords?

The news is filled with stories about hackers cracking passwords. You can help avoid being a victim by never, ever using these passwords:

  1. Password. Believe it or not, this is still a common password. Don’t use it.
  2. Letmein. We recommend that you use passphrases that are memorable. Just don’t use this one. It ranks high on several lists of the most-used passwords.
  3. Monkey. This common word appears on many lists of popular passwords. It’s also too short. Make passwords at least eight characters—the longer the better.
  4. Your pet’s name. While you’re at it, don’t use any passwords that can be easily guessed, such as the name of your spouse or partner, your nickname, birth date, address, or driver’s license number.
  5. 12345678. Avoid this and other sequences or repeated characters such as 222222, abcdefg, or adjacent letters on your keyboard (such as qwerty).

Bonus password tips

Don’t use the same password for multiple sites. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Change your passwords regularly, particularly those that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data.

For more password guidance, see Create strong passwords.

 

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them.

Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values.

However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.

  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.

  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Do you know your kids’ passwords?

August 27th, 2014 No comments

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them. Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values. However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

Create stronger passwords and protect them

August 25th, 2014 No comments

All week we’ll be posting our best guidance on how to create, protect, and manage your passwords.

Passwords are your first line of defense against hackers. Pick passwords that are difficult to crack but easy for you to remember.

What does “difficult to crack” mean?

Each time cybercriminals hack into a database of passwords, they learn more about the kinds of passwords that people use. (Come back on Friday to read Part 3 of our password series on what passwords you should never, ever use.) Now, even passwords that we think are tricky can be guessed by cybercriminals who’ve harnessed the right technology to crack passwords.

The best passwords are the most unpredictable

Stuart Schechter and other colleagues from Microsoft Research have developed a free online tool that helps you avoid passwords that are predictable. Try the tool.

A strong password:

  • Contains at least eight characters.

  • Does not contain your user name, real name, or company name.

  • Does not contain a complete word.

  • Is significantly different from previous passwords.

  • Is different from passwords that you’ve used on other websites.

Get more advice on how to create strong passwords.

6 ways to protect your password

Once you’ve chosen a strong password, you can protect it from hackers by following a few simple rule:

  1. Don’t share your password with friends.

  2. Never give your password to people who call you on the phone or send unsolicited email, even if they claim to be from Microsoft.

  3. Change your password regularly.

  4. Tell your children not to share your passwords (or theirs) with anyone. Check back tomorrow for more guidance on how to help kids create and protect their passwords.

  5. Evaluate password managers and other password tools carefully.  If they keep all your passwords in the cloud, they should use encryption. If the service has problems, understand that you might be locked out of your accounts.

  6. Enable two-step verification. Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. Two-step verification is optional, but we recommend that you use it. Learn how to turn it on.

Learn more about how to protect your passwords.

Create stronger passwords and protect them

August 25th, 2014 No comments

All week we’ll be posting our best guidance on how to create, protect, and manage your passwords.

Passwords are your first line of defense against hackers. Pick passwords that are difficult to crack but easy for you to remember.

What does “difficult to crack” mean?

Each time cybercriminals hack into a database of passwords, they learn more about the kinds of passwords that people use. (Come back on Friday to read Part 3 of our password series on what passwords you should never, ever use.) Now, even passwords that we think are tricky can be guessed by cybercriminals who’ve harnessed the right technology to crack passwords.

The best passwords are the most unpredictable

Stuart Schechter and other colleagues from Microsoft Research have developed a free online tool that helps you avoid passwords that are predictable. Try the tool.

A strong password:

  • Contains at least eight characters.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete word.
  • Is significantly different from previous passwords.
  • Is different from passwords that you’ve used on other websites.

Get more advice on how to create strong passwords.

5 ways to protect your password

Once you’ve chosen a strong password, you can protect it from hackers by following a few simple rule:

  1. Don’t share your password with friends.
  2. Never give your password to people who call you on the phone or send unsolicited email, even if they claim to be from Microsoft.
  3. Change your password regularly.
  4. Tell your children not to share your passwords (or theirs) with anyone. Check back tomorrow for more guidance on how to help kids create and protect their passwords.
  5. Evaluate password managers and other password tools carefully.  If they keep all your passwords in the cloud, they should use encryption. If the service has problems, understand that you might be locked out of your accounts.

Learn more about how to protect your passwords.

Why do I have to update my email account information?

August 21st, 2014 No comments

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

Why do I have to update my email account information?

August 21st, 2014 No comments

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

What is a trusted device?

August 14th, 2014 No comments

When you try to view or edit your credit card details or other sensitive information in your Microsoft account, you might need to enter a security code first, to make sure that only you can get in to your account. But you can designate a computer or other device as a trusted device. On trusted devices, you don’t need to enter a security code each time you try to access sensitive information.

How many trusted devices can I have?

You can trust as many devices as you want. There is no limit. If you don’t sign in to a particular trusted device at least once every two months, it’s automatically removed from your Microsoft account. This safeguard helps keep your account more secure in the event that a trusted device is lost or stolen without you realizing it. You can always trust a device again later.

If you get an error, see how to sign into devices that don’t accept security codes.

How to sign into devices that don’t accept security codes

July 31st, 2014 No comments

Two-step verification makes it more difficult for hackers to access your account, even when they have your password. If you turn on two-step verification, you’ll see an extra page every time you sign in on a device that isn’t trusted. The extra page prompts you to enter a security code to sign in. 

When you turn on two-step verification for your Microsoft account, it turns on two-step verification for all the places where you sign in with your Microsoft account. However, some apps (like the email apps on some smartphones) or devices (like the Xbox 360 console) can’t prompt you to enter a security code when you try to sign in, so they display an incorrect password or account error.

For example, if you’ve just turned on two-step verification, you might see the following error code and message when you try to sign in to Xbox Live: 

Account does not exist. 
Status Code: 8015D002

Create a unique app password to sign in

If you get an error like the one above with an app or device, you’ll need to create a unique app password to sign in. Once you’ve signed in with your app password, you can use that app or device. You’ll need to create and sign in with an app password one time for each app or device that can’t prompt you for a security code.

  1. Sign in to your Microsoft account.
  2. Under Password and security info, tap or click Edit security info.

If you’re prompted for a security code here, enter it and tap or click Submit.

  1. Under App passwords, tap or click Create a new app password.

A new app password is generated and appears on your screen.

  1. Switch to the app or device for which you need the password, and enter the app password that was generated.

To learn more about signing in to specific devices, see App passwords and two-step verification.

Get more answers to your questions about two-step verification

Categories: Microsoft, passwords Tags:

Is your child graduating to a new digital device?

May 27th, 2014 No comments

Its graduation time, and smartphones, tablets, gaming consoles, and laptops are tops on many kids’ wish lists. Whether your child is graduating from preschool or college, it’s never too late to talk with them about online safety before you hand over the new device.

  • Set clear rules for young children about who they can talk to, text, or play games with.
  • With older kids, discuss online bullying, sexting, and the dangers of using a phone while driving.
  • Have kids lock all devices and accounts with a PIN or strong password, and remind them to keep their passwords secret—even from best friends.
  • Talk to kids about limiting the personal information they share to close friends only.
  • Consider disabling the location services on your young child’s devices; at the very least, turn it off for any camera.
  • Teach tweens and teens to use location-based services cautiously.

For more guidelines on kids and online safety, see Digital gift-giving checklist, and download a printable version of the checklist (PDF, 186 KB).

Is your child graduating to a new digital device?

May 27th, 2014 No comments

Its graduation time, and smartphones, tablets, gaming consoles, and laptops are tops on many kids’ wish lists. Whether your child is graduating from preschool or college, it’s never too late to talk with them about online safety before you hand over the new device.

  • Set clear rules for young children about who they can talk to, text, or play games with.
  • With older kids, discuss online bullying, sexting, and the dangers of using a phone while driving.
  • Have kids lock all devices and accounts with a PIN or strong password, and remind them to keep their passwords secret—even from best friends.
  • Talk to kids about limiting the personal information they share to close friends only.
  • Consider disabling the location services on your young child’s devices; at the very least, turn it off for any camera.
  • Teach tweens and teens to use location-based services cautiously.

For more guidelines on kids and online safety, see Digital gift-giving checklist, and download a printable version of the checklist (PDF, 186 KB).

5 ways to protect your Microsoft account

May 15th, 2014 No comments

Your Microsoft account (formerly your Windows Live ID) is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

A Microsoft account is free and you can use it to:

  • Purchase apps from the Windows Store
  • Back up all your data using free cloud storage
  • Keep all your devices, photos, friends, games, settings, music, up to date and in sync.

5 ways to help protect your Microsoft account

  1. Create a strong password. Strong passwords use a combination of uppercase and lowercase letters, numerals, punctuation marks, and symbols. The longer the better, and don’t use personal information (such as a pet’s name, nickname, or driver’s license number) that can be easily guessed.
  2. Protect your password. Don’t use the same password you use on other sites, and remember to change your Microsoft account password (as well as other passwords) regularly. Watch out for email social engineering scams designed to trick you into turning over your password to a cybercriminal.
  3. Enable two-step verification. Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. Two-step verification is optional, but we recommend that you use it. Learn how to turn it on.
  4. Make sure the security information associated with your account is current. If the alternate email address or phone number you’ve given us changes, update the settings of your account so that we can contact you if there’s a problem.
  5. Watch out for phishing scams. If you receive an email message about the security of your Microsoft account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. 

Don’t have a Microsoft account yet? See How do I sign up for a Microsoft account?

Heartbleed: What you need to know

April 10th, 2014 No comments

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.

How to recover an account if you haven’t already added security information to it

March 25th, 2014 No comments

A reader asks:

What can I do if my account has been hacked and I haven’t already added security information to it?

It would be easier to recover your account if you had already associated it with information that cybercriminals can’t easily access, like your mobile phone number or an alternate email address. For example, if your account is compromised, Microsoft could send you an account-recapture code in a text message to help you regain access to your account. If you do have access to your account, add security information to your account now.

If you haven’t already added security information to your account 

Scan your PC for viruses

 If your account has been hacked and you can’t get access to it, the first thing you should do is scan your computer for viruses. Do this before you try to change your password. Hackers get your password through malware that’s been installed on your PC without your knowledge (for example, when you download a new screen saver, toolbar, or other software from an untrustworthy source.) It’s important to clear your PC of viruses or malware before you change your password. That way, the hackers won’t get your new password.

If your computer is running Windows 8

Use the built-in Windows Defender to help you get rid of a virus or other malware.

Here’s how: 

  1. From the Search charm, search for defender, and then open Windows Defender.

  2. On the Home tab, choose a scan option, and then tap or click Scan now.

In addition to the color codes for your PC’s overall security status, Windows Defender applies an alert level to any suspected malware it detects. You can decide whether to remove an item entirely, research it further, or let it run because you recognize it.

 If your computer is running Windows 7 or Windows Vista 

Get more help removing viruses

Reset your password

Once you’ve scanned your computer for viruses, reset the password on your account.

If you can’t reset your password, and you haven’t already added security information to your account, you can still get back into the account by filling out a questionnaire. You will be asked specific questions about the account and email messages that might be stored there. Someone will get back to you within 24 hours (typically a lot sooner).

For more information, see How to recover your hacked Microsoft account.

Tax scams: 6 ways to help protect yourself

March 20th, 2014 No comments

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

Thanks to you the Microsoft #Do1Thing initiative donates $50,000 to TechSoup Global

Together we've raised $50,000

On Safer Internet Day, February 11, 2014, Microsoft launched the interactive Safer Online website. Every time you made your #Do1Thing promise or shared the website with your social circles, Microsoft made a donation to TechSoup Global.

In less than 24 hours, so many of you promised to #Do1Thing to stay safer that Microsoft donated $50,000 to TechSoup Global! But it wasn’t just the promise alone.

“As communities around the world use the Internet to learn and connect, developing responsible online safety habits is something each of us should act on,” says Rebecca Masisak, CEO of TechSoup Global. “We appreciate being a part of Safer Internet Day. And with your contributions, TechSoup Global will further develop and deliver online safety education training materials and guidance to be shared across our global network.”

So far, people from five continents have shared what they are doing to help create a better Internet. What’s the number one global promise so far? Creating strong passwords and regularly changing them. Other popular responses included: two-step authentication for online accounts, sharing minimal personal information, using secured Wi-Fi connections, and shopping on https-enabled websites

Of those who answered our Safer Online polling questions:

  • Nearly half (47 percent) of participants chose learning as the greatest benefit the Internet has brought to their lives, while 17 percent chose exploring, and 10 percent go online for entertainment purposes.
  • Website visitors were also asked which potential online risks concern them the most. Of the nine choices, 28 percent selected financial loss as the most concerning, with 22 percent opting for loss of personal privacy, and 19 percent finding forms of malware on their device the greatest concern.
  • Finally, over two thirds (76 percent) of respondents edit or remove online information that may impact their reputation. Learn how to take charge or your online reputation.

If you haven’t done so yet, share your #Do1Thing story, see what others around the world are promising, and get online safety tips to help you stay safer online, today and every day! 

The best time to change your password is now

January 30th, 2014 No comments

You can reduce your chances of being hacked by regularly changing the passwords on all the accounts where you enter financial or other sensitive information. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

Different sites have different rules for passwords that they’ll accept, but here is some basic guidance on how to create strong passwords:

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Learn more about how to create strong passwords and protect your passwords.

If you think someone has gone into your account and changed your password, learn how to recover a hacked account.

10 New Year’s resolutions for your digital devices and your online life

December 31st, 2013 No comments

It’s a new year, which means it’s time to resolve to create healthier habits in our daily lives. But we don’t have to stop at just improving our body, mind, and spirit. It’s also a good idea to resolve to keep our PCs, laptops, smartphones, and social networking sites healthy this year.

1. Keep your software up to date. You can help protect against viruses, fraud, and more by keeping your operating system, antivirus software, antispyware software, web browser, and other software updated. Microsoft releases security updates on the second Tuesday of every month. Learn how to get security updates automatically.

2. Create strong passwords, keep them secret, and change them regularly. This is particularly important for those passwords that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data. Get more information about creating strong passwords and protecting them.

3. Use antivirus software. If your computer is running Windows 8, you can use the built-in Windows Defender to help you detect and get rid of spyware and other malware. If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware.

4. Check and adjust your privacy settings. You can participate in the online world and keep your information private. Learn more about how to manage your privacy settings in Windows, Internet Explorer, your Microsoft account, Windows Phone, and more. 

Watch a video about privacy in action (1:19).

5. Teach your children about online safety. Before kids use computers, gaming consoles, or mobile devices, make sure you agree on clear limits, talk about how to keep accounts and passwords secret, and help them stand up to online bullying. If your child got a new device this holiday season, read this checklist for safety tips.

6. Monitor your children’s online behaviors, and continue to talk to them about Internet safety. If your kids are online, it’s important to have regular online safety conversations and to continue to keep track of what they’re doing. For more information, see Age-based guidelines for kids’ Internet use.

7. Upgrade to modern software that provides the latest security technologies and protections. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities. Learn more about how support for Windows XP ends this year.

8. Use SkyDrive to help protect your personal information. Ransomware is a type of malware designed to infiltrate your computer and hold your files (photos, documents, reports, etc.) hostage until you pay the demanded amount of money to a cybercriminal. One of the best ways to protect your files is to back them up using a removable drive or a cloud service like SkyDrive.

9. Explore new tools for PC protection. If you feel comfortable performing more advanced computer tasks, consider downloading the free Enhanced Mitigation Experience Toolkit (EMET), which will make it even more difficult for malicious hackers and cybercriminals to get into your computer.

10. Ignore fake tech support phone calls. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. If you receive a suspicious phone call from someone claiming to be from Microsoft, all you have to do is hang up. For more information, see Avoid tech support phone scams.

 

Online safety tips for travelers

December 19th, 2013 No comments

If you’re travelling this holiday season and you plan to be online, here are a few ways to protect yourself and your family:

Get more mobile and wireless tips.