Uncategorized

Why you should consider a GDPR password policy

As of May 25, 2018, one of the strictest data protection regulatory acts will become enforced.

The legislation, known as the General Data Protection Regulation (GDPR), is a European Union law that ensures data privacy for all individuals within the EU. The legislation is a reaction to the number of data breaches and hacks that have occurred over the years and have resulted in compromised email addresses, passwords, social security numbers, health records, and more for innocent victims. 

The GDPR is one of the strictest data protection acts to date. (Photo/Pixabay)

At its core, the set of rules designed by GDPR gives EU citizens more control over their personal data, including the right to know when their data has been hacked. But GDPR isn’t just touching European companies and citizens. Let’s dive into GDPR further, and what it entails.

What is the GDPR?

GDPR forces companies to make sure the way they collect, process and store data is safe.

Any company who holds or uses data on people inside the European Union is subject to the new rules, regardless of where they are based. So let’s say your company’s headquarters is in San Francisco but holds data on people in the United Kingdom. In this case, your company must also adhere to the new GDPR compliance.

Under the terms of GDPR, organizations must guarantee that personal data is both gathered legally and that those who collect and manage data protect it from misuse and exploitation.

Organizations who do not comply with the GDPR will face penalties for not doing so.

How GDPR relates to password security

Though there is no specific language that specifies password regulations to adhere to GDPR compliance, creating a stronger password policy is a component of compliance.

There are several examples to demonstrate this.

Firstly, credentials are the Holy Grail for hackers. Login and password information can both compromise networks and sell for a pretty penny on the black market, which means they are highly targeted.  

  • In a study of 905 phishing attacks, the vast majority—91 percent—were after user credentials.
  • And, on the flip side of the hack, 63% of data breaches result from weak or stolen passwords, according to a study conducted by Verizon.

Protecting credentials can decrease the risk of hacks and ensure compliance with GDPR.

Additionally, internal threats that weaken password security are also a threat to GDPR compliance.  

Let’s say a staff member forgets or needs to reset their password. To fully comply with GDPR, new procedures must be implemented to prevent help desk employees, who assist with resets, from directly accessing passwords.

In other words, companies must be able to demonstrate that their password reset processes and procedures are secure.

Leveraging EZPD for password protection

One way to ensure secure password processes is by implementing software that generates and regenerates long, strong and complex passwords on demand. And has the ability to keep them invisible from everyone but the individual user.

EZPD is software that does just that.

EZPD protects credentials through a proprietary, node-locking system that requires authorized devices to have a license file before the software will generate or regenerate passwords. Without access to a license file on an authorized device, a password cannot be created or made visible.

Taking it a step further, EZPD does not store passwords, which makes it a more secure option than password managers or other common methods of password storage because it mitigates the risk of an outside breach.

EZPD helps organizations in many industries comply with GDPR because it’s unique technology, and license file options make it possible to protect:

  • Classified files
  • Internet accounts
  • Network access
  • And allows for secure file exchange between clients or colleagues.

Download a free trial of EZPD to see how the software can protect your company from falling victim to a GDPR penalty.

Just how bad is our password security knowledge?

World Password Day was on May 1st, 2018, and the goal of the holiday was to bring awareness to password hacking, and its ugly repercussions.

Identity theft is one of the world’s fastest-growing crimes, but it’s preventable.

By taking small steps like creating stronger passwords and adding two-step authentication, you can help protect yourself from becoming one of the 12 million, annual victims of password hacking. Whether you’re protecting your bank account, your email, or your social media, password security matters.

Still, not everyone knows what it takes to keep a password truly secure.

Pop culture vs password security – where are our priorities? 

Pop culture trumps our knowledge of password security – especially when it comes to Kanye West. (Photo/Wikimedia Commons)

As a way to celebrate World Password Day, the website HighSpeedInternet.com conducted a survey to understand how well Americans understand password security.

In a playful way, the organization compared password security to pop culture trivia to see how each was understood.  On average, survey respondents answered 52.13% of pop culture questions correctly but only 29.5% of the password security questions correctly.

In one example, over 80% of survey participants correctly guessed Kim Kardashian’s husband, but only 15% of participants knew that increasing the length of your password can make it stronger.

In another question, 75% of survey participants knew who performed during the 2018 Super Bowl halftime show, but only 22% could identify the stronger password from two choices.

These results are a bit alarming.  

It’s time to act

Even if a pop culture versus password security quiz seems silly, don’t take the results too lightly.  

For every moment we ignore the importance of password security, a hacker is working their way closer toward your most sensitive personal information. And hackers are more active than you may realize. In 2017, Google investigators found that hackers swipe nearly 250,000 passwords every week.

What can you do to take action, and protect yourself?

Go back to the basics

We can’t reiterate the importance of password security enough.

As a rule of thumb:

  • The longer your password the harder it will be to crack
  • Passwords become more complex when combining factors like:
    • Special characters
    • Lowercase
    • Uppercase letters
    • Words not found in the dictionary

Additionally, remember to avoid reusing the same password for multiple accounts.

By making your passwords more complex, and unique, you make it harder for a hacker to attack via brute-force methods.

As another layer of protection, try adding a multi-factor authentication (MFA), also known as two-step authentication. This extra protection acts as a shield if a hacker were able to guess your password. The second level of security means the hacker would also need to know personal identifying information like where you went to elementary school, your first pet’s name, etc.

If coming up with a password is difficult for you, there are programs to help. EZPD, for example. creates passwords up to 96 characters long, with a mixture of numbers, symbols, and case-sensitive letters, to ensure maximum strength. EZPD also regenerates your passwords each time you need to enter them, so you don’t have to worry about storing or remembering complex passwords.

Don’t be a statistic, improve your password strength today.

What you need to know about password cracking software

Cyber attacks are a constant threat. Instances like Target, LinkedIn and Equifax’s data breaches are becoming more common, in addition to pointed attacks at individuals.

In order to obtain our information, hackers often use password cracking software. 

Password cracking is a tool hackers use to compromise your accounts (Photo/WikimediaCommons)

Do you know what goes into the process of password cracking? And, do you know what steps you can take to protect your information?

What is password cracking?

Password cracking is the process of guessing or recovering a password from stored locations. Once a password is obtained, the hacker will use the information to gain unauthorized access to an account.

There are a handful of ways hackers can find your passwords.

How password cracking works?

One thing to notes is that a hacker isn’t always a masked person in a remote area. It could be someone you know. One way a hacker can gain unauthorized access is by guessing passwords based on their knowledge of your personal attributes. For instance:

  • Name combinations like variations of your name, shortened, full name, or nicknames
  • Hobbies like your favorite book, movies, car or celebrity.  
  • An important year or number, like the year you were born or a uniform number you wore.

Many people include these personal elements in their passwords, which makes them an easy target. If this sounds familiar to you, it might be time to change your password.

For more technical hackers, special software can be used in the password cracking process.

Two types of password cracking approaches

Dictionary

Dictionary attacks are conducted via software that scans through a list of preset passwords. For example, a hacker can make the software scan through a list of words from an actual dictionary, or from a list of the most commonly used passwords.

Brute-force

A brute-force attack uses every possible combination of letters, digits, and special symbols to determine the password. This is where the importance of a strong password comes in, the more complex a password the more difficult it is to hack, or the more powerful a hacker’s computing capability must be.

With a strong enough computer (and weak enough passwords) hackers can crack passwords in milliseconds.

Tips for protecting yourself from password crackers

Hacks can largely be prevented with a few simple steps.

The biggest problem with password protection is that many people don’t use strong passwords.

Use stronger passwords
Longer passwords with special characters and symbols are exponentially more difficult to crack. If developing strong passwords gives you a headache, look for a system to help. Software like EZPD generates complex passwords, up to 96 characters long, to help protect your most valuable data.

Eliminate the snowball effect

If your password is hacked on one site, the next thing your attacker is going to do is test the combination on other accounts. If your primary email and subsidiary websites share the same password, your hacker can have access to anything from your social media presence to your banking information. Create unique passwords for each of your accounts, and find a way to keep track of this information, safely.   

Enable two-step verification

By requiring more than just a password to access your accounts, you’re adding a second layer of protection. If a hacker can guess your password through brute-force or a dictionary attack, they will also need to know personal identifying information about you like where you went to elementary school, your first pet’s name, etc.

Be wise with your two-step verification questions and answers. Some of these questions can be uncovered by looking through your social media posts or searching Google. When you implement two-step verification, create a question and answer combination only you know the answers to.

Learn how to recognize phishing emails

Phishing emails are typically email correspondences from hackers masked as legitimate businesses.

The goal of the attack is to trick the recipient into revealing information like usernames, passwords or financial information by asking the recipient to “confirming” the information on the phisher’s website. Though the emails often look legitimate, pay attention to the misspelling of words, and the URL of the sender’s webpage.

If you want to learn more about the importance of password protection read more on EZPD’s blog.

 

5 Tips for creating a better password policy at your company

We don’t just create accounts and credentials as a frivolous act. Accounts are designed to protect something, like your most critical assets. So why create accounts for security, without implementing security protocol?

The most utilized form of authentication for accessing an account is a username and password. 

The most common authorization protocol is a username and password. How can you ensure your assets are safe? (Photo/Free Stock Photos)

Unfortunately, weak passwords, smarter automated password-cracking programs, hackers, and spammers have rendered this type of authentication the weakest link in cybersecurity.

Therein lies the problem, our weakest security link is protecting our most valuable resources. For that reason, implementing a better password policy to protect your resources is imperative.

Here are five steps for implementing an effective password policy at your company.

The importance of a strong password policy may seem obvious, but many organizations haven’t created a formal procedure each employee must adhere to. Here are five tips for implementing an effective password policy.  

Don’t change passwords often

Against popular belief, regular password changes might be more detrimental to cybersecurity than previously thought. According to National Cyber Security Centre (NCSC), changing passwords every 30 to 90 days may not carry any real benefit because when compromised, because hackers will exploit the vulnerability immediately. Changing passwords often can lead to password syndrome, and be counterproductive.

Place all devices under your policy

Outline which devices need to follow password policy including:

  • Personal computers
  • Laptops
  • Company-issued cell phones
  • PDAs
  • USB memory keys
  • Electronic organizers

Or any other device that is connected to your company’s network. Hackers can find backdoors in any connected device. Implementing comprehensive password requirements is critical for blocking attackers.

Create specific password requirements

The longer and stronger our passwords are, the more impenetrable they become. Set requirements that outsmart password-cracking programs.

Here is an example of what it takes to create a strong password:

  • All passwords must be at least ten characters in length and must contain;
  • At least one number
  • At least one special character
  • At least one uppercase and one lowercase character
  • Cannot contain your first name or last name
  • Cannot be an exact match of your last two passwords. 

Limit your surface area

Only provide login credentials to staff that absolutely need access to the resources. By limiting access, you’re giving yourself a smaller surface area to protect. Less staff access means less room for human error and fewer passwords with the potential to be hacked. When you do need to share confidential information, do so with password protected file transfers. Consider linked licenses like the ones EZPD creates for incognito passwords, which are invisible to hackers.   

Give your team the tools to succeed

The best way to enforce your password policy is to ensure your entire team is on the same page, and have what they need to implement the policy seamlessly.

Provide your team with software that helps create strong passwords.  

EZPD is a great solution for workplace password generation and regeneration. EZPD is easy to customize for your internal password requirements. The proprietary, node-locking system EZPD uses means passwords are invisible to hackers. And, rather than storing passwords, EZPD regenerates passwords on demand. This cutting-edge take on password creation keeps passwords from being your weakest security link. Learn more about EZPD’s unique features.  

 

Why medical devices are in dire need of better password protection

Doctors, nurses and other medical practitioners access and assess medical devices daily. Medical devices include anything from MRI machines and X-ray machines to personal medical devices like heart monitors. 

Connected devices such as defibrillators can be hacked causing irreversible damage. (Photo/AF.Mil)

In order to gain access to medical devices, staff members need to enter their personal identification information – usually a username and password.

Manually entering this information into a device each time it’s accessed can be tedious. For that reason, username and passwords are created without the complexity necessary for proper cybersecurity.

If these medical devices are connected to a hospital’s network, insecure passwords can be a major risk.

How cybercrime with medical devices occurs

Medical devices are a backend for hackers.

When hackers attempt to breach networks, they look for any vulnerability possible. Medical devices are an accidental find for many hackers. In most cases, hackers aren’t targeting devices specifically; rather they discover medical devices have what’s needed for easy access to a network.

A six letter password, with no special characters, only takes 20 minutes for a hacker to guess. If there is a medical device with a low-security password, that is connected to the hospital or medical facilities network, that means it can take a hacker 20 minutes to compromise your entire system.

From patient care to compliance mandates, cyber hacks are detrimental.

What happens when medical devices are hacked?

When medical devices are hacked, significant risks follow:

  • Data can be manipulated
  • Viruses can be implemented into the system
  • Patient care can be lost
  • Hospitals can lose money
  • Reputations are at risk

When medical devices are subjected to bad actors, intended operations of devices can be manipulated. For instance, if a hacker accesses common devices like cardiac defibrillators, pacemakers, or infusion pumps, they can alter doses or functions that can ultimately harm, or kill a patient.

WannaCry or Petya ransomware attacks are also dangerous for medical facilities. During these attacks, hackers held medical devices and computers containing important patient data at ransom for around $300 per device. When you factor in that US hospitals currently have between 10 and 15 connected devices per bed, you can see how costly ransomware can be.

One hospital in West Virginia was forced to buy an entirely new fleet of computers because it was less expensive than paying for the ransom. Still, much of their patient data was lost, and hospital operations were halted.

How can you protect your medical devices?

There are plenty of incredibly terrifying scenarios when cybercrime strikes. What can you do to prevent cyber attacks at your medical facility?

At the very least, implement a two-step authentication before personnel can access medical devices. Two-step authentication is an extra layer of security that requires not only a password and username but also a piece of information only the user should know. This means a hacker’s software may be able to crack a password, but it cannot answer a personal question, rendering the device safe for the moment.

Limit access to your network only for personnel who need it. The fewer credentials hackers can pry upon, the smaller the risk your medical facility is in. Can you share an EZPD linked license, with a complex, secure password for medical devices?

Require stronger passwords, and provide the tools for better password security. Enforce password requirements like character count and diversity. Don’t allow common passwords that may be at risk of hacking.

By providing your staff a tool like EZPD you can help your team create strong, virtually untraceable passwords that won’t give them password syndrome.

Learn more about EZPD and how it can be a layer of protection on your medical devices, the keys to your entire hospital network.

 

Outside or internal attacks, which is the bigger cyber threat to financial services?

Many financial service organizations pay close attention to security measures that can prevent outsider attacks while focusing less on internal threats. No organization likes to think their employees— either maliciously or mistakenly— will cause harm to their organization, but it’s a very real threat.

Malware is one of the techniques cyber criminals use to gain profit from the financial service industry. (Photo/Flickr)

In fact, IBM and the Ponemon Institute estimated that in 2016, while 50% of data breaches were caused by malicious or criminal attacks, 27% resulted from system glitches and 23% from negligent employees. The balance shifted slightly in the most recent data from the 2017 study which said that 47% of all breaches in this year’s study were caused by malicious or criminal attacks, 28% from negligent employees, and 25% system glitches.

Year-over-year, the balance between outsider and internal cybercrime is neck and neck. So, should financial service organizations rethink their strategy?

What does the data mean?

Most importantly, these statistics reveal that data security strategies need equal protection against both internal and external threats.

Common insider cyber issues

Sometimes these attacks aren’t meant to be malicious, there are instances of glitches or mistakes that can lead to lost data. For example:

  • Lost laptops with easily compromised files and folders
  • Insecure login credentials that are easily compromised
  • Human-error
  • Weak infrastructure

While these harmless mistakes may make up a part of the internal threat, there are also more malicious objectives from employees that should be addressed as well.

Insiders, especially in the finance vertical, have access to sensitive information on a regular basis. These employees may also know how the information is protected and where vulnerabilities are. If your employees want to steal it or leak information for personal gain, they likely can do it with greater ease than outsiders.

Common issues for outside crime

Some of the outside crime can also overlap with vulnerabilities from internal negligence. To enter a network, cyber criminals usually need credentials of an internal member. Employees with weak passwords or companies with lackluster password policies may make it easier on cybercriminals. Some common methods and viruses’ hackers use to gain access to your site, software, or network include:

Once inside the system, it can take anywhere from a few seconds to a few months before the attack is noticed.

Which is costlier?

Insider or outsider, there is no good way to be breached. They are both devastating. But is one more expensive than the other?

In general, according to IBM and Ponemon Institute, malicious attacks were more expensive on their face, “Companies that had a data breach due to malicious or criminal attacks had a per capita data breach cost of $236, significantly above the mean of $221. In contrast, system glitches or human error as the root cause had per capita costs below the mean ($213 and $197, respectively).”

Still, there are additional costs associated with internal breaches that are difficult to account for. What if your employee is selling secrets that now limit your revenue growth? How about the cost of attrition, hiring new employees and fixing your reputation?

Internal threats are certainly worth paying attention to.

How to protect your company from both threats

To effectively prevent data breaches, companies in the financial industry need to invest in the infrastructure and expertise to protect themselves. Here are a few tips that can be easily implemented:

  • Consider hiring a Chief Information Security Officer (CISO), who is a trained and certified staff member responsible for developing, executing and maintaining a security and emergency incident response plans to ensure you are prepared in the event of a breach.
  • Implement employee training on cybersecurity so they can be aware of the importance of password protection, and common schemes that cybercriminals use.
  • Require safeguards like stronger password security, more complex passwords that are difficult to hack.
  • Keep track of employee access levels and change them accordingly and frequently. Use systems for safe, secure document sharing and only provide access to employees who need it.
  • Change passwords regularly and immediately after an employee leaves.

Learn more about how EZPD can complement your current cybersecurity efforts and protect your company both internally and externally.

Questions about cybercrime every finance company needs to ask

Financial service companies are a massive target for cybercriminals. This is—and will continue to be—inherently true due to the nature of the business. Financial service companies manage sensitive data, which is a draw for criminals who sell sensitive data on the black market for profit. And every company is only one mistake away from a cyberattack.

The financial service industry is highly targeted for cyber crimes. (Photo/Creative Commons)

In 2015, online magazine QZ, discovered a listing on the dark web selling an individual’s identity for $248.22, for this price, the buyer would also have access to an American Express with a $10,000 limit. Now imagine your customer’s data getting hacked. And hundreds, if not thousands, of identities and financial data are stolen.

That’s a decent payday for the criminal, and extraordinarily detrimental to your client list.

If you work in the financial services vertical, regardless of the size and scope of your organization, defending against cyber vulnerabilities will be the most important component of your reputation.

So, ask yourself some questions:

How closely do you monitor each vendor you work with?

Companies have recently found themselves falling victim to costly and damaging data breaches as a result of a third-party service provider’s security failures. In fact, the infamous Target data breach was a result of a third-party service failure. In this case, one of Target’s vendors fell for a phishing scheme which installed malware onto their computer. From there, hackers were able to gain access to target’s internal data by stealing the vendor’s login credentials.

As a security precaution, experts recommend companies demand that vendors accessing their systems use legitimate anti-malware software, a two-factor authentication for anyone accessing sensitive information, and strong password protection for files containing sensitive information.

How about your vendors’ third parties?

Much like monitoring your third-party, your vendor’s third parties can also be a risk.  If a third-party vendor is affected by a ransomware attack that takes them offline, how quickly would you find out about it? Do you know how that outage would affect your vendors? Additionally, would you have protections in place if the attack spread to your vendor, who is the direct tie to your critical information?

How widely does your organization operate?

If your business operates in more than one location, have you taken the time to understand how security risks change per region?

According to Information Systems Audit and Control Association (ISACA) companies with multinational locations often have variances in their security model. This variance can create holes in security. Additionally, data are transferred and modified across multiple systems, which may result in discrepancies and possible errors.

You could also apply this thought process to your vendors as well. What regions do your vendors operate in? What regions do their vendors operate in? Does their multinational business model make your data less secure?

Keeping up with cybercrime patterns and learning how other thought leaders in the space are defending themselves is imperative to your protection. Cybercriminals are becoming more sophisticated than ever which means your defenses need to continue to evolve as well.

Take action today

The first line of defense for any organization is always password management.  When communicating sensitive information with your vendors and staff, consider using a password management system that makes login credentials for internet accounts or data files invisible.

EZPD is a password generation and regeneration software that allows users to create complex passwords using node-locking technology, which means all traces of the password can be hidden.

Additionally, EZPD is different than most password managers because it does not require a master password (because we know a master password can still be compromised). And, EZPD does not use a cloud or a server to remember what passwords have been generated.

EZPD is a stealthy password generation software, learn more about our capabilities.

Why your company is only one mistake away from a data breach

Your company’s cyber protection is only strong as your company’s weakest password.

As a business owner, your reputation is of utmost importance. One mistake can jeopardize your success. 

Your workplace’s cybersecurity is only as strong as your weakest password. (Photo/Wikipedia Commons)

It’s unfortunate— but realistic—that your employees don’t share your devotion or urgency to protect internal data. This means you’re only as strong as your organization’s weakest password. And, according to a recent study by Verizon, 63% of data breaches are caused by weak, stolen or reused credentials.

With that in mind, it becomes increasingly important for business owners to be proactive. How can you ensure your employees are creating and storing passwords well?

Tips for strengthening your passwords internally

  • Never allow an admin to manage software or assets under their name. Always insist accounts are under the organization’s name.
  • Centralized ownership and control over passwords.
  • Immediately reset passwords after employees leave.
  • Create role-based access permissions.
  • Require your employees to change their password every 90 days.
  • Create password requirements to ensure their strength.

Staying on top of password protection can be difficult. To take control of your employee’s password strength, it’s on the employer to provide the tools necessary for success.

Provide your employees with EZPD

When a company requires employees to change their password often, running out of password ideas is commonplace. The process can cause less creativity or redundancy with passwords used. So, it should come as no surprise that 73% of online accounts are guarded by duplicate passwords.

Using duplicate passwords is risky because if one account is hacked it can create a snowball situation. Any data in your network, protected by duplicated passwords, will be at risk in the event of a data breach.

Which makes EZPD a viable solution for business owners.

EZPD is revolutionary software that allows its users to easily generate and regenerate complex passwords. Users can specify what characters, symbols and length to meet their password requirements. Then, at the click of a button, a password will be generated. EZPD also offers several features unheard of in current password management systems. This eliminates password syndrome and creates unique benefits for an organization.

A cloak of invisibility

One of the differentiating features of EZPD, compared to other password management programs, is that you never have to make your password visible with EZPD.

EZPD operates from a license file and node-locking system. This means two things:

  1. Passwords are connected to a license file which is registered to unique devices. Only those with access to a license file can access their passwords. As long as a user has access to their license file, they are able to:
    • Generate a password
    • Then delete EZPD from their computer
    • Redownload EZPD when they need to access their password
    • Regenerate passwords at the click of a button
  2. When a user generates or regenerates a password with EZPD, the information is automatically copied, which means the user simply pastes the string of characters into the necessary account.

If the user wanted to ensure security, they would never need to make their passwords visible. This cloak of invisibility makes it difficult for passwords to be stolen.

Role-based access permissions

EZPD also allows its users to share license files. If a sensitive data file needs to be shared to specific shareholders in a company, it’s best to password protect the file and find a way to share the password securely than risk submitting it via email, chat or as a written note.

With EZPD software, license files can connect multiple, authorized devices, which can regenerate the same passwords for programs without submitting them electronically or manually. It also guarantees centralized and controlled ownership of important data.

Like password generation or regeneration with an individual license file, only those with access to a license file can access their passwords, and once a password is generated, it simply needs to be pasted into the password field. There is no need to make the password visible.

EZPD can be redownloaded as often as necessary and users can create over 3,500 unique passwords through the program. Learn more about the unique features of EZPD and how it can protect your business from being breached.

How is EZPD different than other password managers?

In today’s word, most of us realize the importance of creating strong passwords to protect our most sensitive information. We understand that using the same credentials for each account is dangerous because one breach can easily snowball into something far more serious and wide-reaching. 

Password managers have shortcomings many users aren’t aware of. (Photo/Pixabay)

But, when it comes to keeping track of our passwords, well that’s a different story.

Because of the complexity and number of passwords we deal with each day, many internet and software users try programs that store their passwords for easy access and organization.

What most people don’t realize is, password managers are also susceptible to hacking.

What is a password manager?

Most password managers generate and store online passwords for its users. Many users also store other information like PINs, credit-card numbers, CVV codes, answers to security questions to their password managers as well.

Some other common attributes of password managers may be that they automatically log into sites for you, or audit your password strength. Others verify that you’re not using the same in too many places.

While these features seem positive, there is one glaring red flag users need to be aware of.

How password managers store your information

Most password managers require a master password. This is the one and only password you need to remember, and it unlocks the vault which holds all of your information. If this master password is compromised, so is all of your information. This poses an additional problem for users who store financial data on their password managers.

The second problem with password managers is how individual companies store data. Many password managers use a cloud or a server to remember what passwords they have generated for their users. Therein lies the problem. Servers and clouds can also be hacked.

Therefore, what seems like a secure method for password generation may not be after all.

What to look for in password management

The best password protectors should have components within them to ensure your true protection. So, what specifically is the most important thing to think about when it comes to a password manager?

Storage

The best password managers will not store your information on the cloud or otherwise. EZPD, a password generation and regeneration program, takes a unique approach to password protection.

EZPD uses a node-locking software which means that your password is never stored, only regenerated at your devise. And only computers with your unique license file are able to regenerate your password.

Master passwords

Rather than remembering a master password, EZPD equips its users with a license file. Upon signing up for EZPD, you’ll be emailed a unique license file that only works on your authorized computer. The license file is what activates and deactivates the node-locking software.

You can erase the license file from your computer after you’ve accessed your passwords and redownload it as many times as you want.

By using a license file, hackers from the outside are unable to locate where your passwords are stored making it virtually impossible to compromise them.

Flexibility

In addition to safe storage and a license file, you also need a password manager with flexibility.  EZPD makes it easy to create an unlimited amount of unique and complex passwords. With EZPD you can customize the length (up to 96 characters) and which symbols, characters and case sensitivity you need to satisfy password requirements.

Above all, it’s important to remember that not all password managers, and the characteristics associated with them, are created equally. Picking the best password manager is important for your safety and protection.

Learn more about how EZPD can protect you today.

How thieves are stealing your tax return

We are in the midst of tax season. And, while we are busy collecting our w2s, 1099s and 1095s, identity thieves are equally busy scheming their next attack.

Tax-related identity theft is one of the IRS’ “Dirty Dozen” tax schemes. (Photo/Flickr)

Tax-related identity theft is when someone uses your Social Security number to file a tax return and fraudulently claim your refund. Tax refund fraud affects hundreds of thousands of U.S. citizens each year. In fact, the IRS estimated that during the first nine months of 2016, the agency was able to stop 787,000 fraudulent returns totaling more than $4 billion. Unfortunately, the IRS still paid out $239 million in “suspect” refunds, which means thieves have a lucrative incentive.

Not to mention, after the Equifax breach in 2017, the IRS worries leaked social security numbers will increase the number of tax-related identity theft significantly for this coming tax season. Additionally, early reports show that identity thieves who specialize in tax refund fraud have been hacking online accounts at multiple tax preparation firms to uncover sensitive information.

Tax-related cybercrime is currently listed as one of the IRS’ “dirty dozen” scams to look out for.

It’s imperative to stay ahead of the curve. Learn about common tax season fraud schemes, what red flags indicate you may be a victim, and what you can do to stay protected.

What are the red flags?

The worst part of tax-related identity theft is that most victims don’t even know they’ve been preyed upon until their tax return gets rejected because scammers beat them to filing it.

If you start to receive payments or information about your refund before you’ve filed, it’s a strong indicator that you may be a victim of tax-related identity theft. According to the IRS, other telltale signs to look for include:

  1. More than one tax return was filed using your SSN.
  2. You owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.
  3. IRS records indicate you received wages or other income from an employer for whom you did not work.

Additionally, it’s common for criminals to pretend to be debt collection agency officials acting on behalf of the IRS. Criminals will place harassing phone calls urging you to pay your debts.  

What can you do if you’ve fallen victim to identity theft?

If any of the aforementioned red flags have happened to you, take action quickly. The Federal Trade Commission (FTC) recommends these steps if you’ve been breached:

  1. File a complaint with the FTC at identitytheft.gov.
  2. Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records. The three credit bureaus are:
    1. Equifax
    2. Experian
    3. TransUnion
  3. Stay on top of your credit history. Contact your financial institutions and close any financial or credit accounts opened without your permission or tampered with by identity thieves.

How can you protect yourself?

While the IRS recommends that you file early to ward off thieves from claiming your tax return first, this doesn’t solve everything. If your data has been compromised, thieves can still create a messy financial situation for you. Additional advice for ongoing cyber protection is the following:

  1. Always use security software with firewall and antivirus protection.
  2. Learn to recognize and avoid phishing emails. Do not click on links or download attachments from unknown or suspicious emails.
  3. If you receive threatening calls and texts do your due diligence. Is it a scammer posing as legitimate organizations such as your bank, credit card companies and even the IRS?
  4. Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.
  5. Use strong passwords. Your passwords will always be your first line of defense. That makes it increasingly important to create strong and undetectable passwords. One way to do this is through EZPD.

EZPD is a platform that allows users to easily create strong, secure passwords up to 96 characters long. After you’ve entered your password, you can delete all traces of EZPD and your password from your computer for optimum security.

When you need access to your locked accounts, EZPD allows you to easily regenerate the same password when you need it. This increased password strength makes it practically impossible for a hacker to steal your passwords and access your accounts fraudulently.

It’s also possible to get a shared license so you can send your tax information through EZPD password protected files to your tax preparer with confidence. Learn more.