Password Mangers: What to Look For

PC World has a review of password managers (they like Lastpass), but perhaps more important, they provide a list of reasons to adopt one of these products:

  • Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
  • Autofill and auto-login: Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
  • Secure sharing: Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
  • Two-factor authentication: To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
  • Protection for other personal data: Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and automatically filled into web forms when we’re shopping or registering an account.

Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.

Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks 

Ransomware can kill you. Fatal heart attacks are more common at facilities that have security breaches:

Just As PBS noted in its coverage of the Vanderbilt study, after data breaches as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined.

The researchers found that for care centers that experienced a breach, it took an additional 2.7 minutes for suspected heart attack patients to receive an electrocardiogram.

“Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes,” the authors found. “Remediation activity may introduce changes that delay, complicate or disrupt health IT and patient care processes.”

“The exploitation of cybersecurity vulnerabilities is killing people,” Scanlon told KrebsOnSecurity. “There is a lot of possible research that might be unleashed by this study. I believe that nothing less than a congressional investigation will give the subject the attention it deserves.”

Source: Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security

Take Affiliate Site Reviews With a Grain of Salt

Krebs on Security has a warning about reliability of reviews on sites funded by affiliates (i.e., receiving a commission on products sold through the site, like the Amazon Affiliate program)

For better or worse, there are hundreds of VPN providers out there today. Simply searching the Web for “VPN” and “review” is hardly the best vetting approach, as a great many VPN companies offer “affiliate” programs that pay people a commission for each new customer they help sign up. I say this not to categorically discount VPN providers that offer affiliate programs, but more as a warning that such programs can skew search engine results in favor of larger providers. That’s because affiliate programs oft

Why Employees Don’t Share Knowledge with Each Other

A few of the interesting points from a Harvard Business Review article, Why Employees Don’t Share Knowledge with Each Other:

What motivates people to share or hide knowledge? When we analyzed the data on what motivates participants to share or hide knowledge, we categorized their responses as being either “autonomous motivation” (which means doing something because it is meaningful or enjoyable) or “controlled motivation” (which means doing something to get a reward or avoid a punishment). Our results showed that knowledge sharing is more likely when employees are autonomously motivated (for example, they’d agree with the statements “It’s important to share what I know with colleagues” or “It’s fun to talk about things I know”). In contrast, people are more likely to hide their knowledge when their motivation is driven by external pressures (“I don’t want to be criticized” or “I could lose my job”).

This means that pressuring people to share knowledge rather than making them see the value of it doesn’t work very well. If workers do not understand the importance of sharing knowledge to reach unit or organizational goals, they will be less likely to share that knowledge. And if workers are pressured into sharing what they know, it could backfire. If they’re afraid of losing a competitive advantage, they may be even more reluctant to reveal information.

“Pressuring people to share knowledge” has limited value. Creating “autonomous motivation” is critical.

Training Tip 4: Mobile Learning Options

Fueled by the widespread adoption of smartphones, iPods and similar devices, Mobile Learning, aka MLearning, has become a major educational trend. Such training is frequently delivered in the form of “MP3” files, delivered through a mechanism known as “podcasts.” While Apple iPods, wonderful devices since discontinued) nearly any smartphone (iPhone, Droid, etc.) or personal computer can also play podcasts with the help of earphones or speakers. Podcast Insights has a section explaining the basics.

Many organizations are taking advantage of this new training vehicle. For example, the Legal Talk Network distributes podcasts of interest to lawyers, and legal technology guru Dennis Kennedy has an article about the value of listening to podcasts. Many other respected organizations use podcasts or MP3 files:

The latest POGO example is a lecture by the Office of Special Counsel’s (OSC) Adam Miles, who reviews OSC’s interaction with federal whistleblowers. This training was originally part of a series POGO provides to educate congressional staffers. Other podcasts from the same series are available.

The Office of Government Ethics has also at least put its toe into the water, having prepared a podcast of “the Senate-confirmed nominations process and video clips that provide scenarios for discussion during training sessions on ethics restrictions on seeking employment.”

We see the biggest value of podcasts as a low-cost, low-hassle supplement to the rest of your ethics program, including a way of reaching certain “high value targets” like senior managers, many of whom are into multi-tasking. With so many prestigious organizations using them successfully for other training, this appears to be an area with enormous untapped potential.

Draft KM Book Preface: Frieda Riley

I use this “Off The Clock” category for topic of personal interests, on this occasion a memoir about a teacher who gave me my first clue about thinking clearly.

I dedicated my first book, The Complete Internet Handbook for Lawyers, to the best teachers I had in high school, college, law school and two people I encountered later who influenced me greatly:

Frieda Riley, Big Creek High School

J.B. Shrewsbury, Concord College

Robert G. Lawson, University of Kentucky Law School

Larry McGoldrick, Capital Area P.C. Users Group Volunteer Instructor

Larry Fröhlich, Federal Reserve Board

The attached file is the preface to a book I am writing about knowledge management for law firms. It uses Freida Riley’s example to make an important point for lawyers. I’m posting it here for the benefit of friends in the BCHS 70 group. Some of them had trouble reading the PDF, so here is an MS Word version.