Two Factor Authentication – Your Pass Wed, 24 Nov 2021 12:55:18 +0000 en-US hourly 1 Two Factor Authentication – Your Pass 32 32 Some Wear OS users cannot add / copy Google accounts during setup Wed, 24 Nov 2021 12:28:22 +0000

New updates are added at the bottom of this story …….

The original story (published January 19, 2021) follows:

Several users who have recently reset or purchased a brand new Wear OS device are now virtually unable to use it. This is due to a new bug that has emerged regarding adding or copying Google accounts.

According to reports, copying Google accounts from the phone to a Wear OS smartwatch does not yield any results as it returns errors such as “We could not copy your accounts” or “Error 400”.


I have tried several ways to connect my google account to my OPPO WATCH so that I can use the extra features and it will show on a blank screen after entering my password or reading a 400 msg error.

I just bought a new Suunto 7. I have set it up a few times now, but still cannot get my google accounts from my phone, the smartwatch. The WearOS app runs in a blank page or displays error 400 or just indicates that the account was not added. I have reset my watch several times. I cleared the bluetooth information on my phone and cleared the cache of portable devices from Google services.

The above does not always happen, as the process can also cause the Wear OS app to turn into a blank white screen without returning an error message.

Moreover, the problem is not limited to a single model of smartwatch, as complaints are coming from users of Suunto, Fossil, Casio, Ticwatch, Huawei, Oppo and probably others as well.

In addition, there is currently no official recognition from Google on this subject. This is only plausible, however, as the first reports of the problem only started coming in about five days ago.


It is also worth mentioning here that several users reported that the problem was gone for themselves on their own, after which they were able to log in without any issues.

If you’re not one of those lucky users, don’t worry, as several complainers have been able to work around the issue by simply disabling two-factor authentication. You are also free to try.

But if that doesn’t suit you, you can also try wiping data from Wear OS, Google, and Google Play Services apps.


Again, it’s quite possible that Google has already silently solved the problem. The fact that several recent comments said the problem had magically disappeared for them is testament to this.

However, this is not clear at the moment as there is still no official word from Google.

That being said, we will continue to monitor the matter and update this article as the situation evolves.

Update 1 (November 23)

IST 11:35 am: Months later and still a bunch of Wear OS users are having trouble logging into their Google accounts and now it’s plaguing Galaxy Watch 4 users.

google wearos account problem

Update 2 (November 24)

IST 5:52 p.m .: One person claims they were able to resolve the issue by signing out of other Google accounts on their phone.

Hi guys i found the error, at least in my case i tried a stupid weird case, and deleted the other google accounts i had in my phone, and tried , guess… WORKS! (Source)

PiunikaWeb started out as an investigative tech journalism website, focusing primarily on “breaking” or “exclusive” news. In no time at all, our stories were picked up by Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, MacRumors and many more. Do you want to know more about us? Head here.

Source link

Local News: Putnam County Sheriff’s Office Returns With New Facebook Page (11/22/21) Mon, 22 Nov 2021 19:51:55 +0000

Courtesy of the Putnam County Sheriff’s Office

It has taken years to build a customer base of over 20,000, and who knows how long it may take to rebuild it.

However, after an infuriating multi-day break, the Putnam County Sheriff’s Office was back with a new Facebook page as early as Sunday afternoon.

A hacker had taken over the old page last week, changing the name, profile and cover photos, and the type of content posted on the page.

On Sunday, however, the ministry was back with its first post on the new page at

?? A new day, a new page, ??? the position opened. ?? Hope we can get back to normal. ??

What ?? normal ?? will look like leftovers to see, as the old page had over 20,000 subscribers. In addition, the positions of Cpl. Scott Ducker, the department’s public information officer, has not only attracted local attention, but has at times attracted the interest of state or, on occasion, national news sources, in part because Ducker’s engaging sense of humor.

Either way, the page got off to a good start on Monday afternoon, going from zero to 2,000 subscribers in just 24 hours.

Ducker did his best to go through official Facebook channels to retrieve the lost page, but eventually gave up, finding the tech giant not too useful.

?? We tried to retrieve the old page, but FB did NOTHING to help us retrieve it, ?? the post read. ?? It’s almost as if some social media platforms aren’t very supportive of law enforcement.

The post encourages followers to like the new page and unsubscribe from the old page, as well as follow the new PCSO Twitter page at

Before signing the opening post, Ducker also uses it as an opportunity to educate the public on how to avoid similar issues on social media.

He notes that he had two-factor authentication with a complex password, but the determined hacker still gained access.

?? Some changes have been made to this page to help increase security, hope this helps, ?? Ducker wrote. My point is, be extremely careful what information you put on your social media account. Remember that in the end, this is not YOUR page. It is the property of Facebook. We’ve seen firsthand how receptive they are to helping out when you’re locked out and someone else is in full control.

Source link

Best Practices for Protecting Your Data in the Era of Online Commerce Fri, 19 Nov 2021 15:44:38 +0000

By Milica Vojnic

Online stock trading is something that started out as a hobby for many people, but in recent years it has become a serious source of income for many online stock traders. Online stock trading is popular because specialized platforms allow stocks to be traded without highly specialized training and equipment. In short: anyone with a computer and capital can become a stock trader from the comfort of their own home.

Naturally, this has also created an opportunity for cyber criminals who seek to gain unauthorized access to the computers of unsuspecting victims and ultimately their actions. For this reason, it is essential that any computer and / or network used for online stock trading is protected against hackers, viruses and malware.

Why is online stock trading vulnerable to hacking?

Online stock trading platforms are generally very secure, but the connection between your computer and the stock trading platform could be a weak link that hackers could exploit. Aside from that, it is also important to make sure that the online stock trading platform you choose to use is well known and has a good reputation. Larger, more well-known stock trading platforms are likely to invest more resources in security, which ultimately means your stocks and data are more secure. However, choosing a secure online stock trading platform is only the first step in keeping you and your stocks safe online.

Adopt general safe browsing habits

Common sense is a very powerful tool in the fight against online fraud. By doing simple things like not opening email attachments from unknown sources or downloading and installing unknown software, you can do a lot to protect your PC. Also, try to avoid visiting sketchy websites which may be infested with malware.

Use strong passwords

Always choose hard-to-guess passwords for your online accounts. This means that you must use a combination of numbers, letters and special characters. Also, avoid using personal words or events as passwords. For example, your dog’s name is not a good idea for a strong password. For ultimate password peace of mind, consider using a password generator to create random strong passwords. It’s also important to remember that you shouldn’t share your passwords with other people or leave them in places where they can be easily found.

Use two-factor authentication

Two-factor authentication offers an easy method to add a lot of extra security to your online account. Two-factor authentication makes it harder for cybercriminals to access your account by forcing you to enter your password and a randomly generated code before you can access your account. The randomly generated password is usually sent to your mobile device or email address, which means that a potential hacker should be able to gain access to your device before they can access your online stock account.

Make sure linked accounts are secure

Keeping your online brokerage account secure also means protecting your other online accounts. For example, many online stock trading platforms can be linked to your bank accounts, email accounts, and in some cases, social media accounts. Each of these accounts can provide a route for hackers if they are not equally secure. Therefore, it is important to make sure that you regularly change passwords for your frequently used online accounts. In doing so, you make it more difficult for hackers to gain access. The best way to protect your account is to avoid associating other accounts with it as much as possible.

Choose to use biometric access when possible

In many cases, online stock trading platforms come with a mobile app, which can also be used to access your stock trading account. If this app offers biometric login, it’s a good idea to use it. Using biometrics to access your accounts is often more secure than using traditional passwords. In many cases this feature is available but must be enabled before it can be used.

Make sure account notifications are active

Enabling account notifications ensures that you are immediately notified of suspicious transactions on your account. Enabling account notifications for all sensitive transactions such as fund movements, user changes, and changes to linked accounts can alert you to fraudulent activity in time to react and avoid a major loss.

In conclusion

As is the case with most online business, online stock trading is not immune to cybercriminals and their activities. It is important that everyone who uses these platforms acts with caution and follows the basic rules of internet security. By doing this, you not only protect your investment from hackers, but you also get a lot more out of the experience.

Authors biography : Milica Vojnic is Digital Marketing Manager for Wisetek. Milica regularly advises companies on the importance of an effective data destruction policy for better cybersecurity.

Source link

HID Global Crescendo Cards Now Have Full Digital and Physical Contactless Capabilities Wed, 17 Nov 2021 23:27:00 +0000

HID Global announced that its HID Crescendo® smart card family now supports HID® iCLASS® identification technology.

Cards allow users to seamlessly unlock doors, data, and their computers through a single, high-assurance authenticator that supports an organization’s Zero Trust security policy.

WHO: HID Global is the leader in seamless and converged access to the physical and cyber workplace. It has now extended the benefits of its Crescendo HID cards as an all-in-one solution for physical access and strong authentication in the digital workplace, on-premises and remotely.

WHAT: Crescendo C2300 smart cards allow organizations to issue a corporate ID badge that functions as a universal identifier, supporting FIDO, PKI and OATH, as well as options for Seos, Prox, MiFARE and now iCLASS® for physical access. Key elements of HID Global’s identity and access management multi-factor authentication ecosystem for staff, Crescendo cards and USB drives can be managed with the HID WorkforceID ™ cloud-based platform at the time of the launch. printing badges, issuing PKI certificates and enabling Oath-based authentication for IT systems and networks.

WHY: The addition of HID iCLASS 32K ID technology to the HID Crescendo C2300 cards expands user options for a full contactless access experience. A similar experience is also provided with HID Seos, HID Prox and MiFARE DESFire EV1 technologies on dual interface C2300 cards. Contactless technology allows users to simply tap their cards to open a door, authenticate with Windows, VPNs, and cloud apps, or encrypt and sign data.

About HID Crescendo Authenticators and HID WorkforceID Digital Credential Manager

The HID Crescendo family includes smart cards and Universal Serial Bus (USB) keys that can be used on their own or managed by HID’s WorkforceID Digital Credential Manager service. The service supports a wide range of authenticators with the simplicity of centrally managed credentials and digital certificates. It combines a consistent access and authentication experience for users with a simplified administrator experience for deploying public key-based two-factor authentication.


Crescendo C2300 smart cards with HID iCLASS identification technology are available now. Click here for more information.

© Scoop Media

Source link

How to manage connection with Apple apps on iPhone and iPad Tue, 16 Nov 2021 06:10:39 +0000

“Sign in with Apple” is a highly secure and private way to sign in to third-party apps and websites using your Apple ID. It also makes the whole connection process quite quick and hassle-free. To change, you don’t need to create and remember new passwords, which can be a relief if you’re looking for a world without a password. On top of that, Connect with Apple works not only with Apple devices, but also with Android and Windows. Sounds intriguing? In this detailed guide, I will show you how to manage connection with Apple apps on iPhone and iPad.

How to use Sign In with Apple on iPhone and iPad

Before you start with Connect with Apple, it’s best to know what it is and how it works. If you know the basics, you can jump straight to the step-by-step guide using the table of contents below. However, if you want to start from scratch, start by eliminating the basics.

What is the connection with Apple and how does it work?

Sign in with Apple is a tool that protects your personal information from exploitation by third-party apps and websites. It allows you to log into apps / websites without having to provide your personal information. When you use Sign In with Apple, Apple generates a unique ID and shares it with the developer to keep your information private. As this identifier is separate for each developer, your personal information cannot be collected and shared everywhere.

On top of that, Sign In with Apple lets you hide your email address and also prevents trackers from creating a profile based on your behavior. With the privacy-centric Hide My Email feature, it allows apps, websites and businesses to contact you without receiving your email address. With iOS 15 / iPadOS 15, you can create an unlimited number of unique and random addresses for an email address field in Safari, Mail, and Settings. This, however, requires you to subscribe to iCloud +.

Besides the security aspect, Signing in with Apple is an effort to easily log into accounts on various apps and websites and eliminates the need to create and remember new passwords. If you’re prompted for your name and email address, Sign In with Apple will automatically fill in your Apple ID information. In addition, you also have the option to change your name and share your email.

What information does Apple collect when you use Sign In with Apple?

Now, you might be wondering what information Apple collects when you use Sign In with Apple. Although it knows every time you use the feature, it does not see or keep the history of the apps you connect with because that information stays on your device.

One thing you should know is that the first time you use Sign In with Apple with any app, Apple shares a simple binary score with the developer. This is done for security reasons to make sure you are a real person. Apple’s shared score is derived from recent activity in your Apple account and certain information about your device as well as usage patterns.

Create an account using Sign in with Apple

It’s easy to create an account using Sign In with Apple. Before you start, just make sure you have two-factor authentication enabled (Settings -> your profile -> Password & security -> Two-factor authentication).

Once activated, press the Sign in with Apple / Continue with Apple on the supported app or website. After that, you can choose to share your email or use the Hide My Email feature to protect your email. For better security, it is best to hide your email. After that, tap Continue and then confirm using your Touch ID / Face ID or password.

Create Sign in with an Apple account on other platforms

Just like iDevices, it’s easy to use Connect with Apple on the web and other platforms like Windows and Android. Just tap the Sign in with Apple button on the supported website / app, then enter your Apple ID and password.

There are a few things to keep in mind. When you use the feature for the first time, you will need to enter a verification code received on your trusted Apple device or phone number. On the web, you can skip additional verification for 30 days after your first login by trusting the browser you are currently using.

Popular apps with “Connect with Apple” support

There are a number of apps and websites that allow you to connect with Apple. Here is a list of some of the most popular:

  • Adobe reader
  • Kayak
  • Dining out
  • Drop box
  • Airbnb
  • eBay
  • Giphy
  • Twitter

How to View Apps Using Your Apple ID on iPhone, iPad

iOS offers a fairly easy way to keep track of all the apps that use your Apple ID. Here’s what to do:

  • Launch the Settings app on your iOS device, then tap your profile.
Profile section in Settings
  • Now select Password & Security.
Password and security option in settings
  • Then select Apps using Apple ID located under the Connect with Apple section.
Apps using the Apple ID option under Sign in with Apple
  • Here you will see a long list of apps that use your Apple ID and this is how you can view them.
List of applications using connection with Apple

View apps using Sign In with Apple on Mac, Web

If you want to view the apps that use your Apple ID on Mac, go to System Preferences -> Apple ID -> Password & Security -> Edit.

view apps using apple id on mac

You can also check the connection with Apple apps on the web. Go to -> Security section -> Choose Manage apps and websites from Sign in with Apple -> Manage section.

Prevent an app from using your Apple ID

If you want an app or website to stop using your Apple ID, you can easily revoke access. Note that the next time you use the app, it may ask you to create a new account.

  • Head to the Apps using Apple ID section under Password and Security via Profile Settings.
Applications using the Apple ID option
  • From the list of apps that appears, select the app that should stop using your Apple ID.
Select the app that will not use Apple ID
  • Then press Stop using. After that press Stop using again in the pop-up window to confirm the choice.
Prevent an app from using your Apple ID

Alternatively, you can press the Edit button in the upper right corner (on the Apple ID sign-in screen). After that, tap the red minus button (as shown in the screenshot below) to the left of an app and tap Delete. Make sure to tap Done at the top right to confirm.

Remove apps from Apple is the connection list

How to check the Hide my email address from an app

As mentioned earlier, Connect with Apple focuses on the security part and allows you to hide your email from trackers and malicious people. If you want to enable this feature or check which apps you’ve enabled it for, here’s what to do:

  • Again, head to the Profile section through Settings and reach the Password & Security section. Now press Apps using Apple ID.
Select apps using Apple ID
  • Now choose the app you want to check Hide my email address for.
Select a specific application
  • Check the “fake” email id located in the Hide my email section.
Hide my email from an app

How to change Hide my forwarding email address

Sign in with Apple also gives you the option to change your Hide My Email forwarding address. Just follow these steps:

  • As mentioned above, go to the Apps using Apple ID section through Settings.
List of applications using connection with Apple
  • Choose the app and tap the Manage option Hide my email settings.
Manage the Hide my email settings option
  • Next, scroll down and press the Transfer to option.
    Transfer to option
  • Here you will see your email addresses. Select a preferred email address, then tap Done at the top right to finish.
Select the preferred email address and press Save

Turn off email forwarding for an app using your Apple ID

If you no longer want to receive emails from any app, you can choose to turn off email forwarding.

  • Via the settings, tap Profile, then Password and security to reach Apps using Apple ID.
Select a specific application
  • Again, select the app and then Manage Hide my email settings.
Manage Hide my email settings

3. Then choose the application and deactivate the Transfer to option.

deactivate the transfer to

To note: In iOS 14 or earlier, go to the Settings app -> your name -> Password & security -> Apps using your Apple ID -> choose an app. Now turn off Forward to.

Convert an existing third-party account in connection with Apple

Some supported third-party apps and websites may allow you to upgrade an existing account to sign in with Apple. Additionally, if your device is running iOS 14 / iPadOS 14 or later, you may also have the option to convert your existing account to Sign In with Apple if the passwords for those accounts are easy to crack. Be warned that after converting your account to Sign In with Apple, you will not be allowed to change it again.

  • Go to the Settings app.
  • Select Passwords, and then select an app or website name under Security recommendations.
  • After that press Use Sign in with Apple then follow the prompts to complete the process.
Safety recommendations option

Usage tips Connect with Apple on iPhone and iPad

That’s it! This is how you can set up and use Connect with Apple on your iPhone and iPad. It works reliably on all platforms. So you can use it to protect your personal information no matter what platform you are on. That said, what do you think of Apple and what is the one thing that you find appreciable about it? Be sure to share your thoughts via the comments section below.

Source link

How to open a new account online Tue, 09 Nov 2021 18:15:15 +0000


Open a browser and go to

If you are an F&M Bank customer with an online banking username and password, enter this information at the top right to connection.

If you need to sign up for online and mobile banking, choose Register for online banking directly under the login portal.

Enter your username and password to log into online banking and open your new account.

Please note that for security reasons, two-factor authentication is required. A temporary password by SMS, phone call or by the Authy application if it has already been installed.

Click once on the three-dot button at the top right (…)

To choose Add an account and on the next screen, click Opening an account.

If you do not have an F&M Bank account, choose New account to start.

If you are an F&M Bank customer, choose Existing customer to start.

Note: After 15 minutes of inactivity, the process will time out for your safety.

On the next screen, click Staff.

Here you will choose your preferred bank location with the account you want to open: Check, savings, money market or CD. You’re just steps away from your new account!

Make sure to click on the + sign to choose your debit card option.

On the following screens, you will enter your personal information, contact details, joint account and beneficiary status, and upload a photo of your driver’s license or state-issued photo ID. If you are a current customer of F&M Bank, some information will be automatically filled in for your convenience.

Once you have completed the steps listed above, you will be prompted to review the disclosures and electronically sign to approve your new account.

Within two working days you will receive a confirmation email from F&M Bank. If no action is taken, you will receive a reminder email after ten days.

Congratulations on your new F&M Bank account! We value your business!

Source link

]]> 0
Security without passwords | Pipeline Magazine Mon, 08 Nov 2021 00:05:09 +0000

By: Lucas Budman

Everyone hates passwords. They slow us down. They can be complicated. And of course we have to remember so many of them.

Cyber ​​threat actors are the exception. Hackers love passwords. After all, passwords are easy to discover and use. And they are many.

In other words, hackers don’t break in, they log in with stolen passwords. In fact, 81% of data breaches start this way, making passwords the biggest attack vector in modern business. And although more than $ 16 billion was spent on Identity and Access Management (IAM) solutions in 2020, the problem continues to worsen. Existing two-factor and multi-factor authentication (MFA) tools are simply insufficient; they can improve poor security posture, but they do nothing to prevent phishing attacks, credential stuffing, or man-in-the-middle SIM card swaps. However, they cause significant friction between users and disruption of workflow, hampering their adoption and use.

A recent report from Forrester notes the increased criticality of IAM to secure access, ensure business continuity, and support remote workers while addressing evolving threats across workloads dispersed across site and in the cloud. The push towards an entirely remote workforce and the pressure of layoffs, rehires, contractors and role changes have exposed the fragility of manual governance of in-house identities and paved the way for a renewed interest in solutions without password.

But as organizations know too well, the identity and authentication management landscape is incredibly expensive and complex, and as Forrester analysts note, the adoption of too many security solutions in a short period of time. Time can lead to unforeseen integration challenges, tools that don’t match well with existing business processes and unnecessary or overlapping capabilities.

For businesses committed to supporting the transition to hybrid work, innovative and robust password-less enterprise technologies can help protect the business from rapidly growing cybersecurity threats while ensuring a seamless experience for employees who can. connect easily and securely from anywhere in the world without the need for outdated and insecure passwords. As Walter Yosefat of Wyndham Destinations noted: “As an CIO my vision has been to live in an era where user IDs and passwords are no longer needed and I am simply known to my people. applications and systems without the need to continually assert it. ”

Successful password-less deployments should reduce complexity, end fragmented user experiences, and streamline use case support to reduce costs. After all, great technology only makes sense if it’s useful and used. To remove the threat of compromised credentials and support a secure, easy-to-use solution, organizations should:

  1. Completely eliminate credentials with a completely password-less experience based on true identity and industry standards such as FIDO and FIDO2
  2. Deploy a Continuously Validated Behavior Based Identity and environmental signals
  3. Create a frictionless user experience

The best solutions available today align with the Zero Trust model. They constantly receive signals from a user’s smartphone, computer, network, and proximal environment to make highly secure decisions about identity and authentication. They also use sophisticated multipath optimization technology to find the most secure path to communicate identity to systems, applications and resources. But perhaps more importantly, the winning solutions offer pre-built, standards-based integrations across the entire identity stack to support full spectrum authentication. Remote integration and identity verification, workstations, SSO / applications, servers, VPNs, Windows, Mac and privileged access should all be supported, as should physical access via badge readers. Benefits include fast and secure deployment, shorter supply cycles, easier maintenance schedules, lower product subscription costs, lower integration costs, more accurate IAM policy management and reporting centralized.

Solutions must also be more than just a biometric alternative to passwords; they must offer frictionless access, coupled with an analysis of behavioral patterns and the ability to

Source link

]]> 0
What is OTP? Meaning explained Fri, 05 Nov 2021 22:59:00 +0000

WEBSITES and applications continue to deploy additional security features to protect user information and prevent hackers from entering.

Read on to find out what OTP means and why it’s such an important piece of tech slang to know.


Find out what OTP means and what it means for the security of your deviceCredit: Getty

What does OTP mean?

You may have seen the abbreviation “OTP” while logging into your email client, social media, or online banking account.

The term stands for “one-time password”.

If you log into an account after a long absence, or if you are using an unknown device, you may receive an OTP sent to your cell phone number or by email.

OTP is a step in two-factor authentication.

What is two-factor authentication?

Two-factor authentication, also known as two-step authentication or two-step verification, is one way to protect online accounts.

When you need to log into a website, you enter your normal password – this is the first “factor” used to authenticate your identity.

Then a one-time password is sent to your phone or email, and this OTP is used on the next page to access your account.

Instead of an OTP, your connection might require you to resolve a CAPTCHA or confirm a push notification.

Which websites use two-factor authentication?

Many websites already use two-factor authentication.

You’ve probably come across him on websites that may store your financial information, such as online banking or shopping websites.

If your doctor’s office has a patient portal, your medical information is likely protected by two-factor authentication.

Google will require two-step verification for all users who sign in to Gmail, Google Drive, or other Google services.

A representative told the Wall Street Journal that all Google accounts will be “signed up” for two-factor authentication before the end of 2022.

We pay for your stories!

Do you have a story for the US Sun team?

Source link

]]> 0
How to use custom email domains with iCloud Mail Thu, 04 Nov 2021 11:00:02 +0000

Source: Adam Oram / iMore

In 2021, Apple renamed paid iCloud accounts to iCloud +. While the prices haven’t changed, the new Plus brand accounts have gained new features, including the ability to use a custom email domain with iCloud Mail.

If you want to turn your device into the best iPhone or iPad for business, setting up a custom domain is a great way to create a professional vibe. Plus, setting up through means you can still use Apple’s underlying iCloud Mail infrastructure rather than relying on something like Gmail to do the same.

How to add a custom email domain for iCloud Mail

To set up a custom email domain in iCloud Mail, you first need to make sure that you are an iCloud + subscriber. If you’re paying for iCloud storage or subscribing to the Apple One plan, then you are. You also need to enable Apple ID two-factor authentication and set up a primary iCloud email address. In addition, the domain name you want to use must be yours.

VPN offers: lifetime license for $ 16, monthly plans for $ 1 and more

If you check the boxes above, then you can follow these instructions to add a custom email domain to iCloud Mail.

  1. Open and log in.
  2. Click on Account settings.
  3. Scroll down and click Manage in the Custom Mail Domain section.

    How to add a custom email domain for iCloud Mail: Sign in to, click Account settings, scroll down and click Manage under Custom email domainSource: iMore

  4. Indicate who will use the domain by selecting either Only you Where You and your family.
  5. Enter the domain name and click To continue.

    How to add a custom email domain for iCloud Mail: Select Only you or you and your family will use the domain, enter the domain name, and click Continue.Source: iMore

  6. If you have existing email addresses that use this domain, add them when prompted.
  7. Click on Seen and follow the onscreen instructions to complete your domain setup.

    Icloud Plus Custom Email Domain How To How To Add a Custom Email Domain for iCloud Mail: Enter the existing email address that uses the custom domain if needed, click View, and follow the onscreen instructions to complete your setup. domain with your domain registrarSource: iMore

    Depending on the domain, you may be prompted to sign in to your domain registrar to update your records automatically. Alternatively, you may need to manually update your DNS records.

  8. Choose a default email address to use when sending iCloud mail.

If you want to share the custom domain name with your family members, you must have set up family sharing. Additionally, each member of your family who wants to use the custom domain must also have two-factor authentication enabled and set up a primary iCloud email address.

How to stop using a custom email domain for iCloud Mail

  1. Open and log in.
  2. Click on Account settings.
  3. Scroll down and click Manage in the Custom Mail Domain section.

    How to stop using a custom email domain for iCloud Mail: Sign in to, click Account settings, scroll down and click Manage under Custom email domainSource: iMore

  4. Select the domain you want to stop using.
  5. Scroll down, click Stop using this domain, then follow the on-screen instructions.

We can earn a commission for purchases using our links. Learn more.

Source link

]]> 0
Law firms falter over ransomware attacks Tue, 02 Nov 2021 19:01:02 +0000

Ed. Remark: Today we are pleased to publish the first in a new series of articles, Cybersecurity: Advice from the trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity and digital forensics services.

The good old days of ransomware

Yes, there really was “the good old days of ransomware”. We call it Ransomware Version 1.0. The ransomware “landed” on your network, encrypted your data, and presented a ransom for the decryption key that would decrypt your data. Fairly innocent times compared to version 2.0 of Ransomware, which preceded the pandemic, but then flourished as lawyers flew home to unsecured home networks in March 2020.

The Devil Who is Ransomware Version 2.0

Ransomware gangs have figured out that two ransoms are better than one. So now ransomware attacks steal your data before encrypting your network. If you have truly built a resilient network, you may be able to recover without paying the ransom. On the flip side, there can be so much downtime and lost productivity that you decide to pay anyway, especially if the payment is picked up by your cyber insurance company.

Relatively recently, attacks include finding and destroying all network-connected backups, as well as disabling or ultimately running the very software you are using to detect a ransomware attack.

But even if you don’t pay the first ransom note, most companies get a second ransom note for (you hope but may never know) destroy your data. In the meantime, they may disclose some of your confidential data online on a “ransomware wall of shame” or alert reporters of the breach to trick you into paying the ransom and confirm they are in possession of the data.

A small ray of light and an ominous warning

Cybersecurity firm Coveware announced at the end of the third quarter of this year that the average payment for ransomware remained at $ 140,000, the same as last quarter.
But here’s the disclaimer law firms should note:

Coveware claims that small and medium-sized professional services companies, especially law firms and financial services firms, are most vulnerable to ransomware attacks due to their lack of cybersecurity preparedness, apparently because they think they are too small to target.

This thought has always been wrong, but it is even more so now. Why? Because governments and law enforcement are putting enormous pressure on ransomware gangs. These efforts have intensified since the attack on the colonial pipeline in the spring of 2021.

Coveware says, “We have seen statistical evidence and intelligence showing that ransomware actors are trying to avoid larger targets that may elicit a national political or police response. This shift from “big game hunting” to “middle game hunting” is personified both in the ransom amount statistics but also in the victim size demographics for the quarter.

In other words, ransomware gangs can avoid attacking the AmLaw 100, but not medium-sized companies who still hold very valuable data.

As ransomware gangs move from big game to midsize game, what should a law firm do?

The answer would require much more space than an article can provide. But follow the tips below and you’ll have a good start!

1. Enable 2FA (two-factor authentication) wherever you can. It will stop 99.9% of all credential-based takeover attacks. Microsoft and Google are starting to enforce the use of 2FA for all users. This should tell you something. And while you’re at it, start exploring the Zero Trust Architecture, which completely abandons the outdated notion of protecting the perimeter of a law firm and adopts a mantra of “never trust, always verify”.

2. Get Endpoint Discovery and Response (EDR) protection for all devices on your network. This solution will monitor behavior indicating malware or the existence of an attack.

3. Have multiple backups, test them often, and always have at least one isolated backup so that it cannot be encrypted or destroyed!

4. Apply updates and fixes quickly – if you’re worried they might “break” something, have a third party test them before you apply them (some companies sell this service for a reasonable price).

5. Check or disable network services, especially those that are not needed. Do not use the remote desktop protocol.

6. Limit privileged access and deploy a privileged access management solution.

7. Conduct cybersecurity awareness training for employees at least once a year – twice is better – intermittent reminders of phishing, social engineering, etc. are useful – as well as phishing simulations.

8. One of the best resources available (and written in plain English) is the one-stop-shop CISA website.

9. Purchase a cyber insurance policy, but beware. Costs increase while coverage decreases. Cyber ​​insurance claims take much longer and most law firms are unable to give insurers the cybersecurity guarantees they want.

10. Have (or develop) a comprehensive Incident Response Plan (IRP) to avoid panic and errors if you experience a ransomware attack. Train on the plane – at least use tabletop exercises, adding and subtracting things, that is, the managing partner climbs a mountain and is unreachable, the electronic grid has fallen , your employees publicized the violation on social media – as you might imagine, there is a long list of possible complications. But not having an IRP at all (and most small and medium-sized businesses don’t) is unforgivable and probably unethical given your duty to reasonably protect companies’ confidential data. By all means, make sure that the IRP is stored somewhere (paper or electronic) that the ransomware cannot encrypt and make it inaccessible.

Final words

There is no “fix and forget” when it comes to cybersecurity. We will come back every month with more data and advice….

Sharon D. Nelson ( is a practicing lawyer and President of Sensei Enterprises, Inc. She has served as President of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is the co-author of 18 books published by the ABA.

John W. Simek ( is Vice President of Sensei Enterprises, Inc. He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Renowned Expert in the field of digital forensics. . He and Sharon provide legal technology, cybersecurity and digital forensics services from their firm in Fairfax, Virginia.

Michael C. Maschke ( is the CEO / Director of Cyber ​​Security and Digital Forensics at Sensei Enterprises, Inc. He is an EnCase Certified Examiner, Certified Computer Examiner (CCE # 744), Ethical Hacker Certified and a Certified AccessData Examiner. He is also a Certified Information Systems Security Professional.

Source link

]]> 0