Please check your dot files for passwords and other secrets, do it today! If you find any rotate them and remove it from that file. If you ever checked them into source control like git, upload the new copy too.Sectets belong in a keyring, vault, or password manager not some random file on your disk. If you need them in your shell for one reason or another check out what APIs or CLIs your password manager or OS keyring may provide, with a bit of scripting you will get far #Security #passwordhygiene #Shells #dotfiles

A reminder.

More info: https://www.hivesystems.io/blog/are-your-passwords-in-the-green

#Security #Passwords #PasswordHygiene

Hello Fellow Mastodonians!

The results of the Password Manager Poll are in . . . and here’s a great big “Thank You” to all 25 of you who voted.

The original question was:

If we asked 3,000 random adults in the US, UK and Canada if they use password managers, how many would say . . . “I do”?

☑️​ ​ 36% of you said 2%
☑️​ 48% of you said 7%
☑️​ 16% of you said 18%
☑️​ 0% of you said 32%

The National Cybersecurity Alliance in association with CybSafe issued their latest survey results — “Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report | 2022

“Behavior. It’s the most tumultuous variable in cybersecurity. So, for the second time in two years we went out and asked some real, living, breathing humans about how they behave on the internet or when using tech. We’re pleased to present these findings in our Annual Cybersecurity Attitudes and Behaviors Report 2022 or, as it’s known ‘round here, (best Austin Powers’ impressions at the ready) the “Oh, Behave!” report.”

7% of adults in this survey said they use a password manager application.

So the majority of you Mastodonian poll-takers got it right, hooray! 🥂​

But . . . 6% of adults in this survey said they *save passwords in their browser.*

What do we make of that? Does this mean online adults don’t know that when they save passwords in their browser, they’re using a built-in password manager?

Certainly the major browsers have sophisticated password managers built in.

Is this a messaging opportunity?

Can we somehow reframe the messaging around built-in password managers in a way that would be productive?

You never know what people will say when you ask them a question. A whopping 22% in the “Oh, Behave!” survey said they simply remember their passwords without writing them down, or using any other method for remembering them. Considering the average consumer has 100+ online accounts, that’s a Herculean feat. At the very least, that answer’s gotta raise at least one Spock eyebrow.

The “Oh, Behave!” report is fascinating, since it shows how members of the general public *respond to questions* when asked how they define sensitive online accounts, what sort of access to cybersecurity training they have, how that training has impacted them, whether they’ve been the victims of cybercrime, etc.

It’s always valuable to know what people are thinking.

https://staysafeonline.org/online-safety-privacy-basics/oh-behave/

#Passwords
#Cybersecurity
#StaySafeOnline
#PasswordHygiene

Found myself thinking “I need to rotate this key” after using my apartment key in the lock for the building’s shared basement. #PasswordHygiene

Do you want to play a game?
How long before this chart is worthless. #Cybersecurity #Passwordhygiene

Hello Fellow Mastodonians!

The results of the Password Manager Poll are in . . . and here’s a great big “Thank You” to all 45 of you who voted.

The original question was:

If we asked 3,000 random adults in the US, UK and Canada if they use password managers, how many would say . . . “I do”?

☑️​ ​ 40% of you said 2%
☑️​ 51% of you said 7%
☑️​ 7% of you said 18%
☑️​ 2% of you said 32%

The National Cybersecurity Alliance in association with CybSafe issued their latest survey results — “Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report | 2022

“Behavior. It’s the most tumultuous variable in cybersecurity. So, for the second time in two years we went out and asked some real, living, breathing humans about how they behave on the internet or when using tech. We’re pleased to present these findings in our Annual Cybersecurity Attitudes and Behaviors Report 2022 or, as it’s known ‘round here, (best Austin Powers’ impressions at the ready) the “Oh, Behave!” report.”

7% of adults in this survey said they use a password manager application.

So the majority of you Mastodonian poll-takers got it right, hooray! 🥂​

But . . . 6% of adults in this survey said they *save passwords in their browser.*

What do we make of that? Does this mean online adults don’t know that when they save passwords in their browser, they’re using a built-in password manager?

Certainly the major browsers have sophisticated password managers built in.

Is this a messaging opportunity?

Can we somehow reframe the messaging around built-in password managers in a way that would be productive?

You never know what people will say when you ask them a question. A whopping 22% in the “Oh, Behave!” survey said they simply remember their passwords without writing them down, or using any other method for remembering them. Considering the average consumer has 100+ online accounts, that’s a Herculean feat. At the very least, that answer’s gotta raise at least one Spock eyebrow.

The “Oh, Behave!” report is fascinating, since it shows how members of the general public *respond to questions* when asked how they define sensitive online accounts, what sort of access to cybersecurity training they have, how that training has impacted them, whether they’ve been the victims of cybercrime, etc.

It’s always valuable to know what people are thinking.

https://staysafeonline.org/online-safety-privacy-basics/oh-behave/

#Passwords
#Cybersecurity
#StaySafeOnline
#PasswordHygiene

On A Personal Note:
The move to Mastodon is an awesome opportunity to create something new, something fresh — a community of like-minded individuals with a diversity of opinion (not a contradiction). Would you consider following me here on Mastodon, if you don’t already? I’m committed to nurturing your Home feed with a daily dose of unusual, insightful, and (hopefully) useful information security content — honest conversation without rancor or drama.

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Changing Employee Security Behavior Takes More Than Simple Awareness - Designing a behavioral change program requires an audit of existing security practices and where t... https://threatpost.com/changing-employee-security-behavior-awareness/161607/ #changingsecuritybehavior #employeesecuritybehavior #securityawarenessprogram #corporatecybersecurity #mostrecentthreatlists #securitypractices #vulnerabilities #behavioralaudit #passwordhygiene #mobilesecurity #cloudsecurity #websecurity #isf