Usernames and Passwords

It’s the New Year so let’s make things a little easier for us all this year and take some time out to talk a little about Usernames and Passwords…


How many people know your email address or your mobile phone number?

If you use your email address or your mobile phone number as a username to log into software or any other applications then all those people already know half of your credentials!

Just think about it, you use your email address or mobile phone number to log onto PayPal (used as an example in the extreme only and the same could be said for any other similar organisations), one of our Clients told us that there personal email account was not that important therefore the password for that account didn’t need to be as secure as we were telling them.

We ran the following scenario to them:-

Someone manages to access your personal email account and changes your password, by doing so they then block your own access to your own email account.

They then try log onto PayPal (using your email address) and use the ‘forgotten password’ link, in doing so they get a new password by email to the email account you no longer have access to and they do… They then have access to your PayPal account using the new password send to your email account and thereafter empty your bank account, all done in less than 10 minutes… Whilst you were sleeping…

Our Client went almost white and ran off to make a few changes…

Indeed this example has been taking to its extreme and it could be argued that PayPal also ask for other security information before resetting a password, like – Your Mothers Maiden Name, how many times have you used that? Indeed it gets frightening but please take the advice, if you do use your email address or mobile phone number as a Username for anything then an awful lot of people already know half of your log on credentials so make sure that your email account has a very secure password, your mobile phone network operator has a very secure password required to authorise changes to your mobile phone account and that the password used with your email address/mobile phone number as a username to access the software application itself is also extremely secure.

With regard to your mobile phone network password a recent well publicised article detailed an unfortunate situation where a user had used his mobile phone number for two factor authentication (via text message) to access his online email account. A hacker had his mobile phone number diverted to another number via the network operator and hey presto the text including the important two factor authentication digits were received on the diverted number and the users account was hacked.

Therefore if you use generally well-known information (your email address or mobile phone number) as a username to access any software or applications be very careful that the associated log in password and the password to access the content sent to the well-known information is very secure.

We always go on and on about passwords to our Clients, they are the weakest point you will have in any software installation, quite unbelievably we have seen people with administrator rights on both corporate networks and different website software packages using passwords like ‘Password1’ or ‘Letmein’ or even standard software passwords of ‘admin’! Whilst we do as much to help after the event it is very frustrating to see when all the efforts are made to make a network or piece of software as secure as possible and the weakest point, the password is not secure! Enough said…

Therefore always use a very secure password for your database(s) , for all users that you afford access to your software and for applications you use yourself. Always use a password that’s random and one that cannot be guessed, we suggest a minimum of 20 different characters. To generate a random password we suggest using the Strong Password Generator website.  Click on the ‘Show Options’ make the length of the requested password 20 and tick the options currently available of include punctuation, avoid punctuation used in programming and avoid similar characters – Generate the password and save it somewhere very secure.

Finally, never, ever use the same password across different databases, logins and applications!

Saving Passwords

There are many secure password storage places, search on Google for ‘Password Vault’, do plenty of research before you decide which one to use as moving to another in the future will take up a lot of your time. We do strongly suggest using one of these many options available as these will save your passwords and if you upgrade to a paid version will make these available to you on your hand held devices and other PC’s that you use. Of course only choose one that is secure itself as well, once you have made your choice search the web for feedback on the platform you propose to use before you start using it and tell it all your usernames and passwords!

One of our favourite ones available at present is ‘Last Pass’ which you can read more about on their website here.

The last pass offering includes the ability to generate secure passwords for you, it will also afford to you a security report of your passwords being used and furthermore, using the paid version, you can almost automatically change passwords at many sites on a regular basis.

Two Step Authentication
If this is available to you from the software installation always use it, however, remember if you lose your phone then you could have serious issues, there is nearly always another way to get into the software but it won’t be easy and that’s by design!

We recommend using the Google Authenticator App, search for it on Google, it’s generally easy to set up and is becoming supported more and more by many software developers and across many different platforms.

Yes we agree it might be a pain to enter a very random username and thereafter a very long secure and random password (see saving passwords above as this solves that issue almost), you therefore only ever then need to get out our hand held device and enter the 6 digit authenticator code generated by it and you are into the software.

Just think of the heartache and pain if you had not secured the site and there was a lot of work post hacking to be done or even worse someone has emptied your bank account while you were sleeping! So heed the advice, use very strong passwords and, if it is available to you, back this up with Two Factor Authentication.

We hope you have found this small article of interest.

Who’s in the Office?

WHOS-IN PROHere is a little one that may help…

A while ago we were approached by one of our Clients who had an office full of staff, they had recently upgraded all their network hardware and software to the latest Windows Servers and the Client Machines to the latest versions of Windows.

They had a previous “Whiteboard” application that provided real time information to all office staff as to who was In or Out of the Office at any time. This application had been written for them many years ago and was not able to run on their new infrastructure, we were therefore tasked with sourcing a suitable solution for them that would allow users, when they logged into their workstation to show as in the office, allow them to place ‘Out of Office’ notes so that all staff could see who was in the office, for those not in, where they were and when they were expected back in the office. What is more support staff were required to be able to change user’s statuses for occasions when they called in sick or their planned timetable changed.

WHOS-IN PRO OptionsWe carried out extensive research on behalf of our Client, many offerings we found meant that the data was kept off site on the servers of the software supplier and hence involved regular monthly ongoing subscription costs and of course with these offerings they would only work if an internet connection was available all the time, for those reasons these options were immediately discounted.

We narrowed our recommendation down to one piece of software that ‘ticked all the boxes and more’, what’s more we could run a five user version free of charge, with free support forever and, if the system worked as well as advertised then we could request a timed trial for as many users as we wanted.

The software did take up quite a fair amount of research time to find it as the developers website was not easy to come by, however, we did find it and after extensive research we downloaded the free trial and installed it within our own network and to this day we continue to enjoy the use the free five user version.

WHOS-IN PRO Message AlertWe requested a multiuser timed trial, installed the software on our Client’s infrastructure and all their users’ workstations via a group policy silent installation, user manuals were downloaded from the developer’s website and after a period of testing our Client reported back to us that the software was ideal for their intended use.

The costs represented superb value for money at AUS$11.00 per user (as of today just under £7.00 per user) as a one off licence fee which included maintenance upgrades for the subsequent year and any further upgrades at half price thereafter which included a further years maintenance/upgrades. Support for the software was free forever, even for the five user free version.

Even better news was to come when we discovered that our Client could take advantage of a 50% upgrade discount as they had been using another similar product in the past and this could be proven with screenshots of the old system they used.

The software could not only work on a Local Area Network (LAN), but also across the Wide Area Network (WAN) allowing remote offices to report the status of the staff throughout the organisation to each other in real time.

In a nut shell the features of this software are as follows:-

WHOS-IN Pro In Out Board

WHOS-IN PRO Status AlertWHOS-IN Pro is an easy to use Windows in/out board and employee/staff tracking system that provides all you need to keep track of who’s in and who’s out of the office. With WHOS-IN Pro there is no more time wasted checking a wall-mounted Office Board to see if someone is In, Out, at Lunch, or on Leave… all the information you need is presented on screen, in an easy to read format.

The software includes a presence sensing feature which reports if the users screen is in use or locked to all staff members in real time (they may have gone to visit the small room or one of the many coffee runs)…

It allows the organisation to add new status messages apart from the usual ‘In/Out/Leave/Sick’ etc. and allows users to leave messages on their status as to where they are, when they are expected back or any other appropriate message that will assist their colleagues.

The software has been developed over a period in excess of 15 years of user suggestions and to put it quite simply ‘it just works’.

As you will gather from this brief write up, if you are looking for such a software application we would without hesitation recommend the use of this WHOS-IN Pro software, we are not affiliated with the developers of this software.

You can read more about the WHOS-IN Pro In Out Board at the developers website by clicking here.

If you decide to take a look at this software and require any further information or assistance from us with any installation then give us a shout via our online contact form.