You’ve most likely have seen and checked the box for “Save My Password”, “Remember My Login Credentials”, or something similar. Many of us still do it because hey, why not save ourselves a few keystrokes? Fact is these saved logins could be compromised during data breaches and we would never know until a public article is released or you receive an email notification that looks just like a phishing scam, but is actually legit and you end up not changing your password anyway. Wouldn’t it be great if our browsers, apps, or services notified us of compromised credentials as soon as it hits the dark web or earlier than a public article or email notification?

Firefox Lockwise does just that in it’s latest release, Firefox 70. Their independent service Firefox Monitor service will scan saved login credentials stored in Firefox Lockwise password manager and warns users of exposed credentials in data breaches listed through their partnership Have I Been Pwned. The downside is that the feature only works for credentials saved prior to being exposed in data breaches. Firefox users will be notified of exposed credentials via an alert in Firefox Lockwise that reads “Passwords were leaked or stolen…”

This is a great feature and all browsers, apps, or services that allow the saving of credentials should have some accountability in the services that they provide. Let’s say you are a trusted entity for example. If I write down my password on a piece of paper and entrust it to you to hold onto, I trust that you will keep it safe by taking the proper measures to protect it from prying eyes, being stolen, or shared with those whom I did not authorize to see. If somehow my password was exposed, yes shame on me for entrusting it to you, but like we entrust our money to our banks, you were made accountable for keeping that password safe and I should be notified in a timely manner if it was exposed in any way. In this case, the trusted entities are the numerous websites and businesses that store our credentials, Firefox is just a password keeper that takes the accountability of the trusted entities into their own hands by providing a great service to their valued users.

Accountability must be taken by any person, business, or service when it comes to holding something of value and keeping it safe. Recall my last post where I phrased “Convenience is the enemy and users are the weakest link.” Convenience doesn’t have to be the enemy, but how it is practiced and utilized today, it is. If we can somehow make convenience our friend and take accountability, users can become stronger links. Mozilla Firefox has the right idea. Create a password manager that people will use conveniently because it will make them better users by notifying and enforcing them to reset their passwords when their credentials have been exposed.

Source:
Bleeping Computer – Firefox to warn when saved logins are found in data breaches

I recently experienced a tragic loss that has led me to wonder why this question and topic is so undervalued. Cybersecurity today is growing, yes, but it is still undervalued, misunderstood, and misconfigured. But why do people and businesses undervalue it? What makes it so confusing that it is misunderstood? Why are the things we use every day misconfigured and leaving us vulnerable? The answer is of my own opinion and experiences. Something must be done to raise Cybersecurity Awareness to a higher level.

“Convenience is the enemy and the user is the weakest link”

I’m coining this phrase as my new moto and some of you may have already heard a similar one before. I encourage you to share this phrase with everyone you know. Why? I learned recently to never assume that someone already knows. They probably might already know, but they probably don’t. Information is good, not bad, not useless, however information can be undervalued if it’s not presented correctly. Much like Cybersecurity today, it is being misrepresented to the public as something you need to protect your business from financial loss and more or less, your digital identity. Cybersecurity risks are far greater than just protecting a business’s assets, devices, or digital identity. It is also about protecting the end user from falling victim to cyber threats. It is undervalued because it is misunderstood.

For example, cybersecurity awareness programs today promote an understanding of what harm threat actors, phishing, and malware can do to your device or the integrity of your digital identity, but what about your real identity or your life? What if we started raising cybersecurity awareness to protect lives and not devices or company assets? Don’t get me wrong, all those are important too, but if you had to choose between a bag of money or saving your life, what would you choose? It’s misunderstood because we don’t make it personal and until you lose something or someone one, you won’t understand it.

Misconfiguration. Don’t forget that social media and other websites out there are not paying you for your privacy. They are getting paid to collect public and private data on you and their websites, servers, computers, payment systems, and services are configured to do just that. In some cases, their own technology is not configured to secure that data they collect off of you and allowing threat actors to pry into your life, social engineer you, and scam you of your financial assets and most importantly, your life or the lives of others. Right, you’re smarter than that, but what about your brother, sister, mom, dad, aunt, uncle, grandma, and grandpa or any of your loved ones? It only takes one to make it personal.

Even if they already know, tell them anyway. Much like “I love you”, tell them every day and remind them anyway. I share my experience to make an impact hoping that you don’t undervalue Cybersecurity next time. If you do, research and ask so you can better understand it. If you’re going to continue using social media, configure your devices and your social media settings on the web and mobile devices to make your information private, disable location sharing/tracking, and block invites from strangers. “Convenience is the enemy and the user is the weakest link”, remember this phrase and think before you click.