Top
About This Blog

This blog is a place to read more about Mitto, our free online password manager, and how to more effectively use our service.  We highlight many of our benefits, and we also discuss topics related to password management. It is usually updated weekly.

Follow Us Elsewhere
Syndication
Search

Categories

Entries in Security (12)

Thursday
Oct012009

Mitto Endorses Security Awareness Month Through Strong Password Protection

DateThursday, October 1, 2009 at 10:37AM

October is National Cyber Security Awareness Month (NCSAM) and Mitto is proud to work with the National Cyber Security Alliance to endorse and educate our users on the shared responsibility of cyber security. Most directly, we continue to educate our users about password security, and offer them tools such as two-factor authentication (through their cell phones) to help add extra layers of protection to their sensitive information.

“National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.” - National Cyber Security Alliance

At Mitto, we build many layers security into our service, but we also recognize that educating people about security is important for everyone. The more you know about cyber security and how to protect yourself, the better off everyone is. As such, we offer security tips through our blog posts and Twitter messages. We want you to use Mitto because it’s a safe and secure way to remember your passwords, but we also want you to know why password security is important, and what behaviors are security risks.


Cyber Security is a 365 day a year priority at Mitto, and it should be for you too. If you haven’t yet changed some of your bad password habits, we challenge you to take the first steps this month. You can find some additional security tips at http://staysafeonline.org. Let us know what steps you take to do your part by leaving a comment below.

 

AuthorMitto Staff | Comments Off |
in ,
Tuesday
Feb032009

How Mitto Protects Users Against Phishing and Identity Theft

DateTuesday, February 3, 2009 at 3:18AM

Phishing and Identity Theft (which we’ll define here as the illegal and malicious use of another individual’s identity) are growing problems for online users. Mitto helps to protect you against both.

Phishing

Phishing is a problem when you click on a link, most often through your email, to go to a website that asks you to provide personal information. Although you think you are at the site you intended to go through, the site is actually a fraudulent site made to look like the one you intended to go to. To combat phishing, we always encourage Internet users to do two things:

  • Don’t click links in your email. Always type in the full URL of the website that you intend to go to. So whenever you log into Mitto, you should always type the full URL yourself, https://app.mitto.com. On your own computer, you can make this a bookmark for convenience.
  • Verify your URL. Before you login or provide any other personal information, always make sure that the address bar in your browser indicates that you are at the site you intended to go to.
Protection #1: Restricted Links Via Email

As a company, Mitto has a strict policy that states that we will never send a user an email that contains a URL to a page that asks them for personal information. Any emails from Mitto will provide URLS to informational pages only.

Protection #2: By using autologins instead of following links, you can avoid becoming a victim of phishing

When you use Mitto to log in to your other password protected sites, you know you are being directed to the sites you want to log in to. Never follow links in email that take you to pages that ask for sensitive data or login information. Whenever you need to log in to any of your password protected sites, use Mitto for added protection against Phishing.

Protection #3 Email Security Phrase

When you create a new Mitto account, you set up an email security phrase. This can be anything you want, but should not be a password hint. When Miitto sends automated system emails to you, this security phrase will be included in the body of the email. If the email does not contain this phrase, you should disregard the email as a phishing attempt. The email security phrase can be changed by you at any time through your account settings, and is an important tool used to help you to avoid phishing and fraud.

Identity Theft

As Identity Theft becomes more of a problem, online users should be taking proactive steps to prevent this kind of fraud and using measures to help early detection of unauthorized use of your online credentials. Mitto helps to be proactive in both of these areas.

Protection #1: Mitto Encourages Different Strong Passwords

You’ve probably heard that having different passwords for different sites is recommended. Using the same password for all or most of your online logins is a bad password habit. Firstly, if someone gains access to that password, now all of a sudden they can potentially access all other accounts with that password. These days not all sites encrypt your password like Mitto does, and quite often they store them in clear text. If you’ve ever had your password emailed to you when you sign up for a new service, it probably means they are not encrypting your passwords, and anyone who as access to their system can see your password. In this scenario, if you used the same password for everything, your other online credentials are at risk. To read more about why using the same password is a bad idea, see our article about 4 Common and Dangerous Password Habits.

By encouraging the use of different passwords for different sites (and providing you a manageable way to keep track of them), Mitto helps you to isolate security breaches of one site from affecting your others. We even provide a password generator and strength meter to help you select strong passwords for all of your sites. By using different passwords, if one of your services is compromised, your others are still safe.

Protection #2: Early Detection

Part of the problem with Identity Theft is that you don’t know about it until significant damage has been caused. With our Last Login Feature and Login History, you can check to see if there may have been any irregular login activity with your account. The history will attempt to show you where and when you logged in from last (time, date, IP address, and country/metropolitan area), what browser you were using, and what operating system that computer was using. By viewing your history, you are alerted to potential unauthorized access so that you can take necessary corrective action.

AuthorMitto Staff | CommentPost a Comment |
in ,
Page 1 2 3