practicelaw


Search practiceblawg posts:

Did you know there is more to practicelaw than just forms?  practicelaw is designed to be a repository of resources intended to help your practice.  Similarly, the MSBA’s practiceblawg is a blog for the Association to share with you how the MSBA can help you improve your efficiency and grow your practice.  The MSBA offers members a number of products and services and is always looking for ways to better serve its members and provide greater value.

Got questions, complaints, suggestions, or any thoughts in general?  Let us know: feedback@mnbar.org

Windows 10 potentially offers game-changing security features

by Joe Kaczrowski | Apr 25, 2015

Some updates to the ubiquitous Windows operating system garner more fanfare than others, occasionally to the detriment of the platform itself when the hype far exceeds the reality (remember Windows Me?).  In this case, the latest update offers two features that could dramatically change the way we access and use technology.

The first feature is Windows Hello, a biometric authentication system.  Biometric authentication is the third type of authentication: what you are.  As discussed earlier, two-factor authentication relies on the other two types: what you know and what you have.  Windows Hello will use your face, iris or fingerprint to unlock your devices.  Windows Hello may require special hardware and software, but it will be able to distinguish between you and a picture of you, for example, and in a number of different lighting conditions. With Microsoft Hello, you biometric data is only used locally, and your biometric signature is not transmitted over the network.

Windows Passport similarly seeks to replace passwords with automated application-level authentication.  Through the use of Windows Hello or other authentication options, your identity is authenticated by your device, which then handles your site-level and app-level authentication behind the scenes for you.  Once you have been authenticated with Passport, you can instantly access websites and services that participate in the new system.

Why are these features potential game-changers? Data breaches have compromised millions of passwords in the last few years, and hackers have long been able to crack 'weak' passwords, a relative term that is really based on a number of external factors.

Using outdated network security also can compromise your passwords. Older security standards like WEP have been shown to be vulnerable to attackers. Without getting too lost in the weeds, essentially if someone captures enough traffic from a WEP-protected network they are able to break the encryption. 

So how strong is your password? There are a number of sites out there that can evaluate potential passwords against known attack vectors to give you an idea of its strength. This year's ABA TECHSHOW's 60 Sites in 60 Minutes session identified several, including  How Big is Your Haystack? and Passive Aggressive Passwords (check out the latter if you're in the mood for a bit of humor with your horror).