Skip to content

How to find saved passwords on Mac

One hundred — this is approximately the number of passwords an average user may need to manage across various accounts and platforms these days.

This fact alone explains why most of us don’t even try to remember our passwords but, instead, choose to save and store them on our devices (or web browsers). It’s just so easy and convenient.

But what if, for some reason, we need to retrieve our stored passwords? Is it complicated? Let’s see what the process looks like when using a Mac device.

How to view saved passwords in Mac system settings

To see all the passwords you have stored on your Mac device, follow these steps:

  1. Click on the Apple menu button and select “System settings.”

  2. Find the “Passwords” section on the list of settings and click on it.

  3. Enter your user account password or use Touch ID to verify your identity.

  4. Go through the list of passwords to find the one you’re looking for.

To delete a password, you just need to click on it and select “Delete password.” However, if you want to update your password, click “Edit,” enter the new password, and click “Save.”

How to view saved passwords in Safari

If you want to access the passwords you store in the Safari browser, simply follow these steps:

  1. Open the Safari browser and click on “Preferences.”

  2. Choose the “Passwords” option located in the top tab.

  3. Verify your identity by entering your Mac password or using Touch ID.

  4. Choose a website from the list to show its stored password.

How to view saved passwords in Chrome

As a Chrome user, you have access to your saved passwords by navigating to the Chrome browser settings. Here’s what the process looks like:

  1. Open Google Chrome and click on the three-dot icon in the top right corner.

  2. Go to the “Settings” section and select “Passwords” under “Auto-fill.” Here you will find a complete list of the credentials stored in your Chrome browser.

  3. To access any of your stored passwords, simply click on the eye icon next to the one you want to check.

  4. Enter your password so that Google Chrome can confirm your identity and show you what the password is.

How to view saved passwords in Firefox

As in the case of Safari and Chrome, the process for locating your password in Mozilla Firefox involves a few straightforward steps:

  1. First, open the Firefox browser, click the “Menu” button, and select “Preferences.”

  2. Choose “Privacy & security” from the left panel.

  3. Navigate to “Logins & passwords” and select “Saved logins.”

  4. Click on the “Show passwords” button.

Why storing passwords on a device (and in browsers) is still problematic

Based on what we discussed, we wouldn’t characterize the process of locating your stored password on a Mac device (and in various browsers) as overly complex. Instead, it appears to be somewhat tedious and unnecessarily time-consuming.

Consider this: When you store some of your passwords on one device, some on another, and some in your browser (and probably a few in a notebook), not only do you introduce unnecessary complexity to accessing those passwords, but you also compromise their security. How so? Well, storing sensitive information in multiple locations increases the risk of unauthorized access and potential breaches.

What is the alternative? Using a password manager.

Sync your passwords and passkeys across all devices with NordPass

The optimal method for securely storing all your passwords in one convenient location is using NordPass, an advanced yet easy-to-use password manager that allows you to store, manage, and share passwords, credit card information, and personal data.

With its help, you can quickly autofill passwords and generate new ones as well as organize and categorize your credentials to your liking so that you can always access them easily and securely across all your devices.

Plus, as a modern platform that always keeps up with the times, NordPass facilitates passkey management, making it easy for you to enhance your cybersecurity and privacy.

So if you want to stop searching for guides on how to find your passwords on Mac, just use NordPass.

 

Frequently asked questions

How do you sync passwords between iPhone and Mac?

To sync passwords between your iPhone and Mac, you need to enable iCloud Keychain on both devices by accessing the iCloud settings. You need to confirm that both devices are using the same Apple ID, ensure they are connected to the internet, and keep the software updated. iCloud Keychain will then automatically synchronize your passwords across your devices.

How do you transfer passwords to a new Mac?

To transfer passwords to a new Mac, you need to make sure iCloud Keychain is enabled on the old Mac. Set up the new Mac using the same Apple ID and enable iCloud Keychain during the setup process. Your passwords should automatically sync to the new Mac, making them accessible for you on both devices.

How do you delete saved passwords on Mac?

First, locate the password you want to delete by following the process described above. Then, right-click on the password and select “Delete” from the context menu. Finally, confirm the deletion when prompted.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How to reset your Nintendo password

Picture this: your evening is free, and you’re ready for some gaming to relax and unwind. But you can’t remember your Nintendo password. Just like that, your perfect gaming moment is spoiled. It’s a common frustration many gamers face.

However, there’s no need to worry. Resetting your Nintendo account password is straightforward and quick. In just a few steps, you’ll be back to your gaming world. Let’s dive into how you can regain access to your Nintendo account without any hassle.

Nintendo password reset guide​​

Let’s tackle the situation we’ve just described: you’ve forgotten your Nintendo password. The solution? A password reset. This guide will lead you through each step to creating your new password. Here’s how it’s done.

  1. Go to the Nintendo homepage

  2. In the upper right-hand corner of the screen select “Log in/Sign up.”

  3. Select “Log in.”

  4. In the login screen, click “Forgot your password?”

  5. Now enter your email address and click “Submit.”

  6. You’ll receive a password reset link in your inbox. Click the link.

  7. Before you can create a new password you will need to enter the birthdate or nickname associated with your Nintendo account.

  8. Now enter your new password and confirm it by reentering it once more.

  9. Click “Submit.”

That’s it! You’re all done and once again have access to your Nintendo account.

How to change your Nintendo password

Now, let’s consider a different situation. Perhaps you remember your Nintendo password but want to change it, maybe as a proactive security measure. Here’s how you can change your Nintendo password in just a few steps.

  1. Go to the Nintendo homepage.

  2. In the upper right-hand corner of the screen select “Log in/Sign up.”

  3. Select “Log in.”

  4. Once you’ve accessed your Nintendo account, select “Sign-in and security settings.”

  5. Under the “Password” section, select “Edit.”

  6. You may be prompted to confirm your identity by re-entering your password, re-authenticating with your passkey, and/or by verifying your email address.

  7. Now enter your new password and reenter it to confirm it.

  8. Click “Submit” to finalize the changes.

That’s it, you’re all done!

Set up a passkey for your Nintendo account

Passkeys are a new and more secure way for accessing apps and websites, including your Nintendo account. Moving away from the traditional username and password setup, passkeys enable authentication and access via biometrics like face scans, fingerprints, or screen lock PINs – similar to unlocking a personal device. The advantage of passkeys is in their simplicity: there’s nothing to remember, reducing the risk of forgotten login details.

If you’re interested in using a passkey to secure your Nintendo account, setting it up is simple. Let’s go through the process step-by-step.

  1. Go to the Nintendo homepage.

  2. In the upper right-hand corner of the screen select “Log in/Sign up.”

  3. Select “Log in.”

  4. Once you’ve accessed your Nintendo account, select “Sign-in and security settings.”

  5. Now select “Passkeys” and click “Edit”

  6. You may be prompted to confirm your identity by re-entering your password, or by verifying your email address.

  7. Now select “Register a new passkey.”

  8. When prompted, enter your Nintendo account password and select “OK.”

  9. Select “Register.”

  10. Follow the instructions on the screen to use your device to register the passkey.

  11. That’s it. Now you can start using that passkey when signing in to your Nintendo account.

Enhancing online security with NordPass: Password and passkey management

Every online account, no matter how insignificant it may seem, holds sensitive information. Consider your Nintendo account: it contains personal details like your date of birth, legal name, location, email, and payment information. In the wrong hands, such data could wreak havoc on your personal life. This is where a robust password manager like NordPass becomes invaluable.

NordPass offers advanced features such as password generation, two-factor authentication, and Password Health to ensure the safety and security of your passwords and — by extension — online accounts. More than just a password manager, NordPass allows for the secure storage of passkeys, payment details, personal information, secure notes, and files.

For anyone seeking to streamline password management and level up their online security, NordPass is an essential tool. It not only secures your digital life but also makes it more efficient and manageable.

FAQ

What are the requirements for my Nintendo password?

The Nintendo password requirements are as follows:

  • The password must be 8 to 20 characters long.

  • The password must contain a combination of at least two of the following categories: uppercase or lowercase letters, numbers, and punctuation.

  • The password cannot have the same letter or character more than twice in a row.

Is it necessary to change my Nintendo password regularly?

Opinions vary on the frequency of changing passwords. However, regularly updating your Nintendo password is a good practice to maintain its strength and security and generally can form great security habits.

Can I reset my Nintendo password without access to my email?

If you’ve lost access to the email associated with your Nintendo account, the password reset process becomes more complex. In such cases, you should reach out to Nintendo’s support team for assistance.

What should I do if I receive a suspicious activity alert?

If you receive an alert about suspicious activity in your Nintendo account, immediately change your password and activate additional security measures. Vigilantly monitor your account and report any further suspicious activities directly to Nintendo.

How does two-step verification enhance account security?

Two-step verification, also known as two-factor authentication (2FA), can significantly enhance account security by adding an extra layer of protection beyond the traditional username and password.

This method requires users to provide two different types of information to access their accounts. The first factor is defined by something they know, like a password or PIN, and the second is something they have, such as a smartphone app generating a code or a physical token.

The dual-layer approach makes it much harder for unauthorized individuals to gain access, as compromising two authentication factors is significantly more challenging than just one. Even if a hacker obtains a user’s password, they still need the second factor to break into the account.

Here’s how you can set up two-step verification on your Nintendo account.

  1. Go to the Nintendo homepage.

  2. In the upper right-hand corner of the screen select “Log in/Sign up.”

  3. Select “Log in.”

  4. Once you’ve accessed your Nintendo account, select “Sign-in and security settings.”

  5. Now select “2-Step Verification,” and click “Edit.”

  6. Click “2-Step Verification setup.”

  7. You may be prompted to confirm your identity by re-entering your password, or by verifying your email address.

  8. Install the Google Authenticator app on your smart device.

  9. Use your smartphone app to scan the QR code displayed on your Nintendo account screen.

  10. A 6-digit verification code will appear on your smart device. Enter the verification code and then select Submit.

  11. A list of backup codes will appear. Click Copy to copy all the codes, and save them somewhere safe.

  12. Select “I have saved the backup codes,” then click “OK.”

That’s it, 2-step verification has been successfully set up for your Nintendo account

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Is ChatGPT safe?

For many, artificial intelligence was a somewhat theoretical concept until OpenAI introduced ChatGPT. Released at the end of 2022, it needed only five days to surpass 1 million users. Within a year, over 180 million people around the globe now use this chatbot. For sure, plenty of people registered on openai.com simply out of curiosity. However, the number of ChatGPT daily users for private and work purposes is growing exponentially.

Usually, it’s the OpenAI tool answering our queries, but let’s do things differently today and actually ask ourselves two fundamental questions: “How does ChatGPT work?” and “Is ChatGPT safe to use?”

What is ChatGPT, and how does it work

ChatGPT, short for Chat Generative Pre-trained Transformer, is a chatbot that uses artificial intelligence to mimic human language and conversations. It’s a large language model that pulls data from large datasets. It uses deep-learning algorithms, including neural networks, to process the information and generate almost-human-like text answering users’ queries.

ChatGPT is not the first AI-based tool that made its way into our lives. However, there’s a significant difference between OpenAI’s child and Siri or Google Assistant: ChatGPT learns from us, humans. It may sometimes produce inaccurate or even biased information, but it gets smarter and more reliable with every prompt and piece of user feedback.

Now, let’s dive into the concerns related to ChatGPT security.

ChatGPT security concerns

We can put the safety concerns related to ChatGPT into a few different categories:

  • Data security risks

To talk with ChatGPT, a user must register on the creators’ website, chat.openai.com. The platform requires your name, email address, password, and phone number to create an account, and – if you’re going for the paid version – payment details. All the mentioned data will be available to and stored by OpenAI, possibly putting you at risk in case of a data breach.

OpenAI also collects chat history, which became available for other users during the ChartGPT 9-hour outage in March 2023. Later, OpenAI released a report stating that the bug in the open-source library also allowed unauthorized users to see the beginning of someone else’s conversations, account details, and payment information (including the four last digits of credit card numbers)! The company states: “The full credit card numbers were not exposed at any time,” but the leaked data may have put the chatbot’s users in danger of social engineering or phishing attacks. And there’s no guarantee that similar data breaches won’t happen again.

  • Misuse of ChatGPT

ChatGPT can produce many lines of code at a speed humans can only dream of. No wonder it became an everyday tool for many programmers, hackers included. The chatbot can generate code to create malware or detailed instructions on how to hack a computer, which, combined with dark web forums and programming skills, may be a powerful weapon in the hands of cybercriminals.

As another example of possible misuse, the tool created by OpenAI is also known for creating text in many different styles. If it can mimic an acclaimed writer, and it can easily generate a huge number of perfectly crafted phishing emails.

  • Scam ChatGPT applications

Before releasing an Android app at the end of July 2023, ChatGPT was only available on desktops and iPhones. However, apps masquerading as ChatGPT flooded the internet, spreading malware or making people pay for services OpenAI provides for free.

Since the roll-up of legitimate apps and the removal of scam ones, the risk connected with fake ChatGPT apps has decreased. Still, if you’re asking yourself, “Is ChatGPT safe to download?”, the answer is “Yes, but only from a reliable source.”

  • Spreading misinformation

ChatGPT is trained with vast amounts of data, including books, articles, and websites, and it reflects the opinions shared by the authors. It can generate text containing false or misleading information that may lead to prejudice and bias. In times of “fake news,” it’s vital to cross-check data. ChatGPT is no exception.

ChatGPT security measures

OpenAI seems to take ChatGPT security seriously. The company has implemented several measures to ensure the safety of chatbot users and their private information.

Access control: OpenAI limits access to its models and data to a select group within the organization to prevent data breach or misuse.

Encryption: Communication and data storage related to ChatGPT and other OpenAI models are encrypted to protect against unauthorized interception or access.

Monitoring and logging: OpenAI monitors ChatGPT usage and responds to any unusual or unauthorized activity.

Regular audits and assessments: The creators of ChatGPT conduct regular security audits and assessments to identify and address vulnerabilities, including internal and external reviews, to ensure a comprehensive evaluation.

Collaboration with security researchers: OpenAI also collaborates with the broader security research community, encouraging responsible disclosure of identified vulnerabilities.

User authentication: Users interacting with OpenAI’s most famous creation are required to authenticate their identities.

Compliance with regulations: OpenAI complies with relevant data protection and privacy regulations that ensure appropriate and secure data handling. Details and the company’s policies can be found on trust.openai.com.

Addressing bias: Bias in AI models can emerge from the data they are trained with and can reflect and perpetuate existing societal biases. OpenAI claims to train ChatGPT on diverse data sets that represent a wide range of perspectives and backgrounds. It also develops bias mitigation methods to identify and reduce biases in the chatbot’s answers.

How to use ChatGPT safely

ChatGPT’s security raises many questions and it certainly is not bulletproof. Check out our tips on how to stay protected while using OpenAI’s chatbot.

1. Avoid fake websites and apps

Always interact with ChatGPT via its website chat.openai.com, or its official mobile app. The fake applications may harvest your data, make you pay for functions that are supposed to be free, or even install malware on your device.

2. Secure your account with a strong password

Your account information and chat history are only as safe as your password. It should always contain more than eight characters, including upper- and lowercase characters and symbols. Use the online Password Generator to create complex and random login credentials and check how secure your current password is. Or, choose the easier way to safety: set up and manage login credentials in the NordPass password manager.

3. Don’t share personal information or content

Interactions with ChatGPT are not private. OpenAI can use your chat history for research and model improvement purposes which is why you should never share your personal, confidential, or sensitive information, such as passwords or financial details. Also, be cautious when discussing personal or sensitive topics, especially if they can lead to identifying you.

4. Cross-check the information and be aware of bias

ChatGPT reflects the opinions and biases of the data sets it’s been trained with. That’s why you should always cross-check the information the chatbot serves you with reliable sources and approach them with a healthy dose of skepticism.

5. Report issues

Provide feedback to OpenAI if you encounter any issues, biases, or inappropriate behavior with ChatGPT. To do that, log in to your account and use the “Help” button to start a conversation. If you don’t have an OpenAI account or can’t log in, go to help.openai.com and select the chat bubble icon in the bottom right.

FAQ

What is ChatGPT doing with my data?

OpenAI uses personal information to provide, maintain, improve, and analyze ChatGPT. The company also develops new programs and services based on user data and carries out business transfers. Note: According to its privacy policy, OpenAI may, in some instances, provide user data to third parties without further notice.

Does ChatGPT record data?

Yes, ChatGPT saves and stores user data, including:

  • Usage data (location, the time, and the chatbot version).

  • Log data (user’s IP address, the browser).

  • Device data (user’s type of device and operating system).

  • Content produced during the conversations with the chatbot.

Does ChatGPT sell your data?

OpenAI claims not to sell or share user data for marketing and advertising purposes. However, its privacy policy states that the company may share users’ private information with third-party vendors and service providers, which raises some concerns.

Is ChatGPT confidential?

No, ChatGPT is not confidential. The app logs users’ conversations and other personal data to train its model. OpenAI can also share users’ private information with third parties like vendors or legal authorities. The company claims to put a lot of effort into privacy policies, but there’s already been an incident when users’ data and conversation history were exposed.

Is ChatGPT safe to use at work?

The most considerable risk for enterprises is that people think ChatGPT is a tool to cut mundane tasks, something like a cutting-edge calculator. However, the information employees share with the free OpenAI chatbot can go into the cloud or be logged into its servers and revealed to different users during the conversation.

OpenAI offers an app for business, ChatGPT Enterprise, with dedicated privacy and security features. It doesn’t train on the company’s data, making it more secure for work.

Keep in mind that the business version of the chatbot doesn’t solve issues related to processing unreliable information or bridging the property rights of books, articles, and websites on which ChatGPT is being trained.

Is ChatGPT safe for kids?

ChatGPT is available for users over 13, and it’s unsafe for younger children to use it unsupervised. Despite the safety mitigations OpenAI implemented, there are many examples of the chatbot producing content not suitable for children.

Parents should also be wary of ChatGPT reproducing unreliable or biased information.

Is ChatGPT safe for students?

ChatGPT can be helpful for research but lacks critical thinking and analysis abilities. It can provide false information, so you should always cross-check it with reliable sources.

The OpenAI chatbot is being trained on books and articles whose ownership it doesn’t acknowledge, which can lead to copyright issues, plagiarism, and incorrect source quotations.

Should I use my real name on ChatGPT?

You should avoid sharing any private information while interacting with ChatGPT. Consider using a pseudonym or removing your name from the queries.

Why does ChatGPT need my phone number?

OpenAI needs your phone number for authentication purposes, to ensure you’re a real person, and to secure your account.

Remember, your private information, including the phone number, is unavailable to the chatbot itself. And you should never share this kind of info with it!

Can ChatGPT access any information from my computer?

ChatGPT is a text-based model that processes interactions on its servers. The model generates responses based on the input it receives, but it cannot access files on your device, or retrieve personal data from your computer.

There is some technical data that OpenAI automatically collects, like your log and usage data and device information. To find out more, check the company’s privacy policy.

How do I delete my chat history on ChatGPT?

To delete your chat history:

  1. Sign in to ChatGPT.

  2. Click your account icon on the bottom left corner of your screen (desktop) or in the menu bar (app).

  3. Choose “Settings.”

  4. Select “Data controls.”

  5. Click “Clear chat history” and then “Confirm.”

You can also remove a specific conversation by clicking its entry on the left hand-side and then choosing the trash can icon.

Can you delete your ChatGPT account?

You can submit a request to delete your account through privacy.openai.com or do it yourself.

To delete your ChatGPT account manually:

  1. Sign in to ChatGPT.

  2. Click your account icon on the bottom left corner of your screen (desktop) or in the menu bar (app).

  3. Choose “Settings.”

  4. Go to “Data controls.”

  5. Then, choose “Delete account” and “Confirm.”

Remember that after deleting the account, you won’t be able to create a new one using the same email address.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

11 essential Black Friday shopping tips

Ready for the biggest shopping spree of the year? Got all the best deals in line? That might actually not be the case. Since everyone is looking for a chance to save money during this sales season, cybercriminals are locked and loaded with a diverse range of scams to cash in on the occasion.

If you’re looking out for the worst and most common Black Friday scams, we’ve got a different guide for you. If you’re aiming to be proactive and avoid scams altogether, you’ve come to the right place. Today you’ll learn how to stay safe, sane, and cautious while scouring for the best Black Friday deals.

1. The one letter that all secure sites have

Take a close look at the URL of the site you’re visiting. If it has HTTPS in the URL field and a tiny green padlock next to it, consider yourself safe – the “S” in HTTPS stands for “secure.” However, if you’ve noticed that the URL only contains HTTP, tread carefully.

To avoid visiting malicious sites, you can configure your browser’s security preferences to block potentially dangerous websites or downloads. Most popular browsers like Chrome and Firefox allow users to customize their security preferences according to their needs. You can configure your security preferences in your browser’s settings.

2. Pay with Apple Pay, Google Pay, or a credit card

These payment methods offer stronger consumer protection than can be provided by debit cards, wire transfers, or cash. For instance, Apple Pay employs security features built into the hardware and software of your device to ensure secure transactions. Google Pay and credit card purchases are covered in Section 75 of the Consumer Credit Act, which ensures legal protection if a company or seller you are buying from doesn’t deliver what it promised or goes bankrupt. You can also set up a virtual credit card with a spending limit. Even if your details are breached, the card will decline all transactions beyond the set limit.

Be especially wary of any seller that requests wire transfers. Scammers prefer such transactions because there’s virtually no way to reverse them once they are processed. Being smart and cautious about payment methods means you’ll have more success claiming your money if things go haywire.

3. Use a password manager

If you are going to do most of your bargain-hunting online, prepare to create a lot of accounts and remember dozens of passwords. To make things easier for yourself, you’ll probably reuse the same login details on most online stores, if not all of them. However, this convenience can lure you into the danger of breached login credentials – and if one of your accounts is affected, all of them are.

It’s always recommended to have unique and strong passwords for your accounts. However, that doesn’t mean you have to memorize every single one. To make your life much easier and stress-free, use a password manager which will securely store and remember your passwords for you. NordPass is a password manager that lets you store your passwords as well as your credit card details, making it a perfect fit for online shopping. NordPass comes equipped with a password generator, saving you a headache of coming up with unique passwords each time.

4. Update your software

It can be so tempting to check “Remind me later” each time a new update notification pops up. However, whether you’re shopping online or browsing new sites, you need to keep your guard up.

Make sure your apps are up to date and the latest software is installed on your devices. Scammers always look for weak spots in older software to plant their mischief, but regular updates can help you stay secure, as developers issue bug fixes to eliminate security vulnerabilities.

5. Use a VPN app

Black Friday fever can strike you anywhere. Perhaps you’re walking through a mall, spot an item you really want at one of the shops, and check to see if they have it in your size. They don’t? Not a problem – you can just connect to the mall Wi-Fi and quickly check their stock online. And just like that, you’ve opened up your data to bad actors – turns out that Wi-Fi was as accessible as it was insecure.

Instead of connecting to an insecure network directly, you should use a virtual private network (VPN) first. A VPN is a one-click security cloak. It hides your internet traffic from scammers with state-of-the-art encryption that would take hundreds of years to crack.

6. Be cautious with SMS and email offers

It’s not unusual for companies to send their clients text messages or emails with special offers during Black Friday or any other sale period. Some malicious actors like to take advantage of this and send spoofed messages of their own. Usually these messages contain a phishing link designed to look very similar to a real website. But there’s a catch: if you enter your login credentials or card details into this site, you’re inadvertently handing it over to the hackers.

If you’ve received a suspicious offer via a text message or an email, don’t click any links. Check the online store’s website and social media to see if they’ve announced similar deals. You can also get in touch with customer support to cross-check if the offer is real. If it’s not, delete the message and block the contact.

7. Avoid suspicious pop-ups and redirect links

You’re visiting a seemingly innocuous website. Suddenly your scrolling is interrupted by a pop-up window exclaiming a super exciting deal, valid only for the next ten minutes so hurry up! What do you do – click it or close it?

Aside from being annoying and distracting, pop-ups and redirects can also be dangerous. Clicking them can send you to fake sites or even prompt an unwanted malware download. Once that’s done, scammers are free to do almost anything they please with your device. So close the pop-up and back out of the website. If you accidentally clicked anything, run a system scan for viruses for good measure.

8. Watch out for too-good-to-be-true deals

The hype around Black Friday is huge. Scammers know it and try their best to cash in on the opportunity. All too often, the internet gets flooded with impossibly good deals. A brand new smartphone for just $25, no strings attached? A pair of designer sneakers or a shirt from this year’s fall/winter collection for $10? Sounds great, but remember — anything that seems too good to be true probably is.

Be careful not to let your guard down. Ridiculously low prices are a typical bait that scammers use to lure you into their trap. Generally, Black Friday deals fall within the 20-30% off range. Some websites offer price trackers to let you see how the price of the item has changed leading up to Black Friday. Can’t find any prior data for that one shop with cosmic deals? Then it was probably arranged solely to trick unassuming shoppers and rob them of their money and data.

9. Click the site’s trust badges

With so many copycat websites around, how can you be sure you’re buying from a legitimate source? Keep an eye on what trust badges the page has. Trust badges confirm that a security authority has verified the website. VeriSign, Better Business Bureau (BBB), and PayPal-Verified are some of the most easily recognizable ones. You will normally find trust badges at the bottom of most websites.

However, the badges being on the page aren’t proof alone of legitimacy. Trust badges are just images, and scammers can copy and paste them onto their fake websites. If a site is really certified, clicking on the badge should take you to the site of the issuer (for example, to verisign.com). If you’re having doubts, hover over the badge to see if it’s interactive and check what URL it links to. If the link clearly leads to the trust verification provider, you’re safe to proceed.

10. Do your research

Keeping yourself safe during the shopping craze requires some research from your end as well. After all, new scams pop up each year, and you have to be ready for anything. So do your due diligence – research news portals, forums, and Reddit boards to see what new scam tactics are popular.

Always double-check the websites you’re visiting for reviews and negative experiences. Perhaps the site is very new and conveniently only seems to be available during the Black Friday-Cyber Monday season – it could be someone trying to copy a pop-up store model online, but it’s more likely to be a scam. Make sure the URLs of the stores you’re visiting are accurate. Even if you don’t catch every great deal, it’s better to be safe than sorry.

11. Limit sharing personal information

Last but not least, be mindful of what information about yourself you’re sharing online and who might have access to it. When it comes to online shopping, the stakes are high – you need to provide your name, address, and card details.

Be mindful when you create new accounts – don’t reveal more information than necessary. If possible, select an alternative delivery method, like a parcel locker. Always check the data storage and retention policies – is the store compliant, how is your information stored and for how long? Put your privacy first and shop securely.

Conclusion

In the rush of finding a bargain, safety may be the last thing on your mind, but please do stay extra vigilant. These precautions take just a few seconds, but it will take you days to reclaim your money. Worse still, you might have your details spread all over the dark web for years to come. But there’s no need to stress this Black Friday shopping season – you’re all set to notice attempts to scam you and you’ll dodge them with ease.

Before you start your hunt for the best discounts, make sure you’re armed with the right security tools – NordPass is here to make your shopping experience smoother and safer. NordPass generates strong passwords for each new store you sign up for, auto-fills your address and card details once you get to the checkout screen, and ensures your login credentials are kept secure in your encrypted vault.

In the spirit of the season, we’re bringing you some great Black Friday deals. Planning to hit up brick-and-mortar stores first and save online shopping for later? No worries – we’ve got you covered with special offers for Cyber Monday as well. And for now – happy shopping and stay safe!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Black Friday and Cyber Monday scams: How to detect and avoid them

For some, Black Friday and Cyber Monday are the perfect time to check the boxes on their Christmas shopping list. For others – an opportunity to use the shopping frenzy against you and steal your data. Today, we’re learning more about the most common Black Friday and Cyber Monday online scams, how to identify them, and what to do if you fall victim to them.

Common Black Friday and Cyber Monday scams

Over the years, scammers have developed numerous strategies to trick people out of their money and sensitive data. Here’s what you should look out for:

1. Websites requiring you to download an app

Imagine you’re about to make an online purchase on a website with a killer deal. Suddenly, it turns out that the only way to grab this exclusive offer is by making a purchase through the app.

It’s true that some online shops might offer exclusive deals for mobile app users. However, you need to be cautious here. If you are shopping on a website you’re unfamiliar with and the company asks you to download its app to complete the transaction – it’s time to run. You’re most likely being tricked into downloading a fraudulent app designed to steal your payment information.

2. Spoofed websites

Spoofed websites are websites that are designed to look exactly like well-known, legitimate pages. However, what lies beneath them is a system created to steal your passwords, card details, and other personal information.

The good news is that with a few tips and tricks, it’s pretty easy to catch them:

  • Check the URL. Trustworthy websites will always use HTTPS in their URLs, where the “S” stands for “secure.” Most browsers will also have a padlock icon indicating that the website is approved and trustworthy. If you see only HTTP or a broken padlock, the site isn’t safe, and you should avoid supplying your sensitive data.

  • Look out for bad grammar. Glaring spelling mistakes usually mean that the website shouldn’t be trusted. Legitimate websites have dedicated teams who put a lot of time and effort into polishing their content.

  • Check the “Contact Us” page. A registered company will typically provide its place of business and contact details. If the only way to get in touch regarding refunds or delivery problems is via email, you should probably steer clear of such a website.

  • Do your research. Look up online reviews about the company across a variety of sources – but take them with a pinch of salt. If they’re all new, written in the same tone, or sound too good to be true, they might be falsified – and that’s reason enough to become suspicious.

3. A delivery issue with your purchase

Beware of follow-up emails and text messages you receive after you’ve made online purchases. These days, scammers send notifications pretending to be from UPS, FedEx, or even online stores such as Amazon or Shein, claiming that they can’t deliver your parcel for one reason or another.

A fake delivery message might read something like this:

“We’re sorry, but your package couldn’t be shipped. Please click the link to rearrange delivery or update your method of payment.”

Like spoofed websites, scam delivery messages also often contain bad grammar, so keep your eye on that. Don’t click any unfamiliar links. If you’re having goods shipped from abroad, be wary of messages telling you to pay extra customs fees. Pause for a moment and check the delivery status on the website where you placed your order. Also, check whether custom fees were included in the delivery price.

4. Free Black Friday gift cards

Another common scam involves a notification that you won a gift card from a big retailer like Walmart. All you need to do to claim it is text back a random code or click a URL.

In reality, this is how scammers can collect your details and infect your device with malware. The scam might then be sent to all of the contacts in your address book. Simply avoid clicking any suspicious links and don’t interact with the notifications.

5. Phishing scams

In a phishing attack, the victim receives an email or a text message with bait, like a deal that is too tempting to pass up on or information you have to act upon immediately. The purpose of such bait is to lure you into a spoofed website and for you to provide your sensitive data, like your login credentials or payment details.

If you take the phisher’s bait and accidentally reveal your password, the scammers can use this stolen personal information to create fake online profiles, take out loans, ruin your credit score, or even steal your identity.

6. “Money-saving” browser extensions

What’s something people love as much as a good deal? Convenience. Combine the two and you’ll get browser extensions built to find the best deals on numerous e-commerce sites. However, extensions can also be used for more nefarious purposes, like gathering all your browser data.

Before you install a new extension in your browser, do some digging. Check if the developer is reliable – do they have any other extensions, what are the ratings, what do the reviews say? If anything seems suspicious, it’s best not to install the extension. Many browsers and extension catalogs will let you report such extensions as performing illegal activities or actively harming your device.

What to do if you were scammed

If you’ve been scammed, don’t panic. It’s not too late to protect your accounts and money. Here’s what you can do:

  • Check your bank statement. If nothing has happened yet but you think that your details might have been stolen, regularly check your bank statements for any suspicious purchases, no matter how small. Then move to the next step.

  • Notify your bank. Get in touch with your bank immediately if you have seen a suspicious charge or paid for a good or service and realize it’s a scam. Your bank will be able to tell you whether the suspicious transaction was fraudulent (or whether you just forgot about it) and in some cases can stop or revert the transaction.

  • Freeze your card. While you are in contact with your bank, request for your card to be frozen. Some top-up card providers make this solution easy; you can freeze your card in-app. That way, even if someone has acquired your card details, they won’t be able to use it.

  • Notify the seller. It’s a common scamming practice to use well-known brands to lure people into traps. If this happens to you, contact the official seller and inform its customer service that someone is using the brand’s name. The brand can make an official statement, inform its customers directly, and take further security precautions to prevent other people from falling prey.

  • Learn more about cybersecurity. Once all the steps above are completed, all that is left to do is make sure that you don’t fall prey again. The best way to do so is to learn how to recognize and avoid such scams.

Eight easy ways to avoid a scam

Even when you know how to spot a scam, accidents can happen. So to mitigate the risks further, here are some proactive steps you can take to keep your money and data safe:

1. Try alternative payments

Avoid using bank details that are directly tied to your lifelong savings or your wage. Use alternatives such as:

  • Apple Pay or Google Pay. These methods use a combination of biometrics and other digital safeguards, such as 2FA or TOTP, to secure your details.

  • Credit cards offer consumer protection in case you need to claim your money back.

  • Virtual cards can be issued for a one-time purchase or purely for online shopping with a spending limit imposed to prevent scammers from draining your funds.

If you use alternative payment methods and your data ends up in the wrong hands, the damage will be minimal. These payment methods usually don’t create access to huge amounts of money and can be frozen fairly quickly, meaning that your savings will be unaffected.

2. Protect your data with a VPN

If you’re shopping on public Wi-Fi, it’s advisable to do so with a VPN. You never know who’s “reading” the online traffic, and it’s really easy for bad actors to do so over an unprotected Wi-Fi connection. A VPN encrypts and hides the data you transmit over the internet, so cybercriminals can’t steal a thing. NordVPN can help you reinforce your security on all your devices with Meshnet and Double VPN.

3. Create complex passwords

Setting passwords for a number of online shops can seem arduous and often leads to people using the same easy-to-remember passwords everywhere. However, if the passwords are easy for you to remember, they are often just as easy to crack. And since e-commerce sites have access to your name, address, and payment details, they’re a goldmine for hackers.

Make sure you use strong passwords that contain at least 12 characters and include numbers, upper- and lowercase letters, spaces, and special characters, such as .,! @ # ? ];. Don’t worry – you don’t need to do it all on your own. The NordPass Password Generator can help you create complex passwords in a matter of seconds.

4. Keep track of your spending

Keep a close eye on your online accounts and credit card reports, and make sure you see no inconsistencies following the big shopping season. Be on the lookout for suspicious purchases, especially minor ones, because scammers tend to start small before going all in. If you spot any suspicious activity, inform your bank or credit card provider immediately.

5. Choose apps with caution

Inspect the name, description, and icon of an app you are about to download. Fraudulent apps can’t use the same name as the real app they want to disguise themselves as, so they’ll replace o’s with 0’s or change the name very slightly – for example, they can replace SwiftKey with SwiftKeyboard or WhatsApp with Update WhatsApp.

If you see the same icon in the app store more than once, be alarmed. A fraudulent app cares little for copyright laws, and not all app stores vet the catalog thoroughly. Unfortunately, it’s up to you to choose a verified app. Take a look at the developer and the number of downloads – if the numbers seem suspiciously low, steer clear of the app.

6. Stay rational

Most scams are designed to use your emotions against you. Read carefully through the sudden notification or email you’ve received. Is it trying to instill a sense of urgency, greed, or fear? These are indications that the deal or the message you’ve just received is trying to trick you into handing over your sensitive details ASAP.

Refrain from clicking on links, downloading files, or entering personal details. If you’re told that your delivery is suspended, contact the seller or the delivery company directly to confirm its status. Check the social media accounts of the stores and see whether the promotion is public and active. If everything aligns, perfect – take advantage of the deal. If not, it’s better to stay away from it.

7. Check for new scams

Scammers are a creative bunch. As such, the average person may find it difficult to keep track of all the new scams that emerge every season. One way to keep up to date is to simply use Google search.

Try running a search with these keywords:

  • Company name + scam (“Amazon scam”)
  • Product name + scam (“new iPhone scam”)
  • New method + scam (“delivery SMS scam”)

You can also check forums or recent discussions on Reddit to see if anyone’s had experiences with recent scamming attempts.

8. Use a password manager

Password managers are tools that store your complex passwords, help you generate new ones, and protect them from intruders. Additionally, they can also make your online shopping experience a breeze.

Password managers like NordPass can store your payment and delivery details, which you can then fill automatically anytime you shop online. You don’t need to cancel the purchase just because you can’t find your wallet – just log in to your NordPass account, and Autofill will do the rest.

Frequently asked questions

What are some of the red flags to watch out for?

  • Suspicious URLs and website design. Never open URLs that you don’t know and check if the domain is legitimate. Furthermore, while it’s possible the site you’re visiting has rebranded, if anything is giving off uncanny valley vibes – say, the fonts, color schemes, or the layout – it’s probably better to double-check.
  • Too good to be true offers. Always check with the official retailer’s site and social media to see the deals they’re running. If there’s no mention of the offer you received, it might be a scam attempt.
  • Unsolicited emails and messages. If you’re not subscribed to the store’s newsletter, you probably shouldn’t be receiving emails from them. Check for suspicious sender email addresses and don’t click on any links.
  • Poor grammar and spelling. Delivering quality is key to maintaining a good brand image, so online stores don’t want their sites to be riddled with typos.
  • Pressure tactics. Some online shops offer limited-time deals and include countdowns in their promotional emails. However, if you’re being coerced into buying something or dealing with your order delivery immediately, you’re probably being pressured into revealing your personal details.

Is it safe to click on ads promoting Black Friday and Cyber Monday deals?

Sometimes, but not always. If you see an ad on social media from a verified account and the information corresponds with the deals on the official website, you can go ahead and shop away. However, if the URLs seem suspicious and the domains are slightly different from the official website, it’s best not to click them.

Are mobile shopping apps safe to use during Black Friday and Cyber Monday?

If you download a shopping app from the official retailer, it’s perfectly fine to use it. However, be cautious with random downloads on the app store. Always cross-check the developer to see if it’s really the official app and check the reviews on the app store and elsewhere on the internet.

Keep a cool head this season

Who doesn’t love a good bargain, especially during the busiest shopping season of the year? It can be easy to be swept away by the maelstrom of discounts and deals. Now you’re fully equipped to identify and avoid the most common Black Friday and Cyber Monday scams.

So, shop until you drop – just remember to always double-check the merchant and what they are offering. Keep a cool head before pressing the “buy” button because, as the old adage goes, if it is too good to be true, it probably is.

If you’re looking for ways to stay safe this Black Friday and Cyber Monday, consider the NordPass password manager. NordPass uses encryption to protect your login credentials, credit card details, home address, and more. Create new secure passwords for all your favorite shopping platforms and keep them safely encrypted with NordPass. Enjoy all the best deals of the shopping season – without compromising your security.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

What is a data leak

“Data leak jeopardizes more than 150 million users.” “Hacker leaks 33 million usernames and passwords.” Sound familiar? As security technology advances and becomes more sophisticated, companies struggle to keep up with the latest requirements. Hardly a day goes by without news about a new data leak or a breach. Let’s find out how they differ and how to prevent your company’s data from leaking.

First, what is data leakage? In short, it’s a security incident where private information becomes available to unauthorized parties. People may steal, accidentally transfer, or willingly give it away. Leaked data can be digital (electronic files) or physical (documents, letters, pictures, devices). However, data leaks are not the same thing as data breaches.

Data breach vs. data leak: What’s the difference?

While you might sometimes see these terms used interchangeably, conflating them isn’t wholly accurate. Both carry the same consequence – unauthorized data exposure. The difference lies in the cause.

Data leaks typically happen due to poor security measures or someone’s accidental actions. In most cases, cyber leaks aren’t meant to be malicious, and human error is at fault. Security researchers from vpnMentor have been exploring open databases for years. One of their most significant findings was in 2020 – they discovered that the Key Ring app had used a misconfigured Amazon S3 bucket to store 44 million records, including people’s IDs, insurance information, driver’s licenses, and credit cards. Even if no malicious actors noticed it before them and the company took care to close the database, it still counts as a data leak.

On the other hand, data breaches are deliberate. A data breach occurs when a cybercriminal attacks a company or a database and manages to obtain secret and sensitive information. Common tactics used during data breaches include DDoS attacks, malware, and social engineering that can break the company’s defenses. The outcomes of data breaches and leaks are similar, but leaks lack the malicious intent of breaches.

Types of data leaks

If you want to spot data leaks quickly, you need to recognize the different incidents and strategies that may be causing them.

  • Human error

    An unintentional leak can be caused by something as trivial as sending a confidential email to the wrong address. Leaving a database with your customers’ data publicly accessible or losing a device with access to the information are also considered accidental data leaks. However, the consequences depend on who got the email or found the loophole allowing them to access the database. Some might delete it while others might get sneaky ideas.

  • Scams and system breaches

    Sometimes, people look for vulnerabilities in your security, like out-of-data software or system bugs, to prove that they exist. They will not attack you openly. Instead, they look for loopholes to access information that’s not supposed to be accessible from the outside. Others might employ social engineering tactics to create the perfect environment for a data leak.

  • Intentional data leak

    Although data leaks often aren’t malicious, they may still be deliberately instigated. A situation can result from an employee who accesses the company’s secrets or users’ records to resell for financial gain. It might also be a whistleblower who has moral objections to what they witness in their company and uses the leaked information for exposition. Either way, they know what they are doing and usually try to remain anonymous as they work from the inside.

What type of data is at risk?

Data leaks are a disaster for the victims and a golden opportunity for cybercrooks, who usually look for impacted sensitive information to make a sizable profit. They go after identifiable information such as names, addresses, social security numbers, and credit card details. Such data can then be used for identity theft and money laundering. Stolen login credentials are often packaged into password leak databases and sold on the dark web.

When bad actors look to hurt a specific business, the information they go after might expand beyond personally identifiable data. For instance, they may target sensitive company information like internal communications or strategic plans. Trade secrets and intellectual property, such as proprietary code and software, can also be on the radar.

Today, data is paramount. With the increasing frequency of cyberattacks, businesses have to take serious steps to ensure the ironclad security of their data.

How is the leaked data used?

Once hackers have their hands on leaked or stolen data, they can exploit it for their goals. Here are a few ways exposed data can be used for nefarious purposes.

Social engineering

Leaked data often includes identifiable information like names, passwords, and email addresses. Hackers can use that information in social engineering attacks. Phishing is an attack during which hackers send out fake emails that impersonate a reputable source to get the potential victim to download a malicious attachment or click on a dangerous link. Without password leaks, hackers would be less successful in targeting and carrying out their attacks.

Doxing

Doxing, or doxxing, is the act of exposing identifiable information, such as a person’s name, home address, and phone number, with malicious intent. After acquiring leaked data, hackers usually have more information than they need to dox a person. Doxing is often targeted against a specific person or group of people and has historically been used in harassment campaigns.

Slowdown or disruption of business operations

A data leak can have a tremendously negative impact on the affected organization. According to the National Cyber Security Alliance, an astounding 60% of companies go out of business within six months after falling victim to a data leak.

Real-world examples of data leaks and breaches

Data leaks and breaches are more common than ever, and experts believe that the frequency of such cyber incidents will only rise in the future. Here are a few major incidents that had companies around the world on their toes – some carrying graver consequences than others:

  • ChatGPT

    In March 2023, a bug was discovered in OpenAI’s chatbot ChatGPT, leading to the leak of customer data, including their names, chat titles, and limited credit card details. The team emphasized that full credit card numbers were not exposed, and the leaked data was limited to the last four digits of the credit card numbers, as well as the expiration dates. The platform was temporarily taken offline to fix the bug.

  • Credit Suisse

    In February 2022, a whistleblower initiated a data leak to expose a number of high-profile criminals who were employing the services of the Swiss bank Credit Suisse. The scope of the leak affected over 18,000 accounts. The exposed data was shared with the German newspaper Süddeutsche Zeitung, which published an exposé on the Swiss banking system.

  • Twitch

    In October 2021, the live-streaming platform Twitch revealed it had experienced a massive data breach. The breach exposed over 100 GB of sensitive data, including the streamers’ names, addresses, email addresses, and earnings.

  • Facebook

    On April 3, 2021, a security expert discovered a massive data leak that affected 533 million Facebook users. Overall, the leak produced 2,837,793,637 data points. On average, hackers exposed at least five types of data per user, including phone numbers, full names, dates of birth, Facebook IDs, email addresses, and user bios.

  • Experian

    In February 2021, reports came out about the most significant data breach in Brazil’s history, which exposed the sensitive information of more than 200 million people and 40 million companies. The culprit was suspected to be Serasa Experian, a company providing information and data services. The exposed data included personally identifiable information like dates of birth, full names, addresses, headshots, credit scores, income, and other financial data.

How to prevent data leaks and breaches

To minimize the risk of a data leak, you must establish security practices and procedures in your company. Remember that you can’t always control every single thing security-wise. You can never know if or when you might become a target. However, taking a few preventive measures will give you peace of mind.

  • Control your data

    You should always keep backups of your data – that said, don’t store unnecessary copies. Keeping your sensitive information in one secure database instead of multiple terminals will reduce the chances of it leaking. Knowing and controlling who has access to what information is also essential. Employees should only be allowed to access the data they need for their work. This way, you can avoid accidents and intentional leaks.

  • Place restrictions on your employees’ emails

    You can set up Google Drive to notify your employees whenever they attempt to share the company’s files with an outside party. Also, set up spam and phishing filters to cut the risk of successful social engineering attacks.

  • Train your employees

    A basic understanding of potential cybersecurity risks is essential for everyone in your company, especially those handling sensitive data. Receptionists and head analysts alike should be aware of social engineering attacks, malware types, and internal security requirements. If they know and understand how much damage a data leak would do to the company, they will act more carefully.

  • Establish strong security measures in your company

    Use firewalls to protect your network and restrict specific traffic. Ensure you’re safe from malware, like ransomware, spyware, or keyloggers. Use a VPN with robust encryption to ensure secure connections, especially if your employees often travel or work from home. Ensure they use strong passwords and enable two-factor authentication for their most sensitive accounts. Encourage using a password generator to create complex passwords, storing them safely in an encrypted vault and updating them frequently to avoid password leaks.

  • Prepare for the worst

    No one wants to go through the worst-case scenario, but accidents can happen. Therefore, it’s a good idea to set up a response and damage control plan in case of a data leak. If you suffer a cyberattack, every minute is precious, and being able to act fast could save you a lot of money – and customers’ trust – in the long run.

  • Establish proper cloud storage security

    Ensuring the security of data stored in the cloud is imperative. Without appropriate security measures, sensitive information can be exposed and stolen. Take your time configuring your cloud storage following the best security practices, and if necessary, adopt additional tools to protect your cloud storage.

  • Evaluate and monitor third-party risks

    Even if you can ensure complete security within your organization, remember that your data can be exposed via third parties such as your partners and vendors. Supply chain attacks are on the rise, and businesses need to evaluate their partnerships with third parties security-wise to minimize the risk of falling victim to data leaks.

Data leak prevention practices

First, find out what kind of data was leaked. Account names, email addresses, and passwords often end up in data leaks. If your account was affected, change the password as soon as possible. If you use the same password anywhere else, you must change it over there, too. If you don’t, you will be susceptible to a credential-stuffing attack, and all your online accounts will be at risk. If your credit card or banking details were affected, contact your bank immediately and block your cards.

If your business experiences a data leak, swift action is vital. Make sure to contain the leak as soon as you discover it. Immediately start a detailed probe into what exactly happened and why. Inform your customer base about the leak. Disclose all the relevant information: the date and type of the leak, as well as the affected systems and users. Finally, upgrade your organization’s security infrastructure to lower the risk of future cyber incidents.

Bottom line

Data leaks are an ever-growing threat in the digital landscape, and staying ahead is as important as ever. If you’re concerned about the safety of your professional and personal data, you can start taking steps to protect it. The first order of business is setting up your business password manager.

NordPass is a password manager that offers encrypted storage for all your sensitive data, whether that’s your login credentials, address, credit card details, or ID information. In addition to your secure vault, you’ll also access features that help reinforce your data safety, like Password Health, which checks whether your passwords are weak or reused, and the Data Breach Monitor, which alerts you if you’re affected by a password data leak. Stay one step ahead of data leaks and start patching the holes in the ship before your information seeps into the wrong hands.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Password spraying – a fun name for a not-so-fun security threat

In spoof comedies and children’s films, it’s a common trope that the password the protagonist must enter to open a safe or unlock top-secret data is, literally, the word “password.” We often laugh at this joke, not realizing it reflects reality with uncanny accuracy.

As revealed in our “Top 200 Most Common Passwords” study, “password” is — for real — the most popular password across all countries and industries. “123456” ranks as the runner-up, followed by the obviously more secure “123456789.”

Cybercriminals are well aware that millions of people use the same weak passwords for “protecting” their personal and business accounts — and they take advantage of this vulnerability. One of the ways they do it is through password spraying.

What is password spraying?

In basic terms, password spraying is a type of brute force attack in which a cybercriminal picks a few frequently used weak passwords and tries them across multiple accounts within the same domain to gain unauthorized access.

Therefore, password spraying is not a cyberattack targeted at one specific individual. It’s a hit-and-try type of breach attempt based on the statistical probability that among the accounts associated with a given domain, some may be protected with the most common weak passwords.

How does password spraying work?

Here’s an example: An attacker takes a few popular passwords, such as “password123” and “guest,” and then systematically tests them across, let’s say, 500 email accounts associated with the “example.com” domain.

So, rather than repeatedly attempting to compromise a single account (which could lead either to account lockout or detection), the attacker tries these common passwords across hundreds of email accounts at the same time which allows them to remain under the radar and increases their chances of hitting the jackpot.

As you can imagine, if the attacker manages to get just one credential right, they can gain unauthorized access to sensitive data or use the account for more malicious actions.

Of course, it’s possible for the attacker to compromise numerous accounts in a single password spraying attack. The outcome, whether they achieve their goal or not, depends on the password policies and cybersecurity practices adopted by the targeted organization.

Password spraying vs brute force

As we have already mentioned, password spraying is a type of brute-force attack. However, there are several differences between what we generally call a brute force attack and password spraying.

In a brute force attack, the cybercriminal tries every possible combination of characters and symbols until they find the correct password. This method is exhaustive and can take a very long time, especially if the password is complex or lengthy.

Password spraying is less resource-intensive and can be much faster than brute force. This is because it focuses on using a limited number of common passwords rather than testing every conceivable permutation of numbers and letters.

So, a password spraying attack is a bit like a cybercriminal having a few master keys that work on lots of doors, whereas brute force is like them trying out every key in existence to open each one individually.

Password spraying vs credential stuffing

Password spraying and credential stuffing are both techniques that cyberattackers employ to gain unauthorized access to accounts and systems, but they differ in their approach.

Credential stuffing is a more aggressive method in which attackers utilize previously stolen or leaked username and password combinations, taking advantage of users’ tendencies to reuse credentials across multiple platforms. So, while password spraying is based on the premise of weak passwords being in use, credential stuffing relies on reusing compromised credentials across different online accounts belonging to a particular individual.

Password spraying vs dictionary attack

Just like credential stuffing, a dictionary attack shares similarities with password spraying in how cybercriminals utilize the two techniques to gain unauthorized access to accounts. The difference between them lies in the content that the cybercriminal tests as potential passwords.

As we have already discussed, in the case of password spraying, the attacker uses common weak passwords to break into an account, application, system, or network. In the case of a dictionary attack, however, a cybercriminal tries their luck by testing, one by one, each of the words that appear in a dictionary. Why? Because, unfortunately, some people use common words as their passwords. No unique symbols, no numbers — just plain words.

Although dictionary attacks typically have a low success rate, especially when targeted at systems with multi-word passwords, they still pose a significant threat to account security and should not be underestimated.

How to detect a password spraying attack

Regardless of whether you do it for your own security or for the entire company, detecting a password spraying attack usually requires some effort. When it’s about making sure your own accounts are safe, using the right tools can often do the trick. However, for businesses, it’s also about closely watching and understanding patterns of user behavior. Let us explain a bit more.

As a single user, you can use solutions such as a data breach scanner to check whether any of your passwords or email addresses have been stolen or made available on the dark web. Some of the platforms currently available on the market already have built-in real-time data breach monitoring systems that can keep you informed whether your data has been leaked as a result of password spraying or another cyberattack. For your personal safety, this should be enough to detect a threat.

However, if you run a company with many employees, you need to equip yourself with dedicated IT tools such as Intrusion Detection Systems (IDS) that will allow you to, for example, identify unusual login attempts and password change requests, check the rate of failed login attempts for a particular account, and quickly verify the reputation of every IP address.

What you may also need to do is set up additional security measures like rate limiting (restricting the number of login requests a user can perform within a defined time period) and account lockout (temporarily suspending access to a user account after a specified number of failed login attempts). That should help you quickly respond to any suspicious activity.

How to prevent password spraying attacks

If you want to stop someone from getting into your accounts by trying a bunch of common passwords, here’s what you should do:

  • First of all, get rid of weak passwords. The password spraying technique only works if your passwords happen to be common, easy-to-guess ones. So, do yourself a favor and make your passwords strong and unique so that nobody can easily figure them out.

  • Update your software regularly. Make sure you always install all security patches and updates to strengthen your digital defenses against potential vulnerabilities.

  • Get a password manager. Never store your passwords in a .txt file on your desktop or written down in your notebook. Get yourself a good password manager so that you can store and manage passwords in an encrypted virtual space to which only you have access.

  • Use a password generator. Coming up with strong and unique passwords for all your accounts can be quite a challenge, not to mention trying to remember them all. The good news is you don’t have to do it at all. You can simply use a reliable password generator, and it’ll create strong, top-notch passwords for you.

  • Start using passkeys. Passkeys are a new type of digital credentials that are considered much safer than passwords. Not only do they allow you to log in to websites and online services without entering a password, but they are also virtually impossible to intercept.

If your goal is to protect your business against password spraying attacks, you should consider implementing the following strategies as well:

  • Invest in password management. First, it’s important to realize that cybersecurity comes at a cost, but that doesn’t mean it has to break the bank. Nowadays, there are cost-effective options available from reliable companies that can help safeguard your company’s resources without draining your budget.

  • Enforce a strong password policy. Define and enforce rules that will get your employees to use complex passwords featuring a combination of uppercase and lowercase letters, numbers, and special characters to improve password security.

  • Educate your employees. Help the members of your company understand the importance of practicing strong password habits and spotting potential phishing threats to lower the risk of security vulnerabilities.

  • Introduce multi-factor authentication (MFA). Boost your company’s cybersecurity by requiring users to provide a second form of authentication alongside their passwords, adding an extra layer of protection.

  • Implement IP whitelisting and blacklisting. Protect your company’s network by allowing access only to trusted IP addresses while also keeping out the known malicious ones.

  • Enroll a passwordless authentication solution. Enhance your organization’s cybersecurity by implementing advanced authentication methods like biometrics or secure tokens, which eliminate the reliance on easily compromised passwords, while simultaneously providing a streamlined user experience.

How NordPass can help with password spraying

NordPass is an advanced yet very intuitive tool that you can introduce in your company as effective protection against different cyberattacks, including password spraying. How so?

First of all, NordPass allows users to securely generate, store, manage, and share passwords, passkeys, credit card details, and personal information. This means that anyone in your company can utilize it to keep all business credentials in one secure place protected by the most advanced data encryption algorithms.

Using our password generation feature, your employees can also quickly create strong, unique passwords that are not even remotely close to the common weak ones.

The safe sharing feature, on the other hand, allows you to avoid situations in which employees send business passwords to each other by email or instant messenger — which are, as you can imagine, very unsafe methods for sharing sensitive information.

Of course, with NordPass you can also enable multi-factor authentication in your organization, and easily build and enforce a strong password policy that all employees will have to comply with.

NordPass is capable of so much more than we can describe in just one blog post. So, if you want to learn about its features and the security measures used to protect companies from cyberattacks, please visit our website.

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How to manage passkeys on Android devices

Android users, here’s some great news! With the release of Android 14, Google’s support for third-party passkey storage and management solutions means NordPass can now offer a simplified and secure way to manage passkeys on Android devices.

Looking to make your online experiences smoother and safer? Let’s explore how NordPass can bring ease and added security to your digital life with the straightforward integration of passkeys in our everyday online interactions. If you’re an iOS user, learn more about passkeys on Apple devices here.

Passkeys explained

Think of passkeys as the VIP passes of the digital world — exclusive, secure, and efficient. Much like a VIP pass provides you with smooth and swift access to an event without going through the regular queues, passkeys facilitate seamless and secure entry to apps and websites, bypassing the traditional password process.

Here’s how it works: Passkeys employ a pair of cryptographic keys — a public key stored on the app or website’s server, and a private key on your device. When you attempt to log in, the server sends a request to your device, which responds with the private key. Once the keys are matched, you’re granted access, similar to having your VIP pass checked before entering an event. For a deep-dive on passkeys and all the ins and outs of the technology, check out our post on the topic here.

Passkey enhances user experience by eliminating the need to remember and type out passwords and improves security because the private key is securely stored on the user’s device and is never transmitted, reducing the risk of unauthorized access.

How to enable passkeys on Android devices

Enabling passkeys on your Android device is a simple process, designed to be user-friendly and quick. It’s like setting up a new app — a few taps here and there, and you’re all done. Let’s walk through the steps to unlock this feature and enhance the security and convenience of your online interactions on Android devices.

Android 14 (for authentication in apps):

  1. Download and install NordPass on your Android device.

  2. Go to “Settings.”

  3. Find and open “General management.”

  4. Find and open “Passwords and accounts.”

  5. Find and select “NordPass.”

  6. Under the “Passwords, passkeys, and data services” section, set “NordPass” as the only option.

Android 14 (for authentication in websites) ONLY Chrome:

  1. Open Chrome browser.

  2. Enter “chrome://flags” in the address bar.

  3. Enter “Android Credential Management for passkeys” in the search bar.

  4. Find the “Android Credential Management for passkeys” flag and select “Enabled” next to it.

How to manage passkeys on Android devices using NordPass

Managing passkeys on Android devices with the help of NordPass is easy and intuitive. Just like on iOS, NordPass allows Android users to save, use, and manage their passkeys efficiently, ensuring quick and secure access to various apps and websites. Let’s delve into how you can optimize your online experiences.

Saving a passkey in NordPass:

  • Navigate through websites or apps as usual.

  • Pay attention to sites or apps offering passwordless login options.

  • When presented with an option to use a passkey or integrate one into an account, choose it.

  • A NordPass prompt will appear, guiding you to save the passkey.

  • Follow the provided steps to ensure it’s securely stored.

Logging in with a stored passkey:

  • Access the website or app where you’ve saved the passkey.

  • Select the passwordless login feature.

  • NordPass will prompt you to use the stored passkey.

  • Follow the on-screen instructions to authenticate and access your account seamlessly.

Managing passkeys in NordPass. The basics:

View the passkey creation date: NordPass allows you to see when a particular passkey was created, adding an extra layer of transparency.

Share passkeys safely: Quickly and securely share your passkeys with trusted individuals without compromising security, whether for business or personal use.

Add secure notes: NordPass provides the option to add secure notes alongside your passkeys, useful for adding extra information or reminders related to a particular service or account.

NordPass and passkey management

The rise of passkeys marks a significant development, promising enhanced security and user convenience in online interactions. At NordPass, we’re committed to facilitating this transition, offering users a user-friendly way to integrate passkeys on their Android devices for a more secure and streamlined digital experience.

The adoption of passkeys represents a step forward in technology, offering a preview of a future where online interactions are more intuitive and secure. With NordPass, accessing this future is uncomplicated, allowing users to explore the possibilities of a more secure and efficient online world. The transformation is in progress, with passkeys leading the way to a harmonious blend of security and convenience in our online lives.

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Forgot your HBO Max password? Follow our password reset guide

Nothing is more frustrating than forgetting your HBO Max password, especially if you plan to spend the upcoming days binge-watching Game of Thrones or Succession. Don’t worry! Our guide will take you through the HBO Max password reset procedure straight to the land of secure, safely stored, and always-at-hand login credentials.

How to reset your HBO Max password

Note that the first step of resetting your password varies depending on the device you’re using.

Here’s what to do to reset your password:

  1. Open the HBO Max app on your mobile device, tap the Profile icon, and then sign in to your account. If you’re using your computer, go to HBOMax.com and click “Sign in“ the upper right corner.

  2. Choose “Forgot password?“

  3. Enter the email address associated with your account and tap (or click) “Submit.“

  4. Check your inbox. You should get the “Reset Your HBO Max Password” email from HBO Max within a few minutes.

  5. Open the email and choose “Reset password.“

  6. Enter a new password and tap (or click) “Save password.“

Done! Enjoy your show.

How to change your HBO Max password, email address, or user name

You can change your password and other account information like name or email address in the profile settings. To do that, you must use an adult profile.

Here’s how to change your account details:

The first steps of the process depend on the device you’re using.

Phone or tablet: Open the HBO Max app, tap your Profile, and then go to “Settings.“ If you’re not signed in, do it.

Computer: Go to HBOMax.com and sign in to your account. Once you’re in, choose “Profile“ (upper right) and then “Settings.“

Smart TV: Account info can’t be changed on the TV. You’ll have to do it on your mobile device or computer.

  1. Choose “Account.“

  2. Go to the information you want to change and select the “Edit“ icon.

  3. To be sure you’re the genuine owner of the account, HBO Max will send you an email with the verification code.

  4. Open the “Here’s Your One-Time Code” email to find your 6-character code.

  5. Return to HBO Max, enter the verification code, and click (or tap) “Continue.“

  6. Change your account details and choose “Save.“

  7. If you enter a new email, you’ll receive a message with a verification request. Open the email and choose “Verify email.“

  8. The “You’re All Set“ page means your changes have been successfully saved.

HBO Max password requirements and tips for securing your account

People tend to disregard safety measures when it comes to streaming platforms. An unauthorized party accessing your account can do more harm than watch some movies on your behalf. Hacking your HBO Max password gives cybercrooks access to all the details attached to your account and opens the gate to further misuse of your private data.

Follow these tips to keep your account safe:

  • Ensure your HBO Max password is unique to the platform and that you haven’t already used it on different websites and apps.

  • Use at least 10 characters. HBO Max recommends not repeating more than 4 characters in a row, but we encourage you not to repeat characters at all! The longer and more complex your password is, the more secure your account. The easiest way to create genuinely safe passwords is to use a reliable password generator.

  • Change your passwords regularly. Yes, it’s annoying, but it can save you a lot of trouble.

  • If you share account info, do so safely with Password Sharer or an easy-to-use password manager.

  • Routinely review the list of devices using your account and delete the ones you don’t use or own anymore.

  • Make sure your email address is correct. One of the most common issues with resetting HBO Max passwords is caused by mistyped or inactive email addresses.

  • Remember, HBO Max never asks for your account password or payment details. If you receive such an email, it’s a phishing scam.

FAQ

Why is the HBO Max password reset not working?

If your HBO Max password reset attempt is not working, you most likely didn’t receive the password reset email, or the email got lost in the process. Here’s what to do:

  • Check your inbox for emails from HBO Max. It should be titled: “Reset your HBO Max password”. Be sure to search your “spam” and “promotions” folders.

  • Try another email address if you use more than one. Follow the instructions from the beginning of this article to do that.

If I change my HBO Max password, will it log everyone out?

Changing the HBO Max password doesn’t automatically log all users out. However, if other users log themselves out or you force their devices to log out, they will need a new password to re-access the HBO Max account.

Can you put a password on HBO Max profiles?

If you want your adult profile to stay private, you can secure it with a 4-digit Profile PIN. Once you set up the PIN, an icon of a closed lock will appear at the bottom of your profile picture.

Another way of securing the HBO Max profile is setting up parental control over Kids profile. Once turned on, the Kid-Proof Exit feature requires a 4-digit parent code to switch profiles.

How can I reset my HBO Max password if I’ve forgotten my email address?

Resetting your HBO Max account if you’ve forgotten your email address requires contacting the platform’s Help Center. You can do it either via email or, more quickly and conveniently, via chat.

How can I contact HBO Max support for password-related problems?

To contact the HBO Max Help Center, visit the website: help.hbomax.com/se-en/ContactUs. There are two ways of contact available – via email or chat.

Safely store your passwords in NordPass

Can you forget your HBO Max password and never have to reset it again at the same time? Yes! Store it securely in the NordPass password manager, and enjoy accessing your favorite shows effortlessly.

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Get to know Account Switching — a handy feature

Switching between different accounts in NordPass could be quick and smooth. And it’s all thanks to Switch Account, a feature that guarantees an effortless experience navigating across different accounts in NordPass.

Switch Account is available on NordPass across all platforms

The Switch Account feature is designed to make the process of navigating across different NordPass accounts convenient and quick. With its help, NordPass users don’t need to log out from one of their accounts just so they can log in to another one. The feature makes the entire process quick and smooth without compromising anything from a security point of view.

Switch Account comes especially in handy in situations when users have multiple NordPass accounts. For instance, if you have both a personal and a business NordPass account, switching between the two will be a breeze.

With the introduction of Switch Account, users will also be able to choose which account’s encrypted vault is where they want to autosave new credentials, credit cards, or personal information.

How does Switch Account work?

Switch Account is available on NordPass across all platforms. It allows users to switch between accounts via the Menu tab and on the Master Password screen. Here’s a quick overview of how you can switch between different NordPass accounts on different platforms smoothly and quickly:

Mobile

  • Open NordPass.

  • In the Menu screen, click the Profile icon.

  • Select Switch Account.

  • Choose your preferred account

If you’re not logged in to any of your accounts on the NordPass app, you can click your email address on the login screen and select the preferred account.

Desktop

  • Open the NordPass app.

  • Click the Profile icon at the top left side of the screen.

  • Select Switch Account.

  • Select the preferred account from the Switch Account section.

Please note that you can add up to five accounts to switch between. It is also important to note that you can remove any of the added accounts at any time in the Switch Account section by clicking the three dots next to the email address. Finally, you can choose to have your accounts locked or unlocked. Locked accounts will require your Master Password to log in when switching between them while unlocked ones will not.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.