Passkeys

Passkeys are a passwordless authentication method designed to enhance security and convenience. Instead of relying on traditional passwords, passkeys use cryptographic key pairs—one stored on your device and the other on the service you’re logging into. This means you can sign in using biometric authentication (like Face ID or fingerprint recognition) or a PIN, making it resistant to phishing attacks and credential theft.

Why Passkeys Are Secure

– No passwords to steal: Since passkeys don’t require typing a password, they can’t be leaked in data breaches.
– Phishing-resistant: They only work on the intended website or app, preventing attackers from tricking users into entering credentials on fake sites.
– Stored securely: The private key remains on your device, ensuring it’s not exposed to hackers.

Where You Can Use Passkeys

Many major platforms, including Google, Microsoft, Apple, and PayPal, now support passkeys. They work across devices and browsers, making them a seamless alternative to passwords.
Passkeys are built on FIDO authentication standards, meaning they provide a secure, phishing-resistant way to sign in without passwords. Here’s a deeper dive into how they work:

How Passkeys Work

– Registration: When you create a passkey, your device generates a cryptographic key pair—a private key stored securely on your device and a public key shared with the service.
– Authentication: When you log in, the server sends a cryptographic challenge to your device.
– Verification: Your device signs the challenge using the private key and sends it back, proving your identity without exposing sensitive data.

Phishing (pronounced “fishing”) is a type of cyberattack designed to steal your money or personal identity. It does so by tricking you into sharing sensitive information, such as credit card details, banking credentials, or passwords, on websites disguised as legitimate ones. Cybercriminals often pose as trusted companies, friends, or acquaintances in deceptive messages that include links to these fraudulent sites.

Phishing remains a prevalent form of cybercrime due to its high success rate. Cybercriminals often exploit emails, text messages, and direct messages on platforms like social media or video games to deceive individuals into sharing their personal information. The most effective protection against phishing is staying informed and recognizing the warning signs.

Here are a few ways to recognize a phishing email:

Urgent requests or threats – Stay cautious of emails and Teams messages that insist you must click a link, make a call, or open an attachment right away. These often claim immediate action is required to secure a reward or avoid a penalty. Phishing attacks and scams frequently use this tactic to create a false sense of urgency, preventing you from taking the time to think critically or seek advice from someone you trust who might spot the deception.

First-time or infrequent senders, or senders flagged as [External] – Receiving an email or Teams message from someone for the first time, particularly if they are outside your organization, is not uncommon. However, it may indicate a phishing attempt. Take your time and proceed with caution in such situations. When you receive a message from an unfamiliar sender, or one that Outlook or Teams labels as a new contact, carefully scrutinize it using some of the guidelines provided below.

Spelling and grammatical errors – Reputable companies and organizations typically have dedicated editorial teams to ensure their communications are polished and professional. If an email contains noticeable spelling or grammar mistakes, it could be a scam. These errors might stem from poor translations from another language or, in some cases, may be intentional to bypass filters designed to block such attacks

Generic greetings – Organizations that genuinely work with you will typically know your name, and personalizing emails is now quite straightforward. If an email begins with a generic salutation like “Dear sir or madam,” it could be a red flag, indicating it might not actually be from your bank or favorite shopping site.

Mismatched email domains – If an email claims to be from a trusted company, such as Microsoft or your bank, but it originates from a different domain—like Gmail.com or microsoftsupport.ru—it is likely a scam. Pay close attention to slight misspellings in the domain name as well. For example, “micros0ft.com” replaces the second “o” with a zero, or “rnicrosoft.com” swaps the “m” for an “r” and “n.” These subtle alterations are common tactics used by scammers.

Outlook displays a banner stating it could not verify the sender – This warning appears when Outlook detects something unusual in the email headers. It could be that the email failed authentication checks based on widely accepted internet standards, or the “From” field may contain information that deviates from industry norms to disguise the true sender and deceive the email server. Regardless of the specific issue, it’s essential to approach the email content with caution.

Suspicious links or unexpected attachments – If you suspect an email or Teams message might be a scam, avoid clicking on any links or opening any attachments. Instead, hover your mouse over the link (without clicking) to view the actual web address that appears. Check whether this address matches the one displayed in the message. For instance, hovering over a link might reveal the real web address, which could be a string of numbers that doesn’t resemble the company’s legitimate website. This is a common tactic used in phishing scams.

Windows 10 will reach its end of support on October 14, 2025. After this date, Microsoft will no longer provide technical support, feature updates, or security updates for Windows 1013. Your PC will still function, but it will be more vulnerable to security risks and won’t receive any new features or improvements.

To stay secure and benefit from the latest features, Microsoft recommends upgrading to Windows 11 if your PC meets the minimum requirements1. If your current PC isn’t compatible with Windows 11, you might consider purchasing a new device that supports it.

Here are the minimum system requirements for installing Windows 11 on a PC12:

Processor: 1 gigahertz (GHz) or faster with at least 2 cores on a compatible 64-bit processor or System on a Chip (SoC).
RAM: 4 gigabytes (GB) or more.
Storage: 64 GB or larger storage device.
System Firmware: UEFI, Secure Boot capable.
TPM: Trusted Platform Module (TPM) version 2.0.
Graphics Card: Compatible with DirectX 12 or later with WDDM 2.0 driver.
Display: High definition (720p) display that is greater than 9” diagonally, with 8 bits per colour channel.

If you’re unsure whether your PC meets these requirements, you can use the PC Health Check app to assess compatibility.

Using the PC Health Check app is straightforward. Here are the steps to check if your PC meets the requirements for Windows 11:

Download the PC Health Check app:

Visit the Microsoft website to download the app.

Install the app:

Open the downloaded file and follow the on-screen instructions to install the app.

Run the app:

Open the PC Health Check app from your Start menu or search for it using the taskbar search.

Check compatibility:

Click the “Check now” button within the app. It will analyse your system and let you know if your PC meets the Windows 11 requirements1.
The app will provide detailed information on why your device is or isn’t eligible and offer suggestions if your PC doesn’t meet the requirements.

Just as you regularly service your car, it’s important to consistently review and update your IT environment to keep it secure.

What is Cyber Hygiene? Cyber hygiene involves maintaining your devices and information to ensure they are clean and safe. Just like washing your hands prevents germs, good cyber habits protect against digital threats like viruses and hackers.

Why is Cyber Hygiene Important? Online criminals are always developing new ways to steal your information or damage your devices. Practicing good cyber hygiene safeguards your privacy and ensures your devices function properly.

How Can You Improve Your Passwords?

Use Long and Complex Passphrases: Longer passwords are harder to guess. Try using a sentence like, “I love eating pizza every Friday!”

Mix it Up: Incorporate different characters, including numbers, symbols, and both uppercase and lowercase letters. For example, “I<3EatingPizza0nFridays!” is even more secure.

Don’t Reuse Passwords: Avoid using the same password for multiple accounts. Use a password manager to remember unique passwords, so if one is compromised, your other accounts remain safe.

Update Your Operating System and Software: Keeping your software updated is akin to getting a flu shot; it protects you from new threats.

Fix Security Holes: Updates often fix security vulnerabilities that could be exploited by cybercriminals.

Get New Features: Updates may also enhance your apps with new and improved features.

Update Your Devices: Regularly update hardware devices like routers, switches, and firewalls as well.

Set Automatic Updates: Enable automatic updates to ensure you never miss an important update.

Implement Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security, much like adding a second lock to your door.

What is 2FA?: 2FA requires two forms of identification, typically a password and a code from an authenticator app on your phone. SMS codes can also be used, but they are less secure.

Why Use 2FA?: Even if someone steals your password, they won’t be able to access your account without the second form of authentication.

Where to Use 2FA: Enable 2FA on all your online accounts, including email, banking, social media, shopping, work, and government accounts.

Avoid Using Public Wi-Fi: Public Wi-Fi is risky, as anyone can potentially eavesdrop on your activities. Instead, use your own 4G/5G modem or connect through your mobile phone.

If you must use public Wi-Fi, follow these tips to stay safe:

Use a VPN: A VPN encrypts your data, creating a secure tunnel to the internet. Avoid free VPN services.

Avoid Sensitive Tasks: Don’t perform banking or other sensitive tasks on public Wi-Fi. Wait until you’re on a secure network.

Turn Off Auto-Connect: Disable automatic connections to Wi-Fi networks to prevent your device from connecting to potentially malicious networks.

Identify Phishing Scams: Phishing scams attempt to trick you into revealing personal information. Here are some tips to avoid them:

Check the Sender: Verify the sender’s email address for any inconsistencies or errors. If in doubt, contact the sender directly.

Don’t Click Suspicious Links: Hover over links to see where they lead. If unsure, visit the website directly or call the sender for confirmation.

Be Wary of Urgent or Unexpected Messages: Scammers often create a sense of urgency to prompt quick action. If a message seems off, verify its legitimacy before acting.

Back Up Your Data: Backing up your data is essential to protect against data loss. Here’s why it’s important:

Recover from Accidents: Mistakenly deleted files can be recovered with backups.

Protect Against Ransomware: Backups allow you to restore your data without paying ransoms to cybercriminals.

Hardware Failures: Backup ensures you can quickly recover data if your hardware fails.

Use the 3-2-1 Rule: Keep 3 copies of your data, stored on 2 different types of media, with 1 copy off-site.

Review Your Privacy Settings: Your privacy settings control what others can see. Regularly review them to maintain your privacy:

Check All Your Accounts: Close and delete accounts you no longer use.

Limit What You Share: Share only necessary information to enhance your security.

Schedule Reviews: Regularly check your privacy settings and set reminders to do so.

Educate Your Staff About Cyber Safety: Cyber safety is a collective responsibility in any organization. Here’s how to spread the knowledge:

Cyber Security Awareness Training: Enroll your staff in comprehensive cyber security awareness training.

Make it Fun: Use games and stories to make learning about cyber safety engaging.

Lead by Example: Demonstrate good cyber habits for your staff to emulate.

Talk About Online Experiences: Encourage open discussions about online experiences to keep everyone informed and vigilant.

Level Up Your Cyber Hygiene: Enhance your cyber hygiene to protect against online threats. Use strong passwords, back up your data, avoid phishing scams, update your software, operating systems, and equipment, and avoid public Wi-Fi.

Password managers are fantastic tools designed to securely store and manage your passwords. Here’s why they’re so handy:

Security: They encrypt your passwords, ensuring that even if someone gains access to your password manager, they can’t read your passwords without the master key.

Convenience: They generate strong, unique passwords for each of your accounts, saving you from the struggle of coming up with and remembering them.

Autofill: They can automatically fill in your login details for websites and apps, saving time and reducing the risk of keylogging attacks.

Access Anywhere: Many password managers sync across devices, allowing you to access your passwords from your phone, tablet, or computer.

Some popular password managers include LastPass, 1Password, and Bitwarden. They often offer both free and premium versions with additional features like secure notes, payment info storage, and breach alerts.

Let’s dive a bit deeper into password managers and explore their features and benefits:

Key Features of Password Managers

Password Generation: They can create strong, random passwords for each of your accounts, significantly enhancing your security posture.

Password Storage: They securely store all your passwords in an encrypted vault, accessible only with your master password.

Autofill: They can automatically fill in login forms on websites and apps, which is both convenient and reduces the risk of phishing.

Cross-Platform Sync: Many password managers sync across multiple devices, allowing you to access your passwords from anywhere.

Password Sharing: Some password managers offer secure ways to share passwords with trusted individuals, such as family members or coworkers.

Security Alerts: They can notify you if any of your saved passwords have been compromised in a data breach, prompting you to change them immediately.

Secure Notes: They can store sensitive information like credit card details, secure notes, and even documents.

Two-Factor Authentication (2FA): Many password managers support 2FA, adding an extra layer of security to your accounts.

Types of Password Managers

Standalone Software: Applications like LastPass, 1Password, and Dashlane offer comprehensive password management features and often come with both free and premium versions.

Browser-Based: Browsers like Chrome, Firefox, and Safari have built-in password management features that can store and autofill passwords.

Device-Based: Mobile devices like iPhones and Android phones often come with integrated password managers (e.g., iCloud Keychain for iOS).

Choosing the Right Password Manager

When selecting a password manager, consider the following:

Ease of Use: Look for a user-friendly interface that makes managing your passwords simple and intuitive.

Security: Ensure that the password manager uses strong encryption and has a good security track record.

Compatibility: Make sure it works across all your devices and browsers.

Features: Look for additional features that you might find useful, such as secure sharing or 2FA support.

Looking for more great news from Microsoft? Windows 11 is rolling out exciting new features designed to enhance your workflow and keep your data secure.

One standout feature is the seamless integration of OneDrive across your phone and PC, making it incredibly easy to pick up right where you left off. Here’s how it works: Imagine you open a file, such as a Word document, Excel spreadsheet, or PDF on your phone. If you then unlock your PC within five minutes, you’ll receive a notification on your computer asking if you want to continue working on that file. Simply click the notification, and the file will open in your PC’s browser, saving you valuable time and effort. No more searching for the document or starting over—just a smooth transition from one device to the next. This feature has been available in a preview build so far, offering a glimpse of what’s to come.

But that’s not all. Windows 11 is also introducing enhanced passwordless login options. With increased support for passkey manager tools, you can enjoy a more secure and convenient way to access your accounts. This update is just one more way Windows 11 is committed to keeping your data safe and your workflow uninterrupted.

In addition to these updates, Windows 11 continues to refine and improve its user experience with various performance enhancements and bug fixes. These improvements aim to make your computing experience smoother, faster, and more efficient. Whether you’re a professional who relies on your PC for work or a casual user who enjoys seamless connectivity, Windows 11 has something to offer.

If you’re interested in learning more about how Windows 11 can boost your productivity and improve your workflow, don’t hesitate to reach out. We’re here to help you make the most of these new features and ensure you have the best possible experience with your devices.

Windows 11’s rebootless updates, known as hotpatching, are a game-changer for both individual users and businesses. Here’s a quick rundown:

What is Hotpatching?
Hotpatching allows Windows 11 to apply updates without requiring a system restart. This feature patches the in-memory code of running processes, ensuring updates are installed seamlessly in the background2.

Key Benefits:
No More Disruptions: Say goodbye to interrupted workflows and productivity losses due to unexpected reboots.

Immediate Protection: Security updates are applied instantly, keeping your system protected without downtime.

Reduced Reboots: While periodic reboots are still necessary (typically once every three months), this significantly reduces the number of reboots needed annually.

How It Works:
Hotpatching builds on a baseline cumulative update. Once this update is installed, subsequent hotpatch updates can be applied without reboots for the next two months2. However, a reboot is required every few months to maintain system stability.

Availability:
This feature is available for Windows 11 Enterprise (version 24H2) and Microsoft 365 Enterprise, and it’s expected to roll out to more devices over time.

Hotpatching is designed to make system updates less intrusive and more efficient, ensuring that your device stays secure with minimal disruption.

Does this sound like something that could benefit your setup?

Microsoft has recently launched the Bing Wallpaper app on the Windows Store, providing an official solution for changing desktop wallpapers daily. The app features a variety of images from around the globe that have appeared on the Bing homepage, but it seems to come with several dubious hidden functions when installed on a Windows PC.

While some third-party software companies might include questionable functionalities and hidden payloads, Microsoft users expect higher standards. When similar behaviour is observed in Microsoft’s products, it tends to provoke a swift and highly negative reaction from Windows users.

There are some serious security and privacy concerns with the Bing Wallpaper app. The app not only automatically installs Bing Visual Search but also contains code to decrypt cookies stored in other browsers. Additionally, it introduces a ‘free’ geolocation web API to the system.

A developer found numerous concerning features embedded in Bing Wallpapers by Microsoft. These include attempting to alter the browser settings and set Edge as the default system browser. If Edge isn’t the default browser, the app will eventually prompt the default browser to enable the previously installed Microsoft Bing Search extension for Chrome.

Like a lot of companies recently, has quietly enabled an opt-out feature that scrapes for the content of your Word and Excel documents in order to train it’s AI system. By default, this is turned on and you need to manually turn it off so that you can opt out.

If you’re using Word or Excel to create proprietary content (ie novels, blogs, etc) or any other content that will be protected by copyright, then you’ll be wanting to turn this feature off straight away.

On a Windows PC, go into Word and then File > Options > Trust Center > Trust Center Settings > Privacy Options > Privacy Settings > Optional Connected Experiences > Uncheck box: “Turn on optional connected experiences”

Microsoft have said that the feature is not intended specifically for AI training, but their Services Agreement includes a clause granting them a worldwide and royalty-free intellectual property licence to use user content.