I get a lot of requests about email protection, the following are measures used to help prevent email tampering and provide your email a good reputation over time if you have no problems.

They are mainly used when you have your own domain name and once configured start working immediately.

Large email providers also provide this protection but I am not sure to what degree, they have to take into account bad actors as well as the good so it's a balancing act.

The following gives you an idea of what these protocols provide.

SPF and DKIM for Email protection

SPF and DKIM are two authentication protocols used to detect email spoofing, which is when a malicious sender pretends to be someone else. They are also used to increase your email deliverability.

 Are SPF and DKIM the Same?

While they both are authentication protocols, SPF and DKIM are not exactly the same. 

SPF is used to authenticate the sender and ensure that only authorized servers can send emails from your domain, while DKIM is used to verify that messages haven’t been tampered with in transit. 

Do I Need Both DKIM and SPF?

Yes, it is highly recommended to use both DKIM and SPF for a complete email authentication setup. This will protect your domain from malicious activity and improve your deliverability rates.

Can SPF and DKIM Prevent My Emails From Being Marked as Spam?

Yes, SPF and DKIM can prevent your emails from being marked as spam by helping you build a good reputation with email providers. However, they cannot guarantee that your emails will never be marked as spam.

This information has been collected from the Internet 

 Australian migration agent Aussizz has been breached and had almost 300GB information taken. Migration agents require personal documents from applicants to submit with their request to come to Australia. These can include payslips, passports, education records, visas, and photographs, which makes migration information a lucrative target for criminals to use to enter Australia.

Every breach gives the criminals using the Dark Web more information and allows for personally targeted scams against us, even though we had no part in this there is no support when we accidentally get caught in their web. 

Every time you see a breach of a high-profile business or government department in Australia you know we are probably on that list of stolen information.

 Last year, around half (49%) of reported data breaches, including 86% of web application breaches, involved the use of stolen credentials: user names and passwords. In Australia, 1.8 million accounts were breached in the first quarter of 2024 alone. When it comes to secure authentication, there seems to be a lesson we’re not learning.

We know that passwords are vulnerable to being cracked, exposed or stolen and used against us, but many organisations still rely on them for securing access. There are a number of reasons for this — and it is important to remember those reasons when we try to replace or supplement them.

Passwords are convenient. They’re familiar and both users and administrators understand them. They’re easy to implement and require minimal infrastructure and investment. There’s no need for additional hardware and they’re everywhere. Nearly every service and device supports password authentication.

Reducing our reliance on passwords

When considering alternatives to passwords, it’s important to prioritise security, usability and scalability to ensure a seamless and secure authentication experience for users. If you introduce too much complexity and friction, people will find a way around it.

Here are some other types of authentication that can help organisations boost their security without alienating the people they rely on to make it work.

1. Two-factor authentication/multi-factor authentication (2FA/MFA)

These have become the security default for applications. 2FA requires users to provide two forms of identification before gaining access, typically something they know, like a password, and something they have, like a code shared over a mobile device. There’s very little extra time and friction involved. MFA adds additional layers of authentication, such as something the user is (biometrics) or something the user does (behavioural biometrics). In recent years, however, attackers have learned how to breach MFA through targeted phishing or ‘MFA fatigue’ where they bombard the user with sign-in notifications.

2. Single sign-on (SSO)

SSO allows users to access multiple applications with a single set of login credentials, reducing the need for multiple passwords and simplifying the user experience. This is very effective for internal business applications, but it can be time-intensive to set up and connect. SSO can also be risky if applied to wider internet activity and access is gained using the credentials for popular online services such as Google, Facebook, Apple, Yahoo and Microsoft. Although this makes signing on very simple, if an account with one of these services is compromised, the attackers can access any service which has used that account for single sign-on. Further, data is often shared between services and users may not always be aware of this.

3. Biometric authentication

This includes methods such as fingerprint recognition, facial recognition, iris scanning and voice recognition. Behavioural biometrics uses how a person walks, types or handles a device. The advantages of biometric authentication are that it provides a high level of security and user convenience. Many people may be familiar with biometrics because multiple consumer devices already feature biometric authentication capabilities. This can make it easier to deploy the technology in a business setting.

A biometric authentication experience is often quick and smooth because it doesn’t require a user to recall a password or security question/answer. However, not every device can handle biometric authentication and it can be expensive to implement the required technology. Employees also need to be comfortable sharing their biometric data with their employer.

4. Hardware tokens

These physical devices generate one-time, often time-limited codes or cryptographic keys for authentication, adding an extra layer of security. An attacker would need physical access to the token and also know the user’s credentials to infiltrate the account. However, while you can reset a forgotten password, lost hardware is still lost hardware, so the IT team needs to have a backup plan.

5. Certificate-based authentication

These are digital certificates issued by a certificate authority and public key cryptography to verify user identity. The certificate stores identification information and the public key, while the user has the private key stored virtually. It’s a good authentication option for companies that employ contractors who need temporary network access. However, it can be expensive and time-consuming to implement.

Last but not least, there is a dynamic approach known as risk-based authentication. This method assesses the risk associated with a login attempt based on various factors such as user behaviour, location and device information, and adjusts the authentication requirements accordingly.

The takeaway

The focus for secure access needs to shift from just eliminating passwords towards eliminating the need for passwords.

Passwordless access methods aim to achieve this by relying on alternative or supplementary authentication methods that are more secure and user-friendly — such as those listed above — often as part of a broader zero trust access approach. Both passwordless access and zero trust help to strengthen security and improve the user experience in today’s evolving threat landscape. Together they may finally break our emotional and enduring bond with passwords.

https://www.technologydecisions.com.au/

 It's been a long time and I thought an update was due, I will post as I find current issues affecting Australians and workarounds.

Safeguarding Your Digital Fortress: Essential Cybersecurity Practices 

In today's interconnected world, where the digital realm permeates nearly every aspect of our lives, cybersecurity has become more critical than ever. With the constant evolution of technology, cyber threats continue to proliferate, posing significant risks to individuals, businesses, and even nations. To safeguard your digital fortress against these ever-looming dangers, adopting robust cybersecurity practices is imperative. Let's delve into some essential strategies to fortify your online defenses.

 

1. **Stay Vigilant Against Phishing Attacks:**

   Phishing remains one of the most prevalent cyber threats, wherein attackers masquerade as legitimate entities to deceive users into disclosing sensitive information. Exercise caution when opening emails, especially those requesting personal or financial data. Be wary of suspicious links or attachments and verify the authenticity of senders before divulging any information.

 

2. **Keep Software Updated:**

   Software vulnerabilities serve as entry points for cybercriminals to infiltrate systems. Ensure all your software, including operating systems, applications, and antivirus programs, are regularly updated with the latest security patches. By staying current with software updates, you close off potential avenues for exploitation, bolstering your defenses against emerging threats.

 

3. **Implement Strong Password Practices:**

   Passwords serve as the first line of defense against unauthorized access to your accounts. Adopting strong password practices, such as using complex combinations of letters, numbers, and symbols, can significantly enhance security. Consider employing password managers to generate and securely store unique passwords for each account, mitigating the risks associated with password reuse.

 

4. **Enable Multi-Factor Authentication (MFA):**

   Multi-factor authentication provides an additional layer of security by requiring users to provide multiple forms of verification before granting access. Whether through SMS codes, biometric authentication, or authenticator apps, MFA fortifies your accounts against unauthorized access, even in the event of compromised passwords.

 

5. **Backup Data Regularly:**

   Data loss can occur due to various reasons, including cyberattacks, hardware failures, or human error. Implementing regular data backups ensures that critical information remains accessible even in the face of unforeseen circumstances. Utilize both onsite and offsite backup solutions to safeguard against data loss and facilitate swift recovery in the event of a breach.

 

6. **Educate and Train Personnel:**

   Human error remains a significant contributor to cybersecurity breaches. Educating employees about cybersecurity best practices and conducting regular training sessions can empower them to recognize and respond effectively to potential threats. Instill a culture of security awareness within your organization to foster a collective commitment to cybersecurity excellence.

 

7. **Conduct Routine Security Assessments:**

   Regular security assessments and audits are essential for evaluating the effectiveness of your cybersecurity measures and identifying any vulnerabilities that may exist within your systems. Engage in proactive monitoring, intrusion detection, and vulnerability scanning to detect and mitigate threats before they escalate into full-fledged attacks.

 

8. **Stay Informed About Emerging Threats:**

   Cyber threats are constantly evolving, requiring a proactive approach to stay ahead of malicious actors. Stay abreast of the latest cybersecurity trends, threat intelligence, and advisories from reputable sources. By remaining informed, you can adapt your security strategies to effectively counter emerging threats and minimize potential risks.

________________________________ 

In conclusion, safeguarding your digital fortress requires a multifaceted approach encompassing proactive measures, robust defenses, and ongoing vigilance. By implementing these essential cybersecurity practices, you can bolster your online defenses and mitigate the risks posed by an increasingly hostile digital landscape. Remember, in the realm of cybersecurity, diligence is the key to resilience. Stay vigilant, stay secure.