Microsoft recently advised against longstanding, conventional cybersecurity logic on required password changes. It turns out forced switches made users select more predictable and easy-to-breach passwords.

"The pattern that humans use, particularly when they're not using a password manager, is they come up with, sort of, this rubric," said Pedro Canahuati, chief technology officer at 1Password. "If that's really very complex, it makes it difficult for people to gain access to it. But the reality is, humans are not good at randomness."

"The previous advice for people to rotate their passwords so frequently led to some really bad habits: people writing passwords down, only changing maybe the last digit," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.

"Changing that one character at the end of your password is not enough when you're up against a bot who's just cycling away at different passwords and switching out letters and numbers."

Humans are notoriously bad at passwords. NordPass' research of commonly used passwords across 50 countries in 2021 found the most popular were strings of letters or numbers, like 123456 and qwerty or words like a password. Most could be cracked in less than one second.

Still, if you search online for advice on how often you should change passwords, you'll still find many results saying you should change them routinely.

Newsy spoke to four cybersecurity experts about best rotation practices. While all noted that there are times when passwords should be changed — like when your data is implicated in a breach — other, more important security features can be used to strengthen data protection.

"People just need to understand that passwords only go so far, and you need multifactor authentication," said Ed Skoudis, president of SANS Technology Institute. "Password management organizations also have an obligation to keep their users secure and safe."

"The simple solution at the end of the day is to use strong and unique passwords with a password manager because nobody can create them as strong as they can with the password manager," said Craig Lurey, chief technology officer at Keeper Security. "This is hundreds of engineers, solely focused on protecting passwords in an encrypted vault that's highly secure and protected from access, and all the years of implementation that went into that versus whatever you think you can do with your notepad."

Newsy is the nation’s only free 24/7 national news network. You can find Newsy using your TV’s digital antenna or stream for free. See all the ways you can watch Newsy here.

A loose panel in a Cape Cod home revealed a hidden treasure behind its walls. Anna Prilliman came upon a trove of letters — hand-written seven decades ago, between a young man named Vance and his Betty Sue.  

"I read one of those letters, and it is absolutely a love story," Prilliman said. 

Their delicate cursive reminded Anna of the days people slowly put pen to paper instead of racing over computer keys. 

"There are no 'smh's' or 'omg's' or 'lols' it's full sentences. Grammatically correct sentences. Isn't that funny how that works," Prilliman said.  

For many, these letters are also a reminder of a timeless art form they worry is slipping through the hands of new generations.  

Cursive flourished after the fall of the Roman Empire, with each part of Europe creating different styles of handwriting. By the late 8th century, an English monk, inspired by Roman characters, revolutionized cursive. He designed handwriting that would maximize legibility and feature lowercase letters, word separation, and punctuation.

But when the invention of the printing press threatened to make hand-written texts obsolete, Italians revolted by creating "Italic cursive." And for centuries on, elegant writing proved to be a status symbol associated with different jobs and social ranks. By the 1700s, schools were teaching the first master scribes.  

When the U.S. gained its independence, Congress hired professional penmen to copy the nation’s founding documents.

And we were left with arguably one of the most famous signatures of all time — John Hancock’s. The American penmanship style we know today evolved from the mid-1800s.  

Abolitionist Platt Rogers Spencer created the first cursive system in the U.S., crafting a style still seen on Coca-Cola's iconic logo. 

Other methods of cursive took favor over the years until students were taught to form those loopy letters we still see today — though technology has changed the game. Today, students are instructed to put fingers on keys more often than pen to paper. 

Just 21 states require public schools to teach cursive in their curriculum.   

Cursive is also left out of common core state standards — fully adopted by 35 states since 2010.  Sue Pimental, one of the lead writers of the English standards, told EdWeek that teachers around the country felt cursive instruction took an "enormous" amount of time and welcomed the change. 

A few years after the common core was introduced, a survey found roughly four in 10 elementary school teachers were no longer teaching cursive, though about seven in 10 felt its absence would lead to long-term negative consequences. 

Steve Graham, a writing studies expert and professor at Arizona State University says there is evidence that handwriting is beneficial for cognitive development. He says good handwriting makes it easier for students to get ideas on paper and score higher on writing tests. But that doesn’t mean learning cursive is necessary.

Graham says there isn’t enough evidence to prove teaching cursive is better than print, and it’s only marginally faster to write in cursive — if at all. 

Others say we get more benefits from the writing style, like Virginia Berninger, an emeritus professor at the University of Washington’s College of Education. She’s studied the different ways cursive and print activate our brains and believes cursive helps students better recognize and write letters.

As for Betty Sue and Vance, their love story surrounds their carefully crafted letters, their lives changing from exchanging letters to exchanging vows and a lifelong marriage. The story of their cursive correspondence was told nationwide. And Anna eventually tracked down the couple’s grandson — 3,000 miles away.  

"Human connection matters. The past matters," Prilliman said. 

Newsy is the nation’s only free 24/7 national news network. You can find Newsy using your TV’s digital antenna or stream for free. See all the ways you can watch Newsy here.

Working from home has transformed how people make a living. It has also led to some pretty extravagant home office setups.

Research from the company CouponFollow shows the average American spent $572 on their home office set up during the pandemic, with 36 percent of those people buying technology like webcams and computer software to support their work.

“So, the old [computer] I had previously was just literally this laptop here,” said Chad Sullivan, a 27-year-old worker in the oil and gas field.

Since March 2020, Sullivan has been working exclusively from home. He started working on his laptop on the kitchen table and has since graduated to a home office filled with a desk that can elevate to a standing desk with the push of a button, as well as a 54-inch rounded computer monitor.

“This at least helps me put a couple of different avenues of referencing, typing, and reviewing all at once,” he said.

Total, the investment was around $600, Sullivan said.

Nationally, research suggests the investment in a home office has helped productivity, as well. According to the Pew Research Center, 71 percent of Americans exclusively work from home because of the pandemic, and, on average, log 22 million hours of extra work each day because of it.

“I prefer to stay at home. I’m more productive at home. I create more,” said Frank Adelson, an editor for a local news station in Miami.

Adelson has not gone into his office for more than a year. He has invested in three computer monitors next to one another, with a television mounted to the wall above them.

“It allows me to watch the news and what is going on while working on projects,” he said.

According to CouponFollow, 81 percent of people who responded to their survey said they were satisfied with the effectiveness of their work from stations, 80 percent responded by saying they were satisfied with how it amplified their focus, and 84 percent said they were satisfied with how it increased their productivity.

BOSTON —

The single biggest global ransomware attack yet continued to bite Monday as details emerged on how the Russia-linked gang responsible breached the company whose software was the conduit. In essence, the criminals used a tool that helps protect against malware to spread it widely.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.

REvil was demanding ransoms of up to $5 million. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. It wasn't clear who they expected might pay that amount.

Sweden may have been hardest hit by the attack — or at least most transparent about it. Its defense minister, Peter Hultqvist, bemoaned on Monday "a serious attack on basic functions in Swedish society."

"It shows how fragile the system is when it comes to IT security and that you must constantly work to develop your ability to defend yourself," he said in a TV interview. Most of the Swedish grocery chain Coop's 800 stores were closed all weekend because their cash register software supplier was crippled. They remained closed Monday. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

A broad array of businesses and public agencies were affected, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. The cybersecurity firm ESET identified victims in countries including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don't publicly report attacks or disclose if they've paid ransoms.

On Sunday, the FBI said in a statement that while it was investigating the attack, its scale "may make it so that we are unable to respond to each victim individually." Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had "directed the full resources of the government to investigate this incident" and urged all who believed they were compromised to alert the FBI.

Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

On Monday, Putin spokesman Dmitry Peskov was asked if Russia was aware of the attack or had looked into it. He said no, but suggested it could be discussed by the U.S. and Russia in consultations on cybersecurity issues for which no timeline has been specified.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed and many victims might not learn of it until back at work Monday or Tuesday.

Most end users of managed service providers "have no idea" whose software keep their networks humming, said CEO Fred Voccola of the breached software company, Kaseya.

He estimated the victim number in the low thousands, mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that."

Voccola said only between 50-60 of the company's 37,000 customers were compromised. But 70% were managed service providers who use the company's hacked VSA software to manage multiple customers. It automates the installation of software and malware-detection updates and manages backups and other vital tasks.

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future.

But Kevin Reed of Acronis said the offer of a universal decryptor could be a PR stunt because no human involvement would be needed to pay a $45,000 base ransom demand apparently sent to the vast majority of targets. Analysts reported seeing demands of $5 million and $500,000 for bigger targets, which would require negotiation.

Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70 million will be cheaper for them than extended downtime.

Sophisticated ransomware gangs on REvil's level usually examine a victim's financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. The criminals then threaten to dump the stolen data online unless paid, although that does not appear to have happened in this case. But this attack was apparently bare-bones. REvil seems only to have scrambled victims' data.

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a "zero day," the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

"The level of sophistication here was extraordinary," he said.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion's share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

___

AP reporters Jim Heintz in Moscow, Jan Olsen in Stockholm, Kirsten Grieshaber in Berlin, Jari Tanner in Helsinki and Sylvie Corbet in Paris contributed to this report.

CLEVELAND, Ohio — The digital divide in Ohio has been an issue for years. Now, it's escalating.

“We believe this is an economic issue,” said Angie Cooper, Chief Program Officer at Heartland Forward.

Right now, more than 1.4 million Ohioans don’t have internet service and 29% of Ohio K-12 students don't have adequate access, which may be causing a long-term domino effect across communities.

“Not having affordable high-speed Internet access is impactful to not just students, it's impactful to our workforce. It's impactful to our health care. We saw that even while people were signing up for vaccinations. If you didn't have access to get online these things became very, very challenging,” Cooper explained.

But state leaders are taking a step towards change by partnering with the FF and the nonprofit Heartland Forward. Together they're launching a $3.2 billion Emergency Broadband Benefit program, which is a Federal Communications Commission (FCC) program. If you qualify, can get up to $50 off broadband service in your area and up to $100 to help buy a computer or tablet to allow access at home.

However, the program will not be sticking around for long. The benefits are set to expire when funds run out or six months after the U.S. Department of Health and Human Services declares an end to the pandemic.

“Once funds run out, the emergency broadband benefit program will not be available. Those dollars will not be available to households,” Cooper said. “That's why it's so important. This was passed during COVID and it's so important for people to be aware that there's money out there for them to receive.”

So far 2.3 million households have signed up nationwide. Yet, we're told the numbers in Ohio are missing the mark.

“The numbers in Ohio still need to be increased,” said Cooper.

Cooper says the program is simply a temporary fix giving hope as the state looks for something permanent.

“Heartland Forward will be working over the months and years with state leaders and with the federal government to ensure that there are permanent solutions put in place.”

Do I qualify?

A household is eligible for the program if one member of the household meets at least one of the following criteria:

• Has an income that is at or below 135 percent of the Federal Poverty Guidelines or participates in certain assistance programs, such as SNAP, Medicaid or the FCC’s Lifeline program;
• Approved to receive benefits under the free and reduced-price school lunch or breakfast program;
• Received a Federal Pell Grant during the current award year;
• Experienced a substantial loss of income through job loss or furlough since Feb. 29, 2020; or
• Meets the eligibility criteria for a participating provider’s existing low-income or COVID-19 program

How do I apply?

Those eligible can enroll in the program in several different ways.

If you do not have access to the internet, you can sign up through a participating broadband provider or by calling (833) 511-0311 between 9 a.m. and 9 p.m. any day of the week to request a mail-in application and more information about the program.

If you shave access to the internet, they can apply online by clicking here.

For more information about EBB, click here.

If you need help with the application process you can also call the RemotEDx Connectivity Champions at (844) K12-OHIO or click here.

BUFFALO, N.Y. — The National Center for Missing and Exploited Children said reports of online enticement, where adults communicate with children intending to commit a sexual offense or abduction, have increased 97.5% from 2019 to 2020.

"Over 21.7 million reports. It's the largest number of reports ever to the cyber tip line since its existence," said Kathy Gust, a program director at the National Center for Missing and Exploited Children.

"I think that's a direct result as to the fact that we're putting tablets and laptops in the hands of our children for school," said Mike Hockwater, a detective on the FBI's Child Exploitation Task Force.

Hockwater said the increase in online enticement reports comes at a time children are spending increased time on phones, computers and tablets.

"Their tablets - that's their life right now. That's how they're communicating and continuing their relationships with their friends," Gust said.

"Anytime there are people social networking, it's an opportunity for an offender to groom a relationship whether it's an adult relationship or child relationship," Dr. David Heffler, a forensic mental health counselor, said.

A criminal complaint filed in January accuses Pedro Melendez, a Niagara Falls man, of admitting he had been communicating with an 11-year-old girl from Connecticut online via PlayStation.

According to the complaint, Melendez confirmed the girl was 11-years-old, then "sent images of his face and two images of a penis, which he purported to be his own."

The complaint said, "Melendez asked minor victim to send a picture of herself to him." When the girl offered to get her father's phone to take the image, Melendez said "don't want him to get suspicious."

"They will take a person who you would never expect would fall for such a trick and they convince them prior to ever having asked for a picture, prior to talking about meeting, they groom them by telling them how great they are," Hockwater said.

Hockwater said some of these interactions move from online communication to in-person meet-ups.

Last August in Chautauqua County, New York, a federal complaint was filed involving Richard LaFrance, a registered sex offender.

He is accused of communicating with a 14-year-old student via her Silver Creek School email. The complaint said he eventually gave her a phone to communicate with him.

The complaint said LaFrance and the student exchanged sexual images, and the victim said she eventually went on a fishing trip with LaFrance where they engaged in intercourse.

The LaFrance complaint documents LaFrance saying, "You better delete these or at least most of them after you read them," in response to the victim saying, "Love u" after discussing the fishing trip.

"We've had several cases in the last year involving people who have traveled long distances to meet children after they had engaged with them online," Hockwater said.

Hockwater said the three most common sites where offenders exist are Snapchat, Instagram and Kik, but they can be found on any social media outlet or platform where a child has access to the internet. He said parents need to be looking at their kids' online presence more often.

"We look back at what went wrong and how we could have prevented it and more often times than not it's just the lack of deep involvement by a parent on their children's online world," Hockwater said.

"We have to make it harder for offenders to victimize children. The best way to do that is to really educate our children about the risk," Dr. Heffler said.

Dr. Heffler works with victims and perpetrators of online sexual abuse. He said parents need to go through their children's social media and online accounts because this kind of abuse can change the course of a child's life.

"It has a lifelong impact. There's no point in time in which a victim of abuse will say it no longer bothers me. It no longer has an effect on me," Dr. Heffler said.

Gust said to have an open conversation about offenders with your kids.

"Start those conversations at a young age. The child just grows up naturally feeling safe and having those conversations. And they know, if I go to mom and dad they're not going to overreact," Gust said.

The National Center for Missing and Exploited Children has videos and learning activities to educate children about online predators.

The National Center for Missing and Exploited Children also offers family services if a child or parent needs to speak with someone or ask for assistance in finding a therapist or attorney.

This story was originally published by Olivia Proia at WKBW.