Author: Brian Carnell

“Reduce Two Step Verification On This Device”

It took me awhile to figure out what this message on my insurance portal login page meant. I’m assuming it means “if you check the Remember Me option, you will not be required to do the two-step verification as often on this device.”

If so, that is an extremely poor way to word that.

I see these options to turn off 2FA for a period of time, and I always wish there was an option to never see these messages. I want sites like my insurance portal to require me to do 2FA every single time, and worry about inadvertently checking the box and downgrading the login security.

Activating Windows Administrator Account and Setting Password

I was installing a piece of software recently that needed access to the Windows Administrator account–it essentially would not work with my regular local account that has admin access. Makes no sense, but that’s Windows.

The Administrator account is apparently disabled quite often on local installations of Windows, so the account needs to be reactivated and configured with a password.

The account can be reactivated from the command prompt or PowerShell with:

$ net user administrator /active:yes

Once reactivated, a password can be set for the account with:

$ net user administrator PASSWORD

Smartish Magnetic Cord Holder

The Smartish Magnetic Cord Holder (Amazon link) is the first desktop cord organizer I’ve used that actually works.

This is a relatively heavy 4.9″ x 3.24″ faux leather base that sits on a desk or table. The bottom has a grip pattern but none of the sticky or 3M adhesives that a lot of other similar solutions rely on.

The top of the cord holder is magnetic, which keeps the cords in place until you need them.

Smartish’s marketing copy claims that most cables will work with it out of the box, but my experience is that none of my cables did. Fortunately, it ships with several magnetic cable collars–small wraparound cables that easily attach to any cable and allow the cable to stick to the cord holder.

From my testing, this worked like a charm. I have a number of USB-C and other cables that typically plug into a computer or charger under my desk. Those cables tend to occasionally fall back behind the desk, requiring me to duck under the desk and get them back up to where they need to be.

This totally removes that necessity.

The only real drawback is the price. The larger model, which IMO is the only one really worth getting, is $40. For me, that was a small price to pay to solve this problem once and for all, but obviously, that is a significant amount of money just for this sort of cable management.

Filter Out KnowBe4 Pishing Test Emails

KnowBe4 produces a number of cybersecurity products, including borderline unwatchable training videos and, the subject of this post, phishing tests.

A phishing test (also commonly referred to as simulated phishing) is when an organization sends its employees emails that look like phishing attempts to see whether or not staff will click on the links in the emails. Those who do click on the links are typically directed to even more pointless training.

As I’ve said before, I think phishing tests are the current version of “change your password every three months” requirements. Like the constant password changes of yesterday, phishing tests are usually done with good intent but are, at best, security theater and, at worst, undermine long-term cybersecurity efforts.

Regardless, most modern email systems will tend to flag phishing tests as spam/phishing and either quarantine them or deliver them to junk mailboxes. To ensure the phishing test is delivered to employee inboxes, organizations have to whitelist the emails using one of a number of possible methods.

KnowBe4 helpfully publishes its whitelisting guide on its website.

KnowBe4’s documentation explains how organizations can whitelist their phishing test emails by IP address, hostnames, or headers. And, of course, the same information can be used to filter any phishing test emails into the junk mail or any other folder.

For example, as of the writing of this article, KnowBe4’s documentation indicates it uses 23.21.109.197 and 23.21.109.212 as IP addresses to send phishing test emails to its US, Canadian, UK, and German customers. Its documentation also mentions that it may use 147.160.167.0/26 in the future to send phishing test emails. It also uses the hostname psm.knowbe4.com.

KnowBe4 also uses a default header of X-PHISHTEST, but unlike the IP address and the hostname, individual organizations can create a custom header. As such, filtering against that header is less reliable than the other two indicators.

From there, it is just a matter of creating a mail filter that routes any emails that have those IP addresses/ranges or hostname in the header into whatever folder you want.

KnowBe4’s documentation page is updated almost daily, but this appears to mainly be an effort to signal that the information is current rather than that it is constantly changing the IP/hostname details. The only thing that seems to actually change daily is the documentation’s date. This makes sense because every time KnowBe4 updates its IP addresses or hostname, every organization using it for phishing tests also has to update its email whitelisting configuration, so these details likely change infrequently.

Still, the last part of this process would be to set up a webpage monitor to report when there are any changes to the whitelisting guide. I prefer to self-host something like changedetection.io, which gives a diff showing what changed on a page.