How to check the checksum of a file on Windows 10

Downloading a file used to be a risk. It can still be risky and you might still end up with malware on your system but there are more robust protections in place now. Both your browser and your OS scan items to make sure they’re safe to run. Another way to make sure you’ve downloaded a safe file is to check the checksum of a file.

Checksum values

No two people can have the same fingerprints. Similarly, no two files can ever have the same checksum values. If a file has been modified, its checksum value will be different from what it was before the modification was made.

When you check the checksum value of a file, you first need to know what its original value was. Normally, developers who are distributing software will provide it themselves on the download page for their product. Checksum is applied using MD5 or SHA. Some developers will generate Checksum values from both so that you can check whichever you want.

Check checksum value

Microsoft provides a tool called File Checksum Integrity Verifier utility that you can use to check the checksum value of a file.

Download and extract it. You will have to use it from the Command Prompt. Open Command Prompt and use the cd command to move to the folder you extracted the tool to.

Move the file that you want to check the checksum value for to the same directory as the one you extracted the File Checksum Integrity Verifier utility to and then run the following command to run the check.

Syntax

fciv.exe -both filename

Example

fciv.exe -both ReIcon_x64.exe

This will display both the MD5 and SHA checksum values. You can manually compare them, use a spreadsheet tool, or a simple difference checking tool.

Checksum does not match

In the event that the file you downloaded and ran the check for generates a different checksum than the one the developer provided, you might be dealing with a malicious or corrupt file.

If the file is corrupt, it’s likely because it didn’t download correctly. Try downloading it again. If the problem persists, it is entirely possible that the file that is available has been modified in which case, you should not use/run it. A mismatch in checksum value may also indicate a file that has been modified. This tends to happen with free or open-source apps that people try to re-distribute. They add in additional code that is meant to harm your system and bundle it into a trusted app.

The only way to stay safe is to always download apps from their official sources.

Read How to check the checksum of a file on Windows 10 by Fatima Wahab on AddictiveTips – Tech tips to make you smarter

SolarWinds Threat Monitor – REVIEW 2019 (Advanced Threat Detection and Monitoring)

One of the services often offered by Managed Service Providers (MSP) is security services. And for those MSPs offering this type of service, it’s nice to be able to support it all using a single integrated tool.

The SolarWinds Threat Monitor is one such tool. It is an integrated tool that provides several different security services and that specifically targets Managed Service Providers or large organizations.

SolarWinds Threat Monitor: REVIEW

Today, we’re happy to bring you our review of this great product. As you shall soon see, this is a perfect solution for those who want to accomplish a lot with as little software as possible. Generally speaking, using an integrated tool such as this one is way easier than using individual tools for each function.

We’ll start off our exploration by first introducing SolarWinds MSP, a division of SolarWinds specializing in tools for Managed Service Providers. We’ll then introduce the SolarWinds Threat Monitor which we’ll follow with a description of the tools most important and significant features. Next, we’ll briefly review some of the most important benefits of the tool to your business and have a look at what little we know about the product’s pricing before we conclude.

About SolarWinds MSP

SolarWinds MSP was born by bringing together SolarWinds, SolarWinds N-able, and LOGICnow, three major players in the MSP tools market.

Before the creation of SolarWinds MSP, LOGICnow, and SolarWinds N-able provided outstanding software such as Remote Monitoring and Management, Backup and Disaster Recovery, Remote Control, Help Desk, Mail, and Risk Intelligence, all aimed at helping Managed Service Providers make the most of their business potential. The two companies served their clients in complementary ways. One served small and mid-sized MSPs beautifully, while the other was perfect for mid-sized and large MSPs.

Noticing how well the two companies fit together, the smart people at SolarWinds, a leading provider of products designed to make network and system administrators’ lives easier, brought the two together to form SolarWinds MSP. The result is a scalable, end-to-end IT service management platform built for MSPs of all sizes—from the one-person shops all the way to 100+ employee powerhouses.

Introducing the SolarWinds Threat Monitor

As a managed security service provider, your customers expect you to safeguard their businesses from security threats no matter what they are and where they are coming from. The SolarWinds Threat Monitor empowers managed security service providers of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable all within one tool.

SolarWinds Threat Monitor - Main Dashboard

Benefit from a powerful security center to offer a better value to your client with an all-in-one solution created to watch threats, automatically react to incidents, and generate compliance reports. Try the SolarWinds Threat Monitor and find out how you can stand out among the Managed Service Provider crowd with a tool designed with Managed Service Providers in mind.

Centralized Cloud Security Monitoring

Watch for potential threats, process them and generate reports from almost anywhere and at any time.

Unexpected Simplicity

A powerful and intuitive cyberthreat engine to help you resolve issues quickly.

Shared Architecture

Efficiently provision and manage several clients from a unique user-friendly workspace.

Simple And Highly Scalable Deployment

You can easily modify the tool’s functionality as your clients’ activities grow.

Features Of The SolarWinds Threat Monitor

As an integrated security suite, the SolarWinds Threat Monitor is so rich in features that this post could be twice as long as it already is. There is so much to say about the product that we’ll have to limit ourselves the best and most important and significant features of the product. So, let’s see what the product has to offer in terms of features.

Threat Intelligence

The idea behind the threat intelligence built into the SolarWinds Threat Monitor is to help you make smart decisions. The threat intelligence is continuously updated from multiple sources so you always have the most recent information. It is designed to help you find and respond to threats across your on-premises and hosted data centers as well as your public cloud environments like Microsoft Azure or Amazon AWS.

SolarWinds Threat Monitor - Threat Intelligence

Security Information And Event Management (SIEM)

Security Information and Event Management (SIEM) tools are in a class by themselves. They offer protection against various types of threats by analyzing logged events from your devices. They go well beyond just reacting to specific events, though. SIEM tools correlate data from various sources and can analyze the trail left by an attacker on your devices, allowing you to locate and block it.

SolarWinds Threat Monitor - SIEM dashboard

It is particularly complicated in the context of Managed Service Providers as correlation has to remain within each client’s domain. The Security Information and Event Management features of this platform can give you a centralized view into near real-time log notifications from your customers’ networks. The tool collects log-file information from several disparate sources and helps you hone in on the most critical threats by rapidly assessing intent and severity.

Log Correlation And Analysis

The SolarWinds Threat Monitor is designed to help discover threats for you, enabling you to focus on real threats, not sifting through logs. The system will correlate logs from your customers’ systems in near-real-time and analyze them against multiple sources of continuously updated threat intelligence.

When it comes to providing security-related services like threat detection to their customers, Managed Service Providers face challenges when gathering and correlating log data. For instance, applications running on customers’ networks may have different log output formats. Additionally, existing text search tools can have limitations that could potentially lead to key log data being overlooked or omitted. Furthermore, manually gathering and correlating log data can be complex and time-consuming. Many MSPs don’t have the time or the in-house expertise to accomplish this which can lead to event logs piling up while potential cyber incidents remain undetected.

The SolarWinds Threat Monitor is designed to reduce complexity by automating the log correlation and normalization process. This can potentially help reduce time spent gathering and analyzing logs, so you can focus on identifying threats to your managed networks.

This feature alone provides many benefits such as:

Streamlined Management Via Log And Data Collection In One Tool

Network logs are less useful for understanding cyberthreats when kept in isolation. You can often only recognize attacks when logs generated across your managed networks are analyzed side-by-side. This tool was designed to automatically collect logs and data feeds from nearly everything on your managed networks—including networking equipment, firewalls, servers, and more and organizes this information into a single solution.

Actionable Insights Via Automatic Log Normalization

As a Managed Service Provider, you may be responsible for managing networks that generate thousands—if not millions—of events in a short period of time. Manually identifying, categorizing, and making sense of these can be challenging and costly due to the amount of incoming data. This tool automatically correlates and normalizes logs to help you better identify the relationships between ongoing events.

Help With Demonstrating Regulatory Compliance

Many organizations must adhere to regulations for networked systems and security. The SolarWinds Threat Monitor was designed to help you gather information during the log correlation process that can be used to assist in demonstrating a strong security monitoring policy, which could help in demonstrating regulatory compliance.

Greater Visibility To Your Customer

This tool was also designed to help Managed Service Providers provide additional value via strong reporting. They can send reports to stakeholders that itemize security-related events and threats identified within a specified period. These reports can also help demonstrate the steps taken to address the risks.

Network And Host Intrusion Detection Systems

This feature is designed to pinpoint unwanted traffic and software across your managed networks and systems. It will alert you to unusual traffic patterns on the network and malicious software on systems. Small- and medium-sized businesses have at least two crucial assets to consider—their networks and their customer data. Both are connected in terms of security compromises. If a network is breached, the attackers will likely have a direct line to valuable data. The SolarWinds Threat Monitor can spot anomalies and it is designed to sound the alarm only when needed.

SolarWinds Threat Monitor - Intrusion Detection

As an MSP, your customers trust you to keep their assets secure and help them avoid breaches. To keep that trust, you need a solution that, like the SolarWinds Threat Monitor, can help you proactively monitor your managed networks for malicious traffic and suspicious activity patterns as either of these could lead to a breach or threaten business continuity.

This excellent tool provides sophisticated threat detection capabilities that are kept current with a global threat intelligence feed. It was built to help you easily analyze network traffic and identify advanced threats across on-premises and hosted data centers, as well as public cloud environments like Microsoft Azure or Amazon AWS. It was truly designed to help you earn and keep your customers’ trust.

This is another feature of the product which provides extensive benefits such as:

Greater Visibility Into Network Intrusions

The SolarWinds Threat Monitor was built to help you determine the types and frequency of attacks against your managed networks. It can assist you in optimizing your security protocols to help safeguard your customers. In addition, this information can be helpful for creating risk assessment reports.

Increased Productivity

The tool was built to help improve efficiency by automating the complex processes of intrusion detection. The SolarWinds Threat Monitor deploys network sensors dedicated to detecting and analyzing threats and suspicious patterns to help you reduce wasted time running manual tasks.

Decreased Security Blind Spots

Just like when driving a vehicle, blinds spots should be avoided at all cost. When used in conjunction with the latest threat intelligence information, an intrusion detection solution can help you gain a more complete view of the evolving cyber threat landscape. This can, in turn, potentially make you better equipped to fight back against cyber threats.

Advanced Log Search

The SolarWinds Threat Monitor offers high-speed log search which can be of great help for post-incident forensic analysis. The tool will rapidly normalize, search, and analyze thousands of logs to help understand the nature of threats and attacks.

Automated Responses

This is another super-useful feature of the SolarWinds Threat Monitor. It helps you react faster by setting the system to automatically respond to threats. You can, for instance, automate intelligent action steps to help remediate security incidents, reducing the need for constant user interaction. This feature gives you a sort of set-and-forget advantage. It might require some extra configuration but your efforts will be well-rewarded when a security event is automatically addressed—and resolved—by the system.

Alarm Engine

Nobody—not even Managed Service Providers—want to spend much time sitting in front of a dashboard, waiting for something to happen. This is where the tool’s Alarm Engine can come in handy. It will let you set rules to help make sure you receive only relevant alarms. The SolarWinds Threat Monitor was designed from the ground up to alert you to only relevant threats. It will distinguish benign activity based on user-configured thresholds and rules and ignore it. In addition, the system will help you identify and summarize important events.

SolarWinds Threat Monitor - Alarms

Compliance Reporting

Many of your clients must be subject to various regulatory compliance requirements. Even your organization, as a Managed Service Provider, might be. The SolarWinds Threat Monitor can help you simplify your compliance efforts—and your clients’—with detailed reports. You can start with some of the many pre-built report templates which are available on the system or create and/or customize your own reports to help with your efforts in passing regulatory and compliance audits

Custom Branding

While this might not be the most useful feature of this platform, it certainly is one of the coolest. It allows you to custom-brand the tool’s interface with your own corporate image and logo. This is a simple measure but it goes a very long way into making your organization’s professionalism stand out.

Even more important than the custom branding of the tool’s user interface, the feature is also present in the tool’s reporting engine. This lets you deliver professional-looking reports that emphasize your organization’s service rather than the tool it’s using. It also helps reinforce the value of your services.

Log-Event Archive

Not all security events are of short duration. Some will last a rather long time and sometimes leave a trail of evidence. The SolarWinds Threat Monitor will archive log events for up to one year. This lets you easily view threats over time to help identify and troubleshoot short-term issues, spot patterns and longer-term trends so that you can begin forensic investigations after a breach.

Benefits For Your Business

Reduce Noise With Centralized Security Monitoring

As you are probably aware, there’s simply no silver bullet in cybersecurity. Any security strategy worthwhile requires an all-encompassing approach. This can present a challenge, however. As the security tools you need to manage increase, so does your overhead. The SolarWinds Threat Monitor was designed to give you a central command hub to help you monitor for threats, respond to them, and generate reports from anywhere at any time

Cover Your Customer Base With A Multitenant Solution

As a managed security service provider, your security solution must be able to handle multiple customers at multiple locations. The SolarWinds Threat Monitor was built from the ground up with managed security service providers in mind, helping you seamlessly cover your customer base from a single, centralized dashboard.

Reinforce Your Value With Custom Branding

What your customers need from you is to keep them secure. Yet, one of the challenges with cybersecurity is that when you do your job well, customers don’t hear from you often. The SolarWinds Threat Monitor was designed to help remind your customers of your value by enabling you to custom-brand the tool’s interface and its reports.

Onboard New Customers Quickly With Simple, Scalable Deployment

It shouldn’t take you too long to set up a threat monitoring solution. And when you want to expand your business, onboarding should also be quick and hiccup-free. The SolarWinds Threat Monitor was built to be easy for Managed Security Service Providers of all sizes to set up and to scale. In a nutshell, the tool is automated threat hunting that’s designed to accommodate both your and your customers’ growth.

Licensing and Pricing

Pricing for the SolarWinds Threat Monitor starts at $4 500 for up to 25 nodes with 10 days of index and goes up from there based on the number of nodes and retention period. You can contact SolarWinds for a detailed quote customized to your specific needs. And if you prefer to see the product in action, you can also request a free demo from SolarWinds.

Bottom Line

The SolarWinds Threat Monitor was designed to hunt threats and automatically correlate logs in real time from your customers’ ecosystems, analyzing them against multiple sources of continuously updated threat intelligence. It was created by a Managed Security Service Provider for Managed Security Service Providers and for any security-minded service providers.

The platform was built from the ground up to be fast, scalable, flexible, and most of all, to deliver efficiency when dealing with security events. Threat intelligence, alarms, and log correlation work, via a set of multi-conditional rules, helping remove noise and providing actionable notifications in real time. Extensive alerting keeps you ahead of threats and comprehensive reporting helps meet compliance requirements.

For a Managed Security Service Provider or a Managed Service Provider looking to grow their business, SolarWinds Threat Monitor is the cloud-based platform that can help you detect, respond to, and report on security events for your customers’ networks. In simpler terms, it gets the job done and this is what is most important.

Read SolarWinds Threat Monitor – REVIEW 2019 (Advanced Threat Detection and Monitoring) by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

7 ways to improve the security of a Linux server

For a long time, Linux has had a reputation of security through obscurity. Users had the advantage of not being the primary target of hackers and didn’t need to worry. This fact is no longer valid, and in 2017 and 2018, we saw large swaths of hackers exploiting Linux bugs and glitches, finding tricky ways to install malware, viruses, rootkits and more.

Because of the recent flood of exploits, malware and other bad things hurting Linux users, the open source community has responded by beefing up security features. Still, this isn’t enough, and if you’re using Linux on a server, it’s a good idea to look at our list and learn ways you can improve the security of a Linux server.

1. Make use of SELinux

SELinux, AKA Security-Enhanced Linux is a security tool that is built into the Linux kernel. Once enabled, it can easily enforce a security policy of your choosing, which is a must for a rock-solid Linux server.

Many RedHat-based server operating systems come with SELinux enabled and configured with pretty good defaults. That said, not every OS out there supports SELinux by default, so we’ll show you how to turn it on.

Note: Snap packages require AppArmor, an alternative to SELinux. If you choose to use SELinux, on certain Linux operating systems, you may not be able to use Snaps.

CentOS/Rhel

CentOS and RedHat Enterprise Linux both ship with the SELinux security system. It is pre-configured for good security, so no further instructions are needed.

Ubuntu server

Ever since Karmic Koala, Ubuntu has made it very easy to enable the SELinux security tool. To set it up, enter the following commands.

sudo apt install selinux

Debian

Just like on Ubuntu, Debian makes it very easy to set up SELinux. To do it, enter the following commands.

sudo apt-get install selinux-basics selinux-policy-default auditd

After you’re done installing SELinux on Debian, check out the Wiki entry on the software. It covers a lot of need-to-know information for using it on the operating system.

SELinux manual

Once you’ve got SELinux working, do yourself a favor and read up on SELinux manual. Learn how it works. Your server will thank you!

To access the SELinux manual, enter the following command in a terminal session.

man selinux

2. Disable the Root account

One of the smartest things you can do to secure your Linux server is to shut off the Root account, and only use Sudoer privileges to accomplish system tasks. By shutting access off to this account, you’ll be able to ensure that bad actors cannot get full access to the system files, install problematic software (like malware), etc.

Locking the Root account on Linux is easy, and in fact, on many Linux server operating systems (like Ubuntu) it’s already shut off as a precaution. For more information about disabling Root access, check out this guide. In it, we talk all about how to lock Root account.

3. Secure your SSH server

SSH is often a serious weak point on many Linux servers, as many Linux admins prefer to go with the default SSH settings, as they’re easier to spin up, rather than taking the time to lock everything down.

Taking small steps to secure the SSH server on your Linux system can mitigate a good chunk of unauthorized users, malware attacks, data theft and a lot more.

In the past on Addictivetips, I wrote an in-depth post all about how to secure a Linux SSH server. For more information about how to lock down your SSH server, check out the post here.

4. Always install updates

This seems like an obvious point, but you’d be surprised to learn how many Linux server operators forgo updates on their system. The choice is understandable, as every update has the potential to screw up running applications, but by choosing to avoid system updates, you miss out on security patches which fix exploits and bugs that hackers use to breech Linux systems.

It’s true that updating on a production Linux server is a lot more annoying it will ever be on the Desktop. The simple fact is that you can’t just stop everything to install patches. To get around this, consider setting up a planned update schedule.

To be clear there’s no set science on update schedules. They can vary depending on your use case, but, it’s best to install patches weekly, or bi-weekly for maximum security.

6. No third-party software repositories

The great thing about using Linux is that if you need a program, so long as you’re using the right distribution, there’s a third-party software repository available. The problem is that a lot of these software repos have the potential to mess with your system, and malware regularly shows up in them. The fact is, if you’re running a Linux installation dependent on software coming from unverified, third-party sources, problems are going to happen.

If you must have access to software that your Linux operating system doesn’t distribute by default, skip the third-party software repositories for Snap packages. There are dozens of server-grade applications in the store. Best of all, each of the apps on the Snap store receives security audits regularly.

Want to learn more about Snap? Check out our post on the subject to learn how you can get it going on your Linux server!

7. Make use of a firewall

On a server, having an effective Firewall system is everything. If you have one set up, you’ll avoid a lot of the pesky intruders that you’d otherwise come into contact with. On the other hand, if you fail to set up an effective Firewall system, your Linux server will suffer severely.

There are quite a few different firewall solutions on Linux. With that in mind, some are easier to understand than others. By far, one of the simplest (and most effective) firewalls on Linux is FirewallD

Note: to use FirewallD, you must be using a server OS that has the SystemD init system.

To enable FirewallD, you’ll first need to install it. Launch a terminal window and enter the commands that correspond with your Linux operating system.

Ubuntu server

sudo systemctl disable ufw
sudo systemctl stop ufw
sudo apt install firewalld

Debian

sudo apt-get install firewalld

CentOS/Rhel

sudo yum install firewalld

With the software installed on the system, enable it with Systemd.

sudo systemctl enable firewalld
sudo systemctl start firewalld

Conclusion

Security issues are more and more common on Linux servers. Sadly, as Linux continues to get more and more popular in the enterprise space, these issues are only going to be more prevalent. If you follow the security tips on this list, you’ll be able to prevent a majority of these attacks.

Read 7 ways to improve the security of a Linux server by Derrik Diener on AddictiveTips – Tech tips to make you smarter

How to integrate Thunderbird with Tor on Linux

Want to secure the emails you send on Linux through the Mozilla Thunderbird app? Thanks to the Torbirdy extension, you can! Torbirdy works well on Linux and is an excellent add-on for those looking to secure their email and route it through the Tor network when using Thunderbird. Today, we’ll show you how to install the extension and use it to integrate Thunderbird with Tor. We’ll also go over how to set up the Tor browser bundle on Linux.

Note: in this guide, we work extensively with the Thunderbird email client on Linux. If you don’t already have the application set up on your Linux PC, visit this page on Pkgs.org to get it going.

Use a VPN with Thunderbird and Torbirdy

Tor is the leading privacy-first system for those that care about avoiding censorship and persecution from governments, etc. With that said, Tor isn’t always the safest thing, so it’s a good idea also to use a VPN with the service.

Contrary to popular belief, it’s safe to use a VPN while connected to the Tor network.In fact, we’ve covered how to do that on Addictivetips in the past in this post.

ExpressVPN takes the top spot as the best VPN reviewed by our security experts. It works well on Linux and has an excellent client for download. Better still, they offer fast download speeds with 256-bit AES encryption and perfect forward secrecy across 94 different countries. Also, they have an exclusive offer for AddictiveTips readers: 3 months free on the annual plan, a 49% discount.

Install Tor browser bundle

The Torbirdy extension for Mozilla Thunderbird doesn’t provide a way to connect to the Tor network on its own, and it probably won’t be able to any time soon. So, before you can use the extension, you must first download and install the Tor browser bundle for Linux.

When installing Tor on Linux, you should always get it directly from the project’s website. They have a complete bundle that is easy to get going. Don’t be tempted to grab it from your distro’s repository; it won’t be as easy to configure.

To download the latest Tor bundle, head over to the download page on the website. Once there, look for the GNU/Linux column and download the TarGZ archive for either 32-bit or 64-bit. Then, when the file is done downloading, launch a terminal window with Ctrl + Shift + T or Ctrl + Alt + T.

In the terminal window, move the session from your home directory (~/) to the new ~/Download folder.

cd ~/Downloads

Then, once in the folder extract the Tor browser bundle using the Tar command.

tar xJvf tor-browser-linux64-*_en-US.tar.xz

or

tar xJvf tor-browser-linux32-*_en-US.tar.xz

When the extraction is done, use the mv command and move the Tor browser files from the download folder to a better location (such as ~/Documents).

mv tor-browser_en-US ~/Documents

Finally, close the terminal window and open up your file manager. Once it’s open, click on “Documents,” then “tor-brower_en-US.”

Inside the Tor browser folder, double-click on start-tor-browser.desktop to launch the connection tool.

In the Tor browser connection tool, use the UI to log into the Tor browser. Be sure to do this each time BEFORE accessing Thunderbird via Torbirdy.

Get Torbirdy on Thunderbird

Getting Torbirdy is just like installing any other add-on into Thunderbird. To get it working on your setup, launch the Thunderbird email application. Then, click the menu and click “Add-ons,” followed by “Add-ons” to launch the extension area.

In the extension area of Thunderbird, look for “Get Add-ons” and select it with the mouse. Selecting the “install” button will take you to the official Mozilla Thunderbird extension page.

Make your way to the “Up & Coming menu” and click the “see all” button to get to the search page.

On the search page, type in “Torbirdy” and press the enter key. Click the “Add to Thunderbird” button to add it to the app.

Click the icon that appears on screen in Thunderbird and read the message. It’s a warning about installing the extension.

When you’ve gone over the warning, click the “Install” button and add Torbirdy to your Thunderbird client. Then, go back to the add-on manager via Add-ons > Add-ons in the menu and click the “Restart” button that appears under the Torbirdy extension.

After the Thunderbird Email client re-launches, ensure that the Tor connection software tool is running and connected to the network. Assuming it is, you’ll be able to send your emails directly over the Tor network.

Remove Torbirdy

Don’t like using the Torbirdy extension? You can remove it just as easy as it was installed! To do it, go to the extension menu. Then, locate Torbirdy in the app list.

Once you’ve found the app in the list, click the “Remove” button to uninstall the extension. Alternatively, disable the extension by clicking “Disable”.

Read How to integrate Thunderbird with Tor on Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

How to disable security questions on Windows 10

Losing the password to your desktop system is never good. With desktop systems, it’s important that a password isn’t easy to reset. This is great if you want to keep your system secure, but not so great if you’ve forgotten your password. To get around this, Windows 10 allows users to set security questions for recovering a forgotten password for local accounts. This may not be the greatest or the safest way to recover your password. If you want to disable security questions on Windows 10, you can.

This trick was covered by Lifehacker and it uses a simple PowerShell script to get the job done.

Disable security questions

Download the PS1 file from this Github repository. Save it to a separate folder. Don’t just leave it on your desktop or in your Downloads folder.

After you download the file, open PowerShell with admin rights. Use the CD command to move to the folder that you downloaded the PowerShell file to.

Once you’re in the folder, run the following command to disable security questions.

Update-AllUsersQA

This script can run with one parameter; -answer. The syntax is as follows;

Update-AllUsersQA -answer SecretAnswer

You will need to replace SecretAnswer with an answer of your own choice and that will set the same answer for all questions.

If you need to enable security questions again, the script doesn’t give you a direct way to do it. The first command listed above will disable the feature and any time you try and set a security questions, you will get a message telling you that the feature has been disabled. To enable it again, run the command with the -answer parameter. Use it to set the same answer to all questions and then go to the Settings app to change the answer to the questions. You can change the security questions from Account>Sign in options. Click the Change button under password and you will get an option to change the answer to your security questions.

This will not work for user accounts connected to your Microsoft account. The security questions are only available for local users since they have no other way to recover a forgotten password. Users who have forgotten their Microsoft account password can reset it from the Microsoft website using either their phone number or their email to recover it.

Be warned that if you disable security questions on Windows 10 and later forget your password, you will make it harder on yourself to get back into your system.

Read How to disable security questions on Windows 10 by Fatima Wahab on AddictiveTips – Tech tips to make you smarter