Blog

Second Factor Tokens are a Pain. So Why Use them?

The other day I had an interesting conversation with a friend.

 

Their bank had just told them they had to add their phone number to their bank account.

 

This was in order for the bank to send them a text message with a code to their phone to input along with their password, every time they logged in to the bank via the web or a mobile device.

 

What are Second Factor Tokens?

You may have seen this before. Second Factor tokens can also be called a one-time-password, 2-Step Verification, or Two Factor Authentication (2FA).

 

Second-factor tokens are a part of Multifactor authentication – a way of confirming you are who you say you are when you log in. It requires you to provide two (or more) pieces of evidence (commonly called factors) to prove it is really you. The two pieces of evidence have to be two of these three: something that you know, something that you have in your possession and something that you are.

 

If you haven’t guessed it yet, your password normally qualifies as something that you know and is your first factor. Second-factor tokens provide evidence for something in your possession and are normally your second factor.

 

These tokens can range from physical devices you have to plug into your computer or place near your computer, to numerical codes (obtained from an app or physical device resembling a key fob) that you enter after your username and password.

 

There are even some newer solutions don’t even give you a code at all.. they just prompt you to approve or deny a request to login via an app on your phone.

 

They don’t exactly make things easier

Not surprisingly, they were not very happy about this change.

 

Multifactor Authentication means an extra step and more things you need to keep track of and worry about when logging in.

 

They almost seemed as if they were telling me about this, expecting me to take their side.

 

To say “of course how could the bank do that horrible thing?!”

 

But do you know what I did?

 

I said, “that’s great!”

 

They were so shocked!

 

While I had to agree with them that the codes are annoying, the thing is, they are very effective.

 

For those who don’t use these one-time codes often, or if they’re completely new,

 

  • they can be very annoying and frustrating, as they’re one more thing you have to deal with
  • If they send the code to your phone, and you don’t have your phone, it presents another problem
  • If you’re not technologically savvy, it’s one more piece of technology to deal with.

 

So what exactly is the purpose of using them?

If they’re so annoying, then what is the purpose of using them? How are they different than the security questions we already use? Why can’t we just continue using the security questions?

 

In short, because passwords alone just aren’t good enough anymore on their own and with the amount of information we share on social media, security questions are just too easy to guess.

 

Not everyone uses long and complex passwords, and even if you’re someone who does there is still the possibility of your password being compromised in a breach.

 

A second-factor token helps in that if your password is compromised, knowing your password alone isn’t enough information for an attacker to login to your account. They still need the code you have, or for you to tap the “approve” button on your app.

 

So while this whole second-factor authentication thing might seem like a nuisance, its actually meant to help you secure your logins better.

 

Second Factor tokens still aren’t completely foolproof.

Although, like other things,second-factor tokens aren’t a silver bullet. For example, if you receive a code via a text message, someone could impersonate you to your cell phone provider. Doing this, they can obtain a new SIM card that has your phone number tied to it. Then a request is made for the code and because they now control your phone number, it’d be sent directly to them instead of you.

 

Of course, your information on the service is only as secure as the security the service has in place. Even if your password is top-notch and you use second-factor tokens, your information can still be compromised if the service itself is compromised.

 

Still, these types of codes do provide much more security for your login than a password alone.

 

Speaking of passwords…

While second-factor tokens do help, it doesn’t mean you can become lazy with your passwords. Long, complex and strong passwords are still important!

 

If you’re struggling with creating long and strong passwords and remembering them, we have a few tips for that: Two Simple Tips to Remembering Passwords

 

How do I get a second-factor token?

Unfortunately, second-factor tokens aren’t something you can just get for yourself. Multifactor authentication and second-factor tokens have to be supported and by whatever service you’re logging into and does take a bit of setup.

 

However, more services these days do support some type of two-factor authentication. The website at twofactorauth.org maintains a list of many services which support multi-factor authentication and second-factor tokens.

 

To find out if your service does support second-factor tokens, try looking in their help documentation. If all else fails, reach out to the company and ask! They may also be able to provide some instructions for how to set it up, too.

 

Long story short…

While second-factor tokens may seem like a nuisance, they are actually meant to help. They can help username and password become stronger and more resilient to hacks and data breaches.

 

However, while they do add to the password you already use, they should be used as a compliment. Not as a replacement to your password.

 

Do you have second-factor tokens setup for all your logins?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

10 Tips for Being Back to School Cyber Secure

Back to school is almost here!

 

You know that that means – friends, textbooks, and late night study sessions, to start.

 

But did you also know It also means more devices, new accounts, and even more screen time?

 

Online security may not be the first thing you think of when it comes to back to school. However, with more students carrying laptops and more tech finding its way into the classroom, it’s becoming even more important to review how we protect the digital lives of ourselves and our families.

 

Even if you or your family aren’t heading to grade school or college, the beginning of a new school year is a great time for a cybersecurity refresher for the whole family. A refresher will make extra sure you’re still being cyber secure in your current digital lives and with all those extra devices and accounts you’ve collected so far this year.

 

To help you with that refresher, below are some tips to get you and your family ready for the school year.

 

Ensure your computer and devices have updated security software

The more out-dated software you have, the more holes available for viruses, malware, and other unfriendly things have to compromise your computer and devices.

 

Ensure that you’ve updated all the software on your computer and all your devices. This includes not just their operating systems but those apps too!

 

It’s also a good idea here to remove any software and apps that you no longer use and any data that they might contain.

 

Be careful with your purchases

When purchasing new computers, devices and software be wary of used items and online offers that seem too good to be true.

 

Used computers and devices purchased from sites like Kijiji or eBay could possibly come with malware and viruses pre-installed. It’s a good idea to wipe or do a factory reset on any used device you may receive.

 

Online offers that seem too good to be true could be adware, malware, a scam, or a hook to get your personal information.

Backup your stuff

As I am sure you’ve also heard, it’s important to back up all the data you have frequently.

 

What you probably haven’t heard, it’s important to go further than just one backup! Have at least two different copies of your backup on two different media formats. That way you will have no problems recovering if one of the media formats ends up becoming damaged or corrupt.

 

Pro Tip: Create a third copy of your backup. Store that copy in a secure location away from wherever the other two copies of your backups are stored.

 

Then, if something happens to the location the other two copies are stored (fire, flood, hurricane, etc.), you still have a copy to recover from.

 

Lock it up or take it with you

With people moving about on campus all the time, it doesn’t take long for a computer or device to go missing.

 

If you’re going to leave a laptop or device unattended, make sure you lock it up with both a physical lock (such as a laptop lock) and either shut it down or lock the screen.

 

Even better yet, take the laptop or device with you! If you always pack up your laptop and devices and take them with you, then you know they are safe and secure.

 

Encrypt, encrypt, encrypt!

If your computer or devices are stolen or accidentally lost, then all the data on them is lost as well and could potentially be in the hands of someone you wouldn’t want to have it.

 

One way to lower the risk of your data falling into the wrong hands in this situation is to ensure you’ve encrypted everything you have which will support it. This includes your computer, devices, and removable media.

 

Encryption helps because if your devices are encrypted and are lost or stolen, your data can not be easily accessed.

 

One thing important thing to remember here: If you lose your encryption keys, your data is lost forever. It’s important to do your research and understand exactly how encryption works for your devices before you encrypt anything.

 

Create or update the passwords for your computer, devices and online accounts

As I’m sure you’ve been told, using the same password for everything is never a good idea. Take this time to create new, unique passwords for computers, devices, and online accounts.

 

Ensure these passwords are long and strong and complex.

 

Pro Tip: If you have a hard time remembering passwords and shudder at the thought of creating a new one, try using a password manager. It’s a piece of software that securely stores all your passwords, and then all you have to remember is the one password to open the password manager. Simple!

 

Enable multi-factor for everything that supports it

 

More and more online services are starting to support multi-factor authentication. This adds an additional layer of security to your account by requiring you to provide something extra in addition to your username and password to login. Usually, this is in the form of a code or fingerprint.

 

Enabling multi-factor means that even if someone manages to get your username and password, they can’t login to your account without the additional factor, which you still have.

 

However, this doesn’t mean you can become complacent with your passwords… Strong and unique passwords are still important!

 

Watch your shoulders

On crowded campuses and packed buses, be conscious of who is around you and who might be watching your screen.

 

Someone watching your screen over your shoulder is actually called “Shoulder Surfing”.

 

Its when someone watches over your shoulder to steal valuable information from you as it is displayed on your screens such as your passwords, PIN numbers or credit card numbers.

 

The person who now knows tour information can use it for whatever they wish, including stealing your accounts, draining your bank accounts, or stealing your identity.

 

Be careful using public WiFi

Public WiFi should always be treated as an insecure network, just like the Internet no matter who is providing it and no matter whether it is password protected or not. You never know how its configured, and who might be watching or intercepting what you’re doing on that WiFi.

 

It’s a good idea to never access or share any type of personal or financial information over public WiFi. If you can, refrain from also accessing anything that requires a username and password in case your credentials might be intercepted.

 

If you do need to access or share any personal or financial information and you’re out and about or traveling, consider using a VPN (Virtual Private Network) service or a mobile hotspot on your phone, or a standalone hotspot device.

 

Be careful what you share

An innocent selfie or comment can reveal much more than you intended. Be careful not to over-share or share too much personal information.

 

Also, consider what you’ve shared in the past. One piece of personal information might seem innocent enough, but sharing a different piece many times often leads to the formation of a picture of your identity and location.

 

Another good thing to remember is that it’s not always possible to remove things from the Internet. It is entirely possible that a post or share today can affect your reputation tomorrow.

 

How to detect phishing emails

Phishing emails are emails attackers send which are designed to entice you to click a link or download an attachment. Once you’ve clicked or downloaded, one or both of two things can happen. You are enticed to give up personal or financial information, or malware is installed on your computer without your knowledge.

 

Whenever you’re checking your email, remember to check for some of the indications of a phishing email:

  • Fact Check

If the email seems like it is completely out of the blue, it very well might be a scam.

  • Check the “From” Address

Ask yourself: does it make sense that I’d receive an email from this address? Have I received an email from this address before?

  • Bad grammar and spelling

Is the email is full of bad grammar and spelling? Especially if it comes from a business, then this might be a phishing email.

  • A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords. If you’re not expecting a link, or it looks weird, don’t click it!

  • A sense of immediate urgency

Spammers want you to act without thinking. They want you to feel like there is no time to do anything but to do as they ask. Take a moment to think if the threat is practical.

  • It sounds too good to be true

If it sounds like it might be too good to be true, it probably is.

  • Trust your gut

If all else fails and you’re not too sure, or if it just feels “off”, then Don’t open the email. Don’t click on any links and don’t open any attachments.

 

Read more about detecting Phishing emails: Email Looking a Little Phishy? 7 Things to Look For…

 

Back to School might be stressful, but staying back to school cyber secure shouldn’t have to be! Putting these tips into practice and creating some new habits are all it takes to be safe and secure all year long.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

7 Tips to Blog Safely and Keep Yourself Safe

I know what you’re thinking – blog safely?!

 

I know, but no matter whether your blog is your main focus or a side project for fun, or to market your business,  it’s still a blog.

 

And it’s really easy to not take care and disclose a little too much.

 

When I sit down to write a blog article, these are the seven items I keep in mind to make sure I’m running my blog safely.

 

Double check your posts

Read it out as if it’s going to be printed in the local newspaper, including looking at the pictures. Does it give out too much personal information about you?

 

One key thing here is to not just look at the text, but the pictures and videos as well. Are your address or full name and phone number on a piece of paper? How about unique landmarks on your street and your street number?

 

Do you really need to use your full name?

Nowadays where it’s really easy to plug someone’s name into an online database and retrieve way more information that they ever intended to reveal, consider whether you really need to use your full name.

 

It’s completely acceptable to blog anonymously, there isn’t anything saying you have to use your real name. Consider if you can use only your first or even a pen name?

 

Don’t give out your address

 

If you really want to receive fan mail, or you review products that are sent to you, then rent an address. You can do this with a P.O. box, or with many other services that allow you to rent the use of their address and will happily receive mail and packages on your behalf

 

Be careful with location services

Many apps use your location for various things. Don’t use apps that broadcast your location in connection with your blog.

 

Make sure location services are turned off for apps that have an option to add your location, such as Instagram or Twitter.

 

Do you post photos as part of your blog? You still can, but make sure your camera isn’t tagging the photos with your location!

 

Being careful with your location ensures that nobody can show up unannounced, especially those with not so good intentions.

 

Set some boundaries

I know you want to share as much as you can with your audience. It helps with authenticity, legitimacy and makes your readers feel they know you.

 

However, if you share too much there is always the chance of someone connecting the dots.

 

You should set some boundaries – what topics are OK to talk about on your blog, and what are off limits – like family, children, the street you live on, etc.

 

Consider blog safety offline

When you’re writing your blog, always consider if you really need to share details about your life and location. It may only be one piece of information that is seemingly harmless this blog post, but what about after many blog posts? The picture of your identity or where you are becomes that much more clear with every piece of information revealed.

 

This Week’s Challenge

Have a look at what you’ve posted online in the last while. How easy would it be for someone to find you in the real world?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

How Much of Your Information Is Too Much?

So, you happened to find some of your information on a website which you didn’t give it to.

How did it get there? Were you hacked? Is someone stealing your mail?

They may not have gotten the information directly from you, although believe it or not, you still may have had a hand in them getting it.

Many of the websites out there that you may stumble upon with what seems like a treasure trove of your personal information are websites that collect or aggregate information about people to mine it for valuable statistics or sell access to it.

Let’s look at three of the ways these websites and companies normally obtain their information on you, and other people:

Public Records Databases

Believe it or not, in North America when you buy a house, get a mortgage, get married, etc. The government collects information about you and keeps it in publicly available databases.

With the advent of the Internet, many of these databases are now accessible online. Since the data is freely available, these websites can scoop it easily.

Purchased from 3rd Parties

Even with our society becoming more privacy-aware, there still are websites and apps that sell the personal information they collect about their users to other parties as an additional revenue stream.

Sometimes its just geographic information like how many people use their service from a certain country or demographic information like what the age ranges of their subscribers is, for example. Other times its the entire contents of your profile.

Scraping from Other Websites

Not all websites are above using “grey” methods to obtain the data they need. Some will simply copy and paste (called scraping) your information from other publicly available websites and even other record-collecting websites into their database.

Sounds a bit scary, right?

Don’t stress. A little due diligence can combat a lot of this. Here are a few things you can do:

Evaluate whether that website really needs all the information it’s asking you to provide you with the service you’re looking for?

Before you ever fill out any form online, check out the company first. Read their Terms of Service and Privacy Policy. Do they explain how they protect your information? Do they state they will not sell your information? Red flags should be going up if not.

If they need a ton of information, find reviews on the company. Are they reputable? Have they suffered a data breach recently? Do they have any other divisions or products which might make use of your information?

Nothing in life is free, every company needs money to survive. If it’s a free product or app, and they want a ton of information, be skeptical. An app shouldn’t ask for more information than required for you to use it. If they ask for more, and don’t indicate how they use your data, there is a good chance selling your information is their revenue stream. Even if it is “ad supported”.

Use your head when it comes to social media

If you don’t invest some time and effort into locking down your social media profiles, then they could be publicly accessible. Does the whole world need access to your social media profiles? If not, don’t give it to them.

Be careful of what you post. Even once you have adjusted all those privacy settings, don’t post any personal information in updates or posts. You never know when the company may change or remove privacy settings which can accidentally make your profile public, exposing all that information you’ve posted.

Check the Terms of Service, Privacy Policy and other policies of the social network. Who owns your posts or updates? If it’s not you, they could be selling them, or access to them. Believe it or not, you are not always the owner of the information you contribute to social networks!

Don’t post it at all

Ultimately, the best course of action to stop anyone from obtaining or using your personal information, is to simply not put it on the Internet. Of course, there are times when this isn’t possible and you do need to provide some personal information. In those cases, a little bit of due diligence can go a long way in keeping your information safe.

This Week’s Challenge

How do you decide which places to submit your personal information online? What do you do for your due diligence? Have you ever thought about locking down your social media profiles?

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

Is Free Stuff Really Free?

Today’s post is all about free stuff.

Free stuff you can find on the Internet, that is.

You can get almost anything for free on the Internet these days.

Sample products, domain names, subscriptions, even coffee and chequing accounts. Many whole websites and services are even free.

But is any of this free stuff really, truly, free? With no strings attached?

For the most part, NO!

Why? Well, at the end of the day someone has to pay for this stuff you’re getting for free.

There are costs associated with making the material, and then costs associated with putting that material on the internet for you to get. Which, depending on how substantial the material is, and how popular the place you’re getting it from is, the cost can be substantial.

Whatever it is you’re getting might be free as in you don’t have to open up your wallet and hand over some of your hard-earned cash, but you are still going to have tdo give up something in exchange for whatever you’re getting.

So, how does this work? Here are a few ways you might end up paying for the free stuff you get online.

The first one is..

 

Ad revenue

If you’re part of the generation that is used to sitting down to read the newspaper every day, you’re familiar with how all this started.

Ads are put up on the website and you have to put up with them while using whatever it is you came to use.

These ads generate revenue for the website every time you view a page on the website.

While most advertisements are fairly innocuous, advertising technology is quickly moving towards enhanced ways of figuring out what it is you like so they can show you ads for products and services you are most likely to buy.

You have to ask yourself here, is dealing with the ads worth it for what you’re getting? How about the possibility they may be tracking you?

The second is..

 

Giving contact information

A business needs customers, but nobody is going to freely give up their contact information and ask to be contacted about products and services they could buy, right?

I mean, how many phone calls have you picked up, discovered its a telemarketer on the other end and been excited about it?

One avenue for businesses to solve this problem is to give something away for free, in exchange for your contact information and your acceptance that they can contact you at a later date to advertise their products and services for you to buy.

Ever been asked online “to download this or that just enter your email address!” ?

This is exactly what is happening. In exchange for the free download, you’ve handing over your contact information.

The third is..

 

It could be a scam

I think its worth mentioning here, that if it sounds too good to be true, it probably is. As I mentioned above, its expensive to give away free stuff.

Ever get invited to a survey which claims that every participant that completes it will get an iPad? If that were true, not only would thousands of people complete the survey, but the company offering it would go out of business quickly due to the number of iPads they would need to purchase.

Next time you see something for free that just seems way too good, take a second and think to yourself: Is this too good? How does the company pay for this?

Lastly..

 

Giving Personal Information

The last way I wanted to highlight is similar to collecting contact information, however instead of just contact information, they ask for way more.

Ever seen an online quiz that needs to know your name, address, and income or a contest ballot that wants to know your address and occupation?

That kind of information that gets a little more personal than just how to contact you if you win.

 

Bottom line..

So, what I’m trying to get at in this episode is not to scare you and Im not saying that you shouldn’t give out information at all. I’m just saying that you should be careful to who and when you give it out.

While this may seem like nothing, the next time you enter your information for something free, consider these two things:

They could sell your information, or make it available to customers in some way, which means you could get even more unsolicited advertisements and emails from many third parties.
They could loose your information. Either through a hack or by accident, which means your information could get into the hands of a third party which could have sinister intentions.

Make sure that whichever company you’re giving it to is reputable and has some protections in place to protect the information you give them.

Not only that but consider if the information you’re providing is worth the benefit of whatever you’re getting in return.

Are they asking for your name, address, phone number, social status, salary and social insurance number all in return for a ballot for in contest, but the chances of winning are 1 in 50,000,000, for example?

Ask yourself if that much exposure is worth that chance of winning.

 

This week’s challenge

This week’s challenge is pretty simple. Think about everywhere you’ve submitted your information online in exchange for something free. Can you think of anywhere where it might have not been worth it? Going forward, is there anything you might do differently when it comes to giving up your information?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

Email Looking a Little Phishy? 7 Things To Look For…

Not sure how to detect phishing emails? Don’t worry! The people who create phishing emails and phishing scams can be very crafty. 

 

What are Phishing Emails and Phishing Scams?

“Phishing” starting with the P-H instead of an “F” is when a spammer, impersonating another person or an organization sends emails to people maliciously, in an attempt to trick them into doing things like:

  • Hand over usernames, passwords, banking details, or other information
  • download malicious files or viruses,
  • pay or transfer money through fake invoices, fake ransom requests, etc.

If the name sounds funny, thats because it is! It’s meant to be a play on the fact that spammers are trying to lure you in just like a fish so you’ll give them what they want.

Just like how you’d lure a fish into biting down on the hook you’re dangling in the water, a phishing email is meant to get you on a spammers hook.

To convince you that you really do have to give them your bank information, or enter your username and password.

But these types of attacks are really nothing to joke about.

They try to not only look as legitimate as they can, but also instill fear, curiosity and play on our desire to do the right thing.

The scary part is, these types of emails aren’t always that easy to detect!

Spammers like to craft their emails to impersonate popular online services and brands to get you to enter in your usernames or passwords and banking details.

 

How To Detect Phishing Emails

So, how to detect phishing emails? Here are 7 characteristics you can check for. These aren’t exhaustive, as spammers are always trying to change up their methods, but they are a good starting point.

 

Fact Check

Is this a company you actually do business with? Is this someone who you normally receive this type of email from? Did you actually order something for which you are expecting a confirmation?

If the email seems like its completely out of the blue, it very well might be.

 

The “From:” address

Check the from address carefully. Spammers often try to register domain names that look very similar to the organization they’re impersonating. Others will make the name look credible, but the email address its coming from will be something different.

Ask yourself: does it make sense that I’d receive an email from this address? Have I received email from this address before?

 

Bad grammar and spelling

If the email is full of bad grammar and spelling, then this should be a red flag.

Any email that comes from a corporate business will sound professional, and will have been checked for grammar and spelling multiple times before being sent out.

Also, now many corporations have either removed salutations altogether, or will greet you in a manner consistent with your region and with your proper name.

If your email starts with “Salutations user” and you don’t know anyone who would say that or “hello first [email protected]” or “Dear Member” this should be a red flag.

 

A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords.

If there is such a link in the email, hover your cursor over it but don’t click it!

This will show you the actual URL. If the URL displayed in the email is different than the URL that pops up when you hover your cursor over the link, its probably a phishing email.

In addition, if the URL that pops up doesn’t look quite right, it might not bew.

For example, is it a misspelling of the legitimate domain name, is it completely unrecognizable, or is the real domain name included in part of another domain name such as: realDomain.com.someOtherDomain.com?

If you see any if those examples, then it’s probably a phishing email.

 

A sense of immediate urgency

Spammers don’t want to wait around. Part of their game is the sense of urgency. They want you to act without thinking and feel like there is no time to do anything but to do as they ask.

Sometimes they’ll build this sense of urgency by saying that “Your account is going to be suspended” or “your free gift is going to expire” or “the authorities will be contacted”, or other threatening language.

Don’t fall for this game. Take a moment to think if the threat is practical.

In addition, most government agencies don’t use email as their first means of contacting you.

 

It sounds too good to be true

Did you win the lottery, but didn’t buy a ticket?

How about a long-lost relative that you’ve never heard of wants to give you millions of dollars?

Maybe that new smartphone you wanted is now 99% off?

If it sounds like it might be too good to be true, it probably is.

 

Trust your gut

If all else fails, and you’re not too sure, or if it just feels “off”, Don’t open the email, click on any links or open any attachments.

What do I do if I get an email that doesn’t seem right?

Check with the person or company who supposedly sent it if they actually did send it.

If its a company, call their customer service line or get to their website the way you normally do, and ask if the email you received was legitimate.

If its a person, call them on the phone or in another manner that you can verify you’re actually talking to them and not someone attempting to impersonate them.

But, don’t try to verify the email via a reply email.

If the attacker already has access to their inbox, it’s really easy for them to reply with “yes, of course it’s me!”.

 

This Week’s Challenge

This week’s challenge is to think about these characteristics and the emails you’ve received lately and see if these characteristics apply. Do you now know how to detect phishing emails and can you identify any which you have recieved lately?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

Two Simple Tips to Remembering Passwords

If you do a number of things online, then you usually have a number of passwords.

 

As I’m sure you have all experienced, this can sometimes be frustrating and annoying when you can’t remember the password you need for the specific place you’re trying to login.

 

You’ve probably also heard that you should be using a unique password for every login you have, which is true, but have you ever heard how to manage all those passwords?

 

Using multiple passwords is great, but it’s not going to happen if you can’t manage all those passwords.

 

Us as humans are instinctively going to choose whatever path makes life easier. If that means using one password instead of 10, or 10 really simple passwords instead of complex ones, many of us will take that tradeoff.

 

So, How can we make remembering passwords easier?

 

There are two tricks to doing this effectively:

  • Putting them all in one place, somewhere that isn’t your brain.
  • Putting them on a medium that works best for you.

 

Yup, that’s it.

 

Let’s break it down:

 

Putting them all in one place allows you to know where they all are, and have one thing to keep safe. If they were all in separate places, then you have to remember where those places are… And keep all those places safe… and then we’re back to square one.

 

Choose a medium that works with your life. There is nothing saying your passwords have to be stored on your computer. Or any electronic device for that matter. The idea here is that if remembering passwords isn’t severely routine-altering, and is something you can easily add to your day, then you’re more likely to stick with it.

 

So how can we put this into practice?

 

Here are a couple of examples:

 

Someone who is tech savvy, takes their phone everywhere, and is used to looking things up electronically should try a password manager.

 

This is a piece of software that lives on your computer or your phone which stores all your passwords. Then, you only need to remember one password to access the manager and select the password you want to use.

 

There is one catch though. If you forget the password to your manager, all your passwords saved in it are gone! You can’t get them back.

 

If you don’t work on a computer all day, or prefer to lookup information in books and references, try relatively low-tech idea. A notebook!

 

A few years ago I wouldn’t have ever suggested using a notebook, but it’s becoming a more appealing option just because its not digital. It can’t be hacked like a computer can.

 

A Word of Caution..

 

In using a notebook however, passwords should be written without an obvious reference to what site they’re for or the username that goes with them. This makes it difficult for anyone who finds your notebook to understand, hence making it more secure than just a notebook of usernames and passwords.

 

The notebook should also be hidden well, or even locked in a safe (if you happen to own one!).

 

And because I know someone will mention this: No, sticky notes on your monitor or under the keyboard are not OK!

 

Of course, at the end of the day its important to pick something that will work for you and that you can manage. If you write everything down in a notebook and then hide it so well you can’t find it, its not going to help much is it?

 

This Weeks Challenge

 

How do you remember all the passwords you need? If the answer to that question is by using only one password, then this weeks challenge is now that you know a few ways to keep track of multiple passwords, can you consider changing each password to being unique and using a password manager to keep track of them?

 

If you do use unique passwords then this weeks challenge is to consider how you could keep track of them. If you’re a rockstar already keeping track of them easily then consider taking them one step further and make them more complex! If you don’t understand what I mean about more complex, don’t worry. I’ll have another episode on complex passwords later on.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

People Need Cyber Security, Too

In this post I wanted to talk about why.

Not Why as in the meaning of life, but why as in why do we need cyber security?

With the whole world around us becoming more and more connected, the people who want to con us for their own benefit are becoming more and more sophisticated and what you need to do to be cyber secure is constantly changing.

 
They Target Whomever

There also isn’t any discrimination among who these people con either. They target whomever will help them fulfill their goals, regardless of whether that is a big business, a small business or individual people.

Because of this, everyone needs to learn not just how to install a firewall and antivirus, but how to think cyber secure so that as our connected world changes and evolves, you can change and adapt your cyber security to stand a better chance at keeping yourself and your information safe without becoming overwhelmed both at work and at home.

 

Everyone Should Think Cyber Secure

Though, through my own experience, it seems most people don’t know how to think cyber secure. This really shows in a Pew Research Survey done in 2016 (Click Here to have a look at the survey results at Pew Research). They asked 1,055 online adults 13 questions about cyber security. The typical respondent was only able to answer five.

 

This means that everyone needs a little help. Not everyone is going to be able to only answer two questions, but everyone might have one thing they aren’t completely sure about.

 

And that’s why I wanted to start this podcast and decided to call it Think Cyber Secure.

 

Follow Along With Us

If you follow along with me, my goal is to give you some actionable tips to not only be cyber secure today, but also  be cyber secure tomorrow and into the future by learning how to think cyber secure and how to adapt and shift as the cyber security world changes.

 
Today’s Challenge

How do you protect your computer and your information? See if you can find one area or opportunity that you think you might need to improve.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!

Introducing Think Cyber Secure

how to be cyber secure

Hello, and welcome to Think Cyber Secure!

Whether you’re an entrepreneur and business leader or someone who wants to learn how to be cyber secure, then this is the blog for you. 

We’re going to deconstruct and decode the world of cybersecurity and privacy to reveal the fundamentals of what you need to know so you can make smart decisions about what you do, where you go and what you post online.

We’ll be translating the geek-speak to provide real tips that you can use to protect yourself and your business from the threats out there today.

We started this website for two reasons.

The first is that with the rapid advancement of technology and digital transformation, our lives are becoming integrated with the Internet more and more every day.

This integration is making the Internet itself more of a real risk to us as individuals and businesses. The Imperva 2019 Cyberthreat Defense Report found that 78% of the organizations they surveyed were affected by a successful cyber-attack in 2018.

Just as we automatically assess and take care of our safety and security throughout our everyday real-world lives, we now need to do the same with our digital lives as well.

The second being that after working in cybersecurity and helping family and friends with their online security and safety, we’ve realized that not everyone knows what they need to do to protect themselves and their businesses. 

With those that know, they’re either overwhelmed or stick to the traditional advice, not adjusting that advice to their unique situations.

The goal

Our goal is to help you learn how to be cyber secure from a holistic perspective. To understand your digital security just like you know your real-world security. To make decisions safely and securely, no matter what you’re doing online.

Be sure to subscribe!

It’s going to be a great journey to make sure you stay with us, subscribe to our newsletter. We’ll be back with a new post every month.

Be sure also to find us on Facebook and LinkedIn.

Want to reach out? Not a problem, email using the contact page.

One more thing

There’s one more thing for you to do. Leave a comment below this post or send us an email and let us know what you want to hear. Do you have a topic you want us to tackle? Or a problem you’re having? Let us know!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

CLICK HERE TO SIGN UP!
Share via
Copy link
Powered by Social Snap