Don’t Let Your Connected Devices Ruin Your Holidays

Ah, December.

It’s the time of year when we go out and buy our friends, family and even ourselves (You know you’ve done it!!) brand new computers, phones, and *insert gizmo here*.

Connected devices, wearables, drones, and so many other tech gadgets are all making the holidays much more fun.

However if not configured or set up correctly, these devices could put your personal security and privacy at risk.  They could even expose important personal and financial information.

Default credentials

Many of these devices are shipped with default usernames and passwords. This means that the default username and password combination is well-known by the manufacturer, and support people. It may even be written in documentation posted on the Internet.

Yikes. Because of this, it is important to change the default password and even the username, if you can.

If the device will allow you to use a passphrase, then even better! This will prevent anyone from being able to access your device if someone gets on your home network, or if it accidentally gets connected right to the internet.

If your device also connects to the cloud or an online component (i.e. you log into the manufacturers’ website to use it) its a good idea to change this password as well!

Default configurations

Normally the default configurations these devices are shipped in, are ready for you to use immediately. This means that any barrier to the shortest setup-and-go has been turned off.

Often most security features may be turned off, or be optional. It’s a good idea to acquaint yourself with all the features of your new device – security and otherwise. Acquainting yourself will help in understanding what the implications to your personal security and privacy are when each one is turned on and off. Then make the decision on which ones to turn on.

Some devices will also include administration portals or some advanced network administration tools. If you don’t have any intent to use these, turn them off. This will ensure an attacker can’t use them.

Connected directly to the Internet

Most connected devices out there aren’t mean to be connected directly to the Internet.

It’s easy to assume that when you plug the cable into your Internet router or connect the device to your home WiFi that it is only accessible to your home network.

Have you ever actually checked?

It’s important to understand what the internet needs are for your device and make sure that your router and network is configured properly. Any extra port forwarding or other settings are removed if not required.

If your device is accidentally left accessible on the Internet it could be easily accessed or hacked. This could expose important personal and financial information, be used as a gateway to access or hack other devices or computers in your home, or be used as a staging ground to hack others.

Two things that can also be overlooked here. First, ensure you’re using a strong passphrase or password on your wireless network. A weak one will only put your connected devices (and everything else on your network) at risk.

Second, do not put your devices on a guest or public WiFi network. Where devices are concerned, these networks can be just as bad as the internet.

Cloud connectivity

Devices now often include some type of cloud connection capabilities within them. This capability could be for extra features, or at times is required to use the device.

When you have a device that includes cloud connectivity, it’s important to understand what information is being sent to the cloud. This is to ensure you know what it’s being used for and how it’s being protected.

If your device is collecting personal, location or other sensitive information and it isn’t protected well, there is a risk it could be lost in a breach.

Start by reading any manuals that came with the device, the manufacturer’s website and Terms of Service and Privacy Policy documents, to start.

Ensure other computers and phones are secure

Do you connect to your device via an app on your phone, or from your computer?

If an attacker can compromise your other computers, they can take advantage of them to then attack your connected devices.

Update your connected devices

Check if the manufacturer of your device releases software or firmware updates. If they do, update the software and firmware as often as possible.

Software and firmware are only as good as the humans who create them. It’s easy for humans to accidentally introduce errors and security holes while writing software. Because of this, when manufacturers find these errors, they normally create an update to fix the issue. Updating the software allows you to get these fixes and plug any holes that an attacker could use.

It also will ensure you have the latest set of security features. Sometimes additional features can be released after you’ve purchased the device.

Wrapping it up

Connected devices are becoming much more popular. Not only are they fun, but they can make life much easier. However, they need to be used smartly. If they also collect personal or sensitive information or are left unsecured, they could be putting your online security and privacy at risk.

Photo by Alex Knight on Unsplash

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!

Second Factor Tokens are a Pain. So Why Use them?

The other day I had an interesting conversation with a friend.

 

Their bank had just told them they had to add their phone number to their bank account.

 

This was in order for the bank to send them a text message with a code to their phone to input along with their password, every time they logged in to the bank via the web or a mobile device.

 

What are Second Factor Tokens?

You may have seen this before. Second Factor tokens can also be called a one-time-password, 2-Step Verification, or Two Factor Authentication (2FA).

 

Second-factor tokens are a part of Multifactor authentication – a way of confirming you are who you say you are when you log in. It requires you to provide two (or more) pieces of evidence (commonly called factors) to prove it is really you. The two pieces of evidence have to be two of these three: something that you know, something that you have in your possession and something that you are.

 

If you haven’t guessed it yet, your password normally qualifies as something that you know and is your first factor. Second-factor tokens provide evidence for something in your possession and are normally your second factor.

 

These tokens can range from physical devices you have to plug into your computer or place near your computer, to numerical codes (obtained from an app or physical device resembling a key fob) that you enter after your username and password.

 

There are even some newer solutions don’t even give you a code at all.. they just prompt you to approve or deny a request to login via an app on your phone.

 

They don’t exactly make things easier

Not surprisingly, they were not very happy about this change.

 

Multifactor Authentication means an extra step and more things you need to keep track of and worry about when logging in.

 

They almost seemed as if they were telling me about this, expecting me to take their side.

 

To say “of course how could the bank do that horrible thing?!”

 

But do you know what I did?

 

I said, “that’s great!”

 

They were so shocked!

 

While I had to agree with them that the codes are annoying, the thing is, they are very effective.

 

For those who don’t use these one-time codes often, or if they’re completely new,

 

  • they can be very annoying and frustrating, as they’re one more thing you have to deal with
  • If they send the code to your phone, and you don’t have your phone, it presents another problem
  • If you’re not technologically savvy, it’s one more piece of technology to deal with.

 

So what exactly is the purpose of using them?

If they’re so annoying, then what is the purpose of using them? How are they different than the security questions we already use? Why can’t we just continue using the security questions?

 

In short, because passwords alone just aren’t good enough anymore on their own and with the amount of information we share on social media, security questions are just too easy to guess.

 

Not everyone uses long and complex passwords, and even if you’re someone who does there is still the possibility of your password being compromised in a breach.

 

A second-factor token helps in that if your password is compromised, knowing your password alone isn’t enough information for an attacker to login to your account. They still need the code you have, or for you to tap the “approve” button on your app.

 

So while this whole second-factor authentication thing might seem like a nuisance, its actually meant to help you secure your logins better.

 

Second Factor tokens still aren’t completely foolproof.

Although, like other things,second-factor tokens aren’t a silver bullet. For example, if you receive a code via a text message, someone could impersonate you to your cell phone provider. Doing this, they can obtain a new SIM card that has your phone number tied to it. Then a request is made for the code and because they now control your phone number, it’d be sent directly to them instead of you.

 

Of course, your information on the service is only as secure as the security the service has in place. Even if your password is top-notch and you use second-factor tokens, your information can still be compromised if the service itself is compromised.

 

Still, these types of codes do provide much more security for your login than a password alone.

 

Speaking of passwords…

While second-factor tokens do help, it doesn’t mean you can become lazy with your passwords. Long, complex and strong passwords are still important!

 

If you’re struggling with creating long and strong passwords and remembering them, we have a few tips for that: Two Simple Tips to Remembering Passwords

 

How do I get a second-factor token?

Unfortunately, second-factor tokens aren’t something you can just get for yourself. Multifactor authentication and second-factor tokens have to be supported and by whatever service you’re logging into and does take a bit of setup.

 

However, more services these days do support some type of two-factor authentication. The website at twofactorauth.org maintains a list of many services which support multi-factor authentication and second-factor tokens.

 

To find out if your service does support second-factor tokens, try looking in their help documentation. If all else fails, reach out to the company and ask! They may also be able to provide some instructions for how to set it up, too.

 

Long story short…

While second-factor tokens may seem like a nuisance, they are actually meant to help. They can help username and password become stronger and more resilient to hacks and data breaches.

 

However, while they do add to the password you already use, they should be used as a compliment. Not as a replacement to your password.

 

Do you have second-factor tokens setup for all your logins?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!

7 Tips to Blog Safely and Keep Yourself Safe

I know what you’re thinking – blog safely?!

 

I know, but no matter whether your blog is your main focus or a side project for fun, or to market your business,  it’s still a blog.

 

And it’s really easy to not take care and disclose a little too much.

 

When I sit down to write a blog article, these are the seven items I keep in mind to make sure I’m running my blog safely.

 

Double check your posts

Read it out as if it’s going to be printed in the local newspaper, including looking at the pictures. Does it give out too much personal information about you?

 

One key thing here is to not just look at the text, but the pictures and videos as well. Are your address or full name and phone number on a piece of paper? How about unique landmarks on your street and your street number?

 

Do you really need to use your full name?

Nowadays where it’s really easy to plug someone’s name into an online database and retrieve way more information that they ever intended to reveal, consider whether you really need to use your full name.

 

It’s completely acceptable to blog anonymously, there isn’t anything saying you have to use your real name. Consider if you can use only your first or even a pen name?

 

Don’t give out your address

 

If you really want to receive fan mail, or you review products that are sent to you, then rent an address. You can do this with a P.O. box, or with many other services that allow you to rent the use of their address and will happily receive mail and packages on your behalf

 

Be careful with location services

Many apps use your location for various things. Don’t use apps that broadcast your location in connection with your blog.

 

Make sure location services are turned off for apps that have an option to add your location, such as Instagram or Twitter.

 

Do you post photos as part of your blog? You still can, but make sure your camera isn’t tagging the photos with your location!

 

Being careful with your location ensures that nobody can show up unannounced, especially those with not so good intentions.

 

Set some boundaries

I know you want to share as much as you can with your audience. It helps with authenticity, legitimacy and makes your readers feel they know you.

 

However, if you share too much there is always the chance of someone connecting the dots.

 

You should set some boundaries – what topics are OK to talk about on your blog, and what are off limits – like family, children, the street you live on, etc.

 

Consider blog safety offline

When you’re writing your blog, always consider if you really need to share details about your life and location. It may only be one piece of information that is seemingly harmless this blog post, but what about after many blog posts? The picture of your identity or where you are becomes that much more clear with every piece of information revealed.

 

This Week’s Challenge

Have a look at what you’ve posted online in the last while. How easy would it be for someone to find you in the real world?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!

Two Simple Tips to Remembering Passwords

If you do a number of things online, then you usually have a number of passwords.

 

As I’m sure you have all experienced, this can sometimes be frustrating and annoying when you can’t remember the password you need for the specific place you’re trying to login.

 

You’ve probably also heard that you should be using a unique password for every login you have, which is true, but have you ever heard how to manage all those passwords?

 

Using multiple passwords is great, but it’s not going to happen if you can’t manage all those passwords.

 

Us as humans are instinctively going to choose whatever path makes life easier. If that means using one password instead of 10, or 10 really simple passwords instead of complex ones, many of us will take that tradeoff.

 

So, How can we make remembering passwords easier?

 

There are two tricks to doing this effectively:

  • Putting them all in one place, somewhere that isn’t your brain.
  • Putting them on a medium that works best for you.

 

Yup, that’s it.

 

Let’s break it down:

 

Putting them all in one place allows you to know where they all are, and have one thing to keep safe. If they were all in separate places, then you have to remember where those places are… And keep all those places safe… and then we’re back to square one.

 

Choose a medium that works with your life. There is nothing saying your passwords have to be stored on your computer. Or any electronic device for that matter. The idea here is that if remembering passwords isn’t severely routine-altering, and is something you can easily add to your day, then you’re more likely to stick with it.

 

So how can we put this into practice?

 

Here are a couple of examples:

 

Someone who is tech savvy, takes their phone everywhere, and is used to looking things up electronically should try a password manager.

 

This is a piece of software that lives on your computer or your phone which stores all your passwords. Then, you only need to remember one password to access the manager and select the password you want to use.

 

There is one catch though. If you forget the password to your manager, all your passwords saved in it are gone! You can’t get them back.

 

If you don’t work on a computer all day, or prefer to lookup information in books and references, try relatively low-tech idea. A notebook!

 

A few years ago I wouldn’t have ever suggested using a notebook, but it’s becoming a more appealing option just because its not digital. It can’t be hacked like a computer can.

 

A Word of Caution..

 

In using a notebook however, passwords should be written without an obvious reference to what site they’re for or the username that goes with them. This makes it difficult for anyone who finds your notebook to understand, hence making it more secure than just a notebook of usernames and passwords.

 

The notebook should also be hidden well, or even locked in a safe (if you happen to own one!).

 

And because I know someone will mention this: No, sticky notes on your monitor or under the keyboard are not OK!

 

Of course, at the end of the day its important to pick something that will work for you and that you can manage. If you write everything down in a notebook and then hide it so well you can’t find it, its not going to help much is it?

 

This Weeks Challenge

 

How do you remember all the passwords you need? If the answer to that question is by using only one password, then this weeks challenge is now that you know a few ways to keep track of multiple passwords, can you consider changing each password to being unique and using a password manager to keep track of them?

 

If you do use unique passwords then this weeks challenge is to consider how you could keep track of them. If you’re a rockstar already keeping track of them easily then consider taking them one step further and make them more complex! If you don’t understand what I mean about more complex, don’t worry. I’ll have another episode on complex passwords later on.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!