Passwords - "What are they good for? Absolutely nothing."
(with apologies to Edwin Starr and Elaine Benes)
Over these last few days, I have received a bunch of calls from people that thought they had gotten hacked (they hadn't - just an annoying advertising pop-up window in their web browser), those that weren't sure if they got hacked (some did, some didn't) and some that were definitely hacked and they knew it and so did their email provider, social media accounts and financial services partners. I sat down and created a list of potential techniques that would help protect the average user. I use these techniques myself and I feel pretty safe, although you are never truly 100% protected as you always need to be vigilant in guarding access to your information.
- Most Importantly: Have different passwords for all of your accounts. Laziness breeds hacking simplicity. You gotta use different passwords. There's definitely a 1 to MANY relationship to getting in trouble. (Yes, I took a SQL class in college. Yes, I went to college.) A single hacker will hack a provider (let's call out Yahoo since when Verizon was doing their due diligence, Yahoo sheepishly announced that they had been hacked not once but twice). That hacker, once they have acquired login information for several million people, you included, will post that database to the dark web (symbolically, the dark web is a gigantic white board in a conference room that's on a floor that you don't have access to, but the guy who's sandwich you keep eating at lunch has the keys). Here's the MANY part. All of his friends have access to that room as well. And all of his friends will see at the same time "Bob.Smith@Yahoo.Com's email password is Password123? Let's trying that at Facebook, Instagram, Merrill Lynch, Wells Fargo, etc.. Hackers are also lazy. If Password123 doesn't work for your other accounts, they may just give up and move to the next person in the database. If you get the email from a hacker where they have claim to have access to your camera and they are wanting you to pay them some bitcoins so they won't reveal your 'wacky porn proclivities', it's FAKE. They are just trolling (harvesting) from a list of hacked emails and passwords.
- Second Most Importantly: Set Up 2 Factor Authentication (2FA) whenever available. If someone wants to get into one of my important accounts, just because they have my password, they will need to have my phone handy also as I will get a text containing a one time secondary password. This will make it exponentially harder to break into one of those accounts.
- Don't click on a hyperlink in an email asking you to change your password.
- Don't click on a hyperlink in an email or social media post that doesn't have any context with it.
- Write down your passwords. Know which ones are the same. (Google & Gmail, for example). Make sure it's accurate. I don't use a password manager. They can get hacked as well.
- Don't sync your personal data with your web browser (unless you know how to do it safely). Chrome and Firefox both allow you to sync your web browsers to other devices that are logged into the same account. Great in theory if you know you're doing it and have a need for it. Not so good if you sync up to a computer that you're only using one time (Library, Cruise Ship etc) and now all of your emails / passwords etc are syncing with all 5,000 passengers of the Carnival Exhilaration or the Key West South Shore Library and Tapas Grill.
- Don't sync your personal data with an offline location (OneDrive, Box, DropBox, Google etc) without setting up 2FA.
- Don't check your email/social media/financial accounts on a public computer. Again, common sense, goes with #6.
- Don't buy gift cards to pay for a service or a "friend" you haven't heard from in years. I can't believe how many older people, who HATE technology, fall for this one. Pick up the phone and call your friend and see why they supposedly can't buy Apple gift cards for their 54 year old son who lives in their basement without your help.
- Microsoft, Dell, Symantec, Amazon, Netflix, Apple, etc do not call you... Ever.
- When Googling customer service numbers on the internet, look for AD in small letters and DO NOT CALL THAT NUMBER. 4 times out of 5 the company you are trying to call doesn't even have a support phone number and expects you to send your question into a support chat.
- Your grandson is not in a Peruvian, Ecuadorian, Chilean etc celda... (that's Spanish for cell and gullible is crédula or crédulo.)
- Check https://haveibeenpwned.com/ to see where your email address has been compromised. (I used to say IF your email address has been compromised, but that's very rare.)
- Close accounts you no longer use. Some let you do this, some don't and eventually fade into obscurity.
OK - So it's time for a sales pitch. I can do this all for you. Just call me. Here's what I can provide.
DUNWOODY PC "CLEANUP/CLEANOUT/SECURE" PASSWORD MANAGEMENT SOLUTION (* where/when available)
- change all email passwords to 2 Factor Authentication (2FA)*
- change all social media accounts to 2 Factor Authentication (2FA)*
- change all financial accounts to 2 Factor Authentication (2FA)*
- change passwords to remove duplicate passwords
- request removal from accounts no longer used *
I hope you find this list helpful. Tell your non-crazy friends. Feel free to share. There's no trade secrets here, just some common sense help to make your online life less stressful.