Accounts

Dear BFF’s, Princesses and Superheros – Hackers are your biggest fans

We have all seen the Facebook quizzes that flood our timelines. Which Disney character are you? Who is your true BFF?  What is your inner spirit animal? What is Superhero personality? Who is your soulmate? Well as 1 of many CyberSec superheros, CyberGent101 wants to help you out with something. Your longing to be a Disney character, Superhero, to release your inner spirit animal or finding out who your BFF is, maybe putting your personal data at risk. The video below gives some insight into what can occur if your data is stolen actually handed over via Facebook quizzes.

 

(video credit wfla.com)

A friend of mine @MsSharlee  and I often times find ourselves shaking our heads at the growing number of quiz posts that we see on our timelines. We continually post (and re-post) about the potential dangers of  taking these quizzes. At some point we hope that our concern will make others aware of what they are releasing to the internet.

As stated in the video here are a few helpful reminders to stay out of the crosshairs of hackers:

  • Be cautious of apps, quizzes, etc that require you to sign in or redirect you to a site to enter your credentials. Personally if something requires me to login, I don’t participate.
  • Treat your email addresses like cash. Make sure you use a strong password as well.
  • Don’t always trust links from friends. Web address analysis services like urlquery.net allow you to check out links that you may receive from emails, texts, etc. URLquery also provides a screenshot of what the site looks like at that particular time with analysis on if the link is malicious or not.
  • If you must participate in a quiz to see who your soulmate is or how many kids you will have with what celebrity, take a quiz from a company that has a good reputation of protecting data.

 

Advertisements

Secure your Selfies!!!

Instagram is in the process of rolling out its new security feature in its latest attempt to further protect you from hackers. With the latest update (to be rolled out in phases), Instagram will add two factor authentication to its app for better account protection.

Two-factor authentication or 2FA adds a second level of authentication to an account log-in. Entering only your username and one password is considered a single-factor authentication. 2FA requires the a user to have two out of three types of credentials before being able to log into an account.

Here are three types of 2FA:

  • Something you know, such as a personal identification number (PIN), pattern or a password.
  • Something you are, i.e.bio-metric like a fingerprint, voice, or eye (retinal scan)
  • Something you have, such as an ATM card, token, or phone.

If you decide to activate 2FA within Instagram, logging into the app will now begin to require your password AND an additional security code. The code will be sent to you via SMS ( Short Message Service a.k.a. Text). With 2FA activated, Instagram will send you an SMS security code every time you login as an extra layer of security. The new input screen that will appear after the regular login page will look like this:

INSTAGRAM-TWO-FACTOR-AUTHENTICAITON-PROMPT

I currently use 2FA for my online banking, Mint, Smarty Pig and Facebook. Again this security feature will be updated over time so if you do not see the 2FA option right now, it will arrive eventually. Continue to make sure your app is updated to the latest version as well. Once the update is rolled out it will be listed under “Posts you’ve liked” option in the settings page of your Instagram account.

INSTAGRAM-SECURITY-AUTHENTICATION-OPTION

Again 2FA is another added layer of security to protect your accounts and online identity from hackers. Though not 100% (like security features in general), it is a very effective security practice to deter malicious activity. Currently Facebook, Twitter, Apple, Google and a host of others use 2FA as well. What other apps or accounts do you currently use 2FA for?

The worst passwords of 2015

According to Splash Data’s yearly “Worst passwords list” here are the most common passwords used in 2015:

Rank      Password            Change from 2013

1              123456                 No Change

2              password            No Change

3              12345                  Up 17

4              12345678            Down 1

5              qwerty                 Down 1

6              123456789           No Change

7              1234                      Up 9

8              baseball               New

9              dragon                 New

10           football                  New

11           1234567                  Down 4

12           monkey                  Up 5

13           letmein                  Up 1

14           abc123                   Down 9

15           111111                     Down 8

16           mustang               New

17           access                   New

18           shadow                Unchanged

19           master                 New

20           michael               New

21           superman            New

22           696969               New

23           123123                  Down 12

24           batman               New

25           trustno1              Down 1

If you log into your personal accounts using one of these passwords above please change it. As you can see the secret is out there. If you need help refer to Up your password game

Up Your Password Game

Let’s be honest, how many of you reading this article currently uses a password containing variations of a relatives name, pets name, your address or even the word “password”. At this time I am encouraging you to change your password to something stronger. This article will encourage you to change your password to something that will make you feel more secure about your accounts (work or personal). Using a strong password can prevent someone from hacking into your account using password attack methods such as brute force or social engineering.

Once a malicious actor (what we call hackers / attackers in the cyber-security industry) gains access to your accounts they can do things such as: post random or bad posts on your behalf, send out spam emails, make changes to your bank account, change settings, etc.

Personally I have DIFFERENT passwords that I use for my online banking, email, media and social media accounts. The one thing that you want to prevent is having a specific email address and password tied to multiple accounts. If a malicious actor recognizes this trend all of your accounts can be compromised much easier.

Here are some recommendations to up your password game:

I recommend using the Password Meter site (http://www.passwordmeter.com/ ) to help you create a strong password. Password Meter will provide a real time analysis of your password and let you know how strong it is based on criteria for creating a strong password. This is a very helpful tool. Plus once you use it, you will feel a little smarter because you have taken the first step in protecting your accounts and your online identity. You will not believe how easy it is to obtain simple passwords and use the associated accounts for malicious intent.

I also use an app called 1Password (https://agilebits.com/downloads). 1Password allows me to keep all of my different passwords in 1 place, which is convenient for me because I have several passwords that I use. Using 1Password also keeps me from going to sites where I may have forgotten my password only to use the “forgot my password” link over and over again which could become a very tedious and time consuming process. 1Password also prevents me from writing passwords down on a sticky note. Over the course of my IT career, I have seen people use sticky notes to keep track of their username and passwords. The bad thing is, I have seen these sticky notes on stuck on monitors, on laptops even placed under keyboards. All of the methods listed above are of course a bad practices for storing passwords. Anyone in plain view of the sticky notes can gain unauthorized access to a person’s passwords and accounts. Again as a measure of added protection, feel free to give Password Meter and 1Password a try and let me know what you think.