Category Archives: Tech Tips

Infographic: The death of passwords

Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.

 

By Alison DeNisco Rayome, Senior Editor – TechRepublic | February 8, 2019, 4:00 AM PST

Enterprises trying to keep customer data safe struggle with weak links in traditional authentication methods and employee practices, according to a recent infographic from LoginRadius.

Most people fall into one of two categories: They use one password for every account, or they use a slightly different password for every account. However, neither of these approaches are very effective, the infographic noted. While 10 years ago, people only had to keep track of a password for email and banking, today, the average business user must keep track of nearly 200 passwords.

Companies including Microsoft are making moves to replace traditional passwords with biometrics and security keys. Others are beginning to realize that commonly accepted methods for creating strong passwords are not actually effective.

SEE: Password Policy (Tech Pro Research)

Here is the full infographic:

the-death-of-passwords-v01-02.jpg
Image: LoginRadius

5 things you can do in 5 minutes to boost your internet privacy

It’s time to break out of some bad habits before they come back to bite you.

With social networks working overtime to fight off fake news and fake users, data-harvesting apps sneaking onto the Play Store and some websites trying to turn your computer into a cryptocurrency generator, you may be getting a little anxious about the privacy of your personal data.

Thankfully, the process of getting your house in order isn’t complicated or even time-consuming. You’ve probably been thinking about trying some of these things already, and you just haven’t found the right time. The signs indicate that the right time can’t wait much longer, at the rate things are going in the cybersecurity world. So here are five major things that you can do in a matter of minutes to boost your privacy online.

SEE: Google Pay: How and why you should use an app like this to buy things at the store

Get a password manager so you can stop using bad passwords everywhere

Unless you are a savant, your brain can only handle so much complexity when it comes to creating and then remembering a robust password. If you’re like most people, your password is based on personal details that are trivial to figure out, like birthdays, street addresses and anniversary dates.

And we say “password” because you’re also likely to be using the same one for multiple logins. Maybe you change a letter or number here or there, but let me tell you: When push comes to shove, this will not be enough.

Thankfully, you can defeat this bad habit in just a few clicks, thanks to password managers. These are apps and browser extensions where you only need to remember one “master password.” The manager generates the rest of them, and you just paste these into a login screen when you need to.

The good managers even recognize what website you’re on, and they’ll present the correct entry, instead of requiring you to look it up. You won’t even need to know the password that the manager generates — just log into the manager, click the relevant entry and paste your password in the browser or app.

If you’re logging into something on a mobile device, you’ll also usually find an “Autofill” option if you long-press the location where you enter your password. Choosing this option should automatically open your password manager app and swap you over to it. Then you can copy and paste your password with a few taps.

Bitwarden (download for iOS or Android), LastPass (download for iOS or Android) and 1Password (download for iOS or Android) are all solid choices, based on our testing.

Set up app-based two-factor authentication to protect your online accounts

For websites and services where you need to ensure the security of your account, like your bank, passwords alone simply are not enough anymore. In this scenario, you need two-factor authentication (2FA) — specifically, the kind where a mobile app generates login codes for you. Not the kind where you are sent an SMS text message, because those can be intercepted or just fail to arrive.

With app-based 2FA, you log into an app or website like normal, then you open an app that generates a special six-digit code every 30 seconds. This authentication app is synced with the other app or service so that your code matches the one that the main app or service expects to get. You enter the code from the authenticator app into the app or website that’s asking for it, and then your login is complete.

Google makes its own free authenticator app for iOS and Android. Unfortunately, there isn’t a standardized method for setting up your account with 2FA. Amazon, PayPal, eBay and your bank will all use slightly different systems and terminology.

Arguably, the fastest way to getting them all up and running is to just do a Google search naming the website or app where you want to set up 2FA and adding the phrase two-factor authentication to your search request.

Set up a VPN or Tor to protect your internet connection from prying eyes

The last few years have seen an explosion of virtual private networks that are designed specifically for personal use. For those of you not familiar with a VPN, it creates an encrypted tunnel within your internet connection that’s difficult for someone to intercept.

This is particularly important because Congress ended a privacy rule in March 2017 that prevented internet service providers (ISPs) — like Comcast, AT&T and Charter — from selling your browsing habits to advertisers. If you want them to keep their noses out of your internet connection, a VPN (or Tor) is probably your best bet.

In fact, with a VPN, the websites that you visit don’t even get to see your personal IP address, nor can your ISP see where you’re ultimately going. Comcast, for example, can only see that you’re connecting to a VPN service, and the website you’re visiting can only see the IP address of your VPN server. That kills a lot of location data harvesting practices in one fell swoop.

Tor is similar to a VPN. Instead of a paid service, its servers are donated to the network in the interest of collective privacy and security. The tradeoff is that Tor is not fast. It’s built for anonymity rather than speed, so you won’t be streaming 4K video from Netflix.

In fact, Netflix and other media streaming services generally take a dim view of VPNs and Tor, because these networks are frequently used and sometimes abused to get around regional content restrictions.

You can access Tor on Windows or MacOS through a web browser that’s based on Mozilla Firefox (download for iOS or Android). Unfortunately, iOS still lacks an official Tor browser, due in part to Apple requiring all web browsers on iOS to use its own Safari app under the hood. However, there is an official Tor browser for Android.

Based on our testing over the years, you can probably trust IVPN (download for iOS or Android), NordVPN (download for iOS or Android) and ProtonVPN (download for iOS or Android). ProtonVPN is relatively new, but it’s also a product of the same people who make ProtonMail (download for iOS or Android), which is one of the most respected high-security email services around.

FOLLOW Download.com on Twitter for all the latest app news.

Set up a phone screen lock and keep your apps and operating system up-to-date

Your account security is only as good as the security that you use to lock down the devices that can connect to them. For mobile phones, this means having a legit lock for your lock screen. In the same way that passwords alone do not cut it any more, neither does swiping to unlock your phone.

Of course, at least on Android, the method to set this up varies from one phone to the next. But if your phone’s settings section has a search function, try the phrase lock screen. This should pull up a shortcut to the section of your phone’s settings that lets you set up a PIN code, fingerprint or facial recognition.

With a screen lock, someone who steals your phone doesn’t have access to everything that it can do — and it will lock out the generally nosy people around you. If you create an emergency contact on your phone, that will be accessible via the lock screen; so if someone finds your lost phone, or if you’re in need of medical assistance and can’t use your phone yourself, you’re not out of luck.

Keeping your apps and operating system up-to-date helps to close security holes, sometimes before they’re even publicly known. If the brand of phone you usually buy isn’t updating your operating system several times a year, we’d recommend switching to a brand that takes your security more seriously.

For operating system updates, Apple is by far the best all-around choice in this department — but not everyone likes iOS, iPhones lack headphone jacks, the devices can get eye-wateringly expensive, and services like Apple Messages can be difficult to disentangle yourself from if you want to switch to a non-Apple ecosystem.

On the Android side, Google’s own Pixel phones get monthly security updates, though they’re also lacking headphone jacks these days. If that’s not a blocker for you, then a Pixel is a pretty good choice for phones that get updates. If you take a lot of photos, in fact, the Pixel 3 is generally regarded as having the best mobile phone camera on the market.

Read more
 

What Does Big Tech Know About You? Basically Everything


By Angela Moscaritolo, contributing PCMag reporter – Feb. 5, 2019, 6 p.m.

Security Baron examined the privacy policies of Facebook, Google, Apple, Twitter, Amazon, and Microsoft and put together a handy infographic showing the types of data each company admits to collecting.

The seemingly endless stream of Facebook privacy scandals of late—including the latest involving users as young as 13 years old—may have you questioning how much the social network and other tech giants actually know about you.

Here’s a hint: practically everything.

The folks at Security Baron examined the privacy policies of Facebook, Google, Apple, Twitter, Amazon, and Microsoft and put together a handy infographic showing the types of data each company admits to collecting. For Facebook and others, data is money. But just how much these tech giants actually know about you might be surprising.

As you can see in the infographic below, Facebook is particularly data-hungry, even gathering information about your work, income level, race, religion, political views, and the ads you click in addition to more commonly collected data points such as your phone number, email address, location, and the type of devices you use.

“Facebook is unusually aggressive,” Security Baron pointed out. “This data can be exploited by advertisers and (hopefully not nefarious) others.”

Twitter, in comparison, is “comparatively hands-off,” the site notes. The microblogging service, for instance, doesn’t collect your name, gender, or birthday (Facebook, Google, and Microsoft all do), but Twitter does know your phone number, email address, time zone, what videos you watch, and more.

Google and Microsoft, meanwhile, are the other big players when it comes to collecting data.

“With Cortana listening in and Gmail seeing all of your emails, the ubiquitous nature of Google and Microsoft gives them access to an uncomfortably large amount of your information,” Security Baron wrote.

Check out the full infographic below to see what Facebook, Google, Apple, Twitter, Amazon, and Microsoft may know about you. For tips on securing your digital privacy, check our story, “Online Data Protection 101: Don’t Let Big Tech Get Rich Off Your Info.

Security Baron The Data Big Tech Companies Have On You full

Angela Moscaritolo – Reporter

Angela has been a PCMag reporter since January 2012. Prior to joining the team, she worked as a reporter for SC Magazine, covering everything related to hackers and computer security. Angela has also written for The Northern Valley Suburbanite in New Jersey, The Dominion Post in West Virginia, and the Uniontown-Herald Standard in Pennsylvania. She is a graduate of West Virginia University’s Perely Isaac Reed School of Journalism.

Top 5 ways to avoid notification stress

We get notifications for everything nowadays. While some notifications are helpful, too many can actually be harmful. Tom Merritt offers five tips for keeping your cool when notification stress hits.

Notifications: They buzz, they chirp, they let you know your local sports team has scored a point. They have also been found to raise your cortisol levels and make you feel stressed, unhappy, and unproductive. You need them, but do you need ALL of them? Here are five things you can do about notification stress.

SEE: Streaming media policy (Tech Pro Research)

  1. Learn to say no. When an app asks you for permission to send you notifications, just say no. You can decide later whether to give it permission—if you decide it really needs it. Your default answer should always be no.
  2. If you’ve got a problem, declare notification bankruptcy. Go through and make yourself turn them all off. That’s right, all of them. Not forever—just make yourself do it once.
  3. Only turn on notifications for anything you’re absolutely certain you need. Text messages would be an obvious one. Or, there may be medical or other health-related apps where you know you’ll need that notification. Be strict, and be honest with yourself.
  4. Give it a week, and wait until you miss them, to turn a notification back on. If you run into something where you really wished, multiple times, you had gotten a notification, and you’re being honest, then you can turn it back on.
  5. Maybe get an app. One study showed that notifications were optimal in balancing information needs with stress if they were bundled and delivered a few times a day. An app called Daywise for Android provides that functionality.

Notifications are akin to somebody interrupting you to give you a cookie—it’s annoying and rewarding at the same time. Wiping them all out and starting fresh is a great way to get past that. I can tell you’re feeling calmer already.