Tag Archives: passwords

Cyber security awareness: The Facebook feature you will love

facebookprivacytab

 

This month as part of Cyber Security Awareness Month I had the opportunity to talk to expert, Jennifer Jolly about cyber security, especially about being safer and protecting my privacy on Facebook.

“President Obama designated October as National Cyber Security Awareness Month. National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.”

Jennifer and I discussed:

  • What are three quick steps you can take to help make sure only the people you want can see your stuff?
  • What are some security controls that are available to protect our accounts and privacy?
  • How can login approvals help to keep our Facebook account safe?
  • Why is it so important to have unique passwords for our social media accounts?
  • How can we control what information we share with apps when we login using our Facebook account?
  • Why do we need to periodically review the apps connected to our accounts and clean house? What is an easy way to do this?
  • Where can we go to for more information?

Our interview is audio, so grab a pen and paper and take a few notes. I was surprised at how fast and easy I was able to tighten up the security and privacy settings on my personal Facebook page – and how many apps I had actually given access to. You will be too!

 

Jennifer Jolly is an Emmy award-winning consumer tech journalist and “geek speak translator.” She’s one of the nation’s most trusted experts when it comes to reviewing and explaining consumer electronics and the days’ top tech trends. A 20-year broadcast industry veteran, Jennifer writes the weekly New York Times Wired Well column and is the host and syndicated columnist of TechNow. Jennifer is also frequent guest contributor for the Today Show, The Meredith Vieira Show, The Talk, CNN, HLN, Dr. Oz, and the Rachel Ray Show.

Consumer Reports Warns Email Theft Increases Identity Theft

Consumer Reports is warning to consumers that use of email addresses as a user ID increases your risk of identity theft.  The report cites the theft of millions of Yahoo users who had their email addresses stolen recently. Yahoo identified the attack on user email accounts and immediately acted to protect users by prompting holders to reset their passwords, according to a blog post by the corporation.

While there is no evidence that data was breached from Yahoo’s computer network, according to Bloomberg Businessweek, there is evidence that user names and passwords may have been taken from a third-party database. Consumer Reports warning is to users who often use their email address as their user ID because it can increase the chance of hackers getting into any other accounts you have associated with that email/user ID.

Identity thieves call the maneuver multipurposing. They steal personal data from one account and use it to break into other accounts. The theft of an email address can also lead to phishing scams, malicious software being placed on users’ computers, and malicious and fraudulent links being sent to everyone on a users contact list.

Once a criminal has access to email and passwords he can use it to break into a users bank accounts, online accounts, and use the information gathered to steal a users identity.

Consumer Reports gives an example, “Once the criminal has your e-mail address, he tries to sign into accounts at some large banks or major shopping sites, claiming he forgot his password. Some institutions will e-mail a “password reset” link or, worse, the password itself, to your address.”

Consumer Reports goes on to explain that once the password has been reset to the criminals password he will have full use of banking or shopping accounts that were broken into. The best way users can protect themselves is to consistently change their passwords and never use the same user ID as their email.

Data Breach Report Shows That Password Attacks Are Not Being Forced To Adapt

Everyone that spends time on the Internet is familiar with the ideas of usernames and passwords. A recent investigation by the Verizon Data Breach Investigations team revealed that our passwords are not doing the job. In 2012, authentication-based attacks were the number one method used by a mile in breaches online. In fact, four of five breaches were accomplished in this manner. What does this mean to us as surfers? Actually, it means quite a bit.

It means we are giving our permission without being aware of it

Most people realize that they should not give out their personal information, but they keep on doing it anyway. In fact, the criminals are counting on it. If we give our authorization to breach our information, what could be easier for an online, anonymous criminal? Phishing emails, asking for your information directly, false websites and countless other methods are out there. Once the password or username is secured, you would be shocked at the damage they can do.

Why change what is not broken?

That is almost certainly what the criminals are thinking. For the last several years the data has not changed hardly at all. By far, the easiest way for criminals to get your information is to ask for it…..and they do. Because we are not forcing a change, they simply keep on doing the same thing.

How do we force change?

The best way is to educate ourselves. You have to understand that any company that asks for password or username in an unsolicited email is fake. No company is going to do this in our modern online world without them having an ulterior motive. Never click a link you are uncertain about. Never visit a website with a bad reputation. You can see this by checking it with your anti-virus and other online tools. Most of all, we need to change how we pick our passwords.

How can we get a great password?

The easiest way to do this is to use a system like Roboform to store your passwords after you create them.  A website like strongpassword generator can help you create a great one if you have problems making something that will be hard to crack. This is a very easy way to come up with one that won’t be discovered. Of course, many will want to do it themselves and that is fine. Just don’t use anything that is obvious like a pet name or variation of your name. The criminals are very good at discovering your information. Use a letter, number and capitalization mixture for the best results.

Digital Assets and Death

Chances are you have a will and other paper documents that have been prepared in the event of your death. What you may not have is information on how family members can access your digital assets upon your death. It’s something that many never think to disclose. However, if family members don’t have access to this information, it can be difficult to follow the instructions in your will. Not only that, but family members may also have trouble accessing important files, such as family photos. The following explains the importance of giving access to digital assets to your family upon your death and how to do it.

Many people rely on online financial institutions for a number of services. You may have your IRA account, life insurance, and at least one bank account through an online company that doesn’t have physical offices. Without passwords, it can be impossible for family members to access this information. This means that it may be impossible for them to pay for a proper funeral or carry out your final wishes. If you work online, you may also have quite a bit of money in a PayPal account and have clients that need to be notified. All of which your family will need to know about.

It’s not only financial accounts that your family will want to access. Chances are you also have a number of family photos stored digitally. These photos should be passed down and cherished by your family, not be erased because no one knew they were on the hard drive.

There are actually a number of ways you can help your family access your digital assets. When it comes to passwords, you never want to have a file in your home that contains this information. However, what you can do is create a list of accounts and log-in information and put it in a safe deposit box at the bank. The key could then be placed with your will along with instructions on where the deposit box is located. You could also have a trusted family member keep the file. When it comes to family photos, you could also make a note in your will about their location.

Digital assets are often overlooked, but this can really hurt your family. If you want to make sure your family accesses all your accounts upon your death, you need to find a way to share this information. Whether you share your passwords before your death or leave clues on where to find the information in your will, you can make it easier for your family to move forward.

Yahoo! Hacked Learn How to Protect Yourself

Yahoo! Hacked Learn How to Protect Yourself

by guest writer, Linda St.Cyr

 

YAHOO! was hacked by a group calling themselves D33DS. The group claimed that the hack which released 450,000 email addresses and passwords to the public was “a wake-up call not as a threat.” But those who were affected by the hack might not see D33DS benevolence. I know that I don’t and I was one among the half a million emails to be released to the public. Luckily, the password that was associated with my email was outdated. Many other people were not as lucky.

People tend to use the same password for various sites. This can be detrimental if a hack takes place like the one that was done by D33DS. Although, I didn’t use the password that D33DS released I still had to take a day to change the passwords for all the websites that I used. Most of the websites had security measures in place that automatically locked me out the account (and any hackers as well) until I took steps to reset my passwords.

There are three basic steps that can help keep your internet and email activities safe:

 DON’T USE THE SAME PASSWORD

Do not use the same password for various websites. It may make life easier but it also makes you more susceptible to hackers and spam. If you use various websites for business or pleasure create a hard copy list and put it in a desk drawer or in a safe place. If you have ten different website accounts, you should have ten different website passwords.

 CREATE A STRONG PASSWORD

Websites that recommend that you use 6-8 letters including a capital letter and a number or a symbol are ones that want you to have a strong password. The stronger a password is, the harder it is for a hacker to get into your account. A strong password will have a combination of letters, numbers and symbols. Your password should not be your social security number, your birthday, your kids birthdays, your phone number or even your anniversary. That information is easily accessible, especially on social media platforms, which makes using it easily accessible for a hacker.

CHANGE YOUR PASSWORD OFTEN

Every couple of months take a day to change all the passwords you use. This will make it more difficult for a hack to take place as your accounts. A hacker could be close to figuring out what your password is but because you change it so often, the hacker will have to start all over again.

The Daily Telegraph, who reported on the Yahoo! hack, stated: “Users of online accounts are urged by security experts and technology firms to select tough passwords and change them frequently to thwart hackers.”

 

This guest post is by Linda St.Cyr,  a freelance writer, blogger, and columnist. She covers a wide variety of topics from food to celebrity gossip. Read her work at Ecorazzi, Yahoo! Contributor Network, or The Hungry Kitchen.

450,000 email addresses and passwords stolen from Yahoo: Is yours one of them?

Linking up accounts and services seems like it could make life easier doesn’t it?  Until you link things up on the Internet so closely that one security breach could lead to several from you email accounts to your PayPal accounts as well as the services you use on sites like Yahoo, MSN and Google.  A recent theft of over 450,000 log-in credentials were discovered from a Yahoo service.   Unfortunately this theft was not limited to just Yahoo services as many people link up their services with their email address, no matter what provider they may have.

The hackers, “D33Ds Company” released a statement about the incident stating  that this should be a wake up call to Yahoo for “lax security.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

While the theft of this data is scary, what is even more frightening is that according to TrustedSec the passwords and information were stored completely unencrypted.

Chief technology officer at Eurosecure, antivirus vendor ESET’s distributor in Scandinavia, Anders Nilsson, revealed that the most common domain names for the leaked email addresses were aol.com, gmail.com hotmail.com and yahoo.com. You can find even more statistics about this incident and the services affected on his blog.  Surprisingly enough the most common password is the one that everyone is told not to use and out of approximately 342,000 entries, 1,666 of them use the password 123456.

If you want to know if you have been compromised Continue reading 450,000 email addresses and passwords stolen from Yahoo: Is yours one of them?

Social networking passwords requested by prospective employers

It’s a tough economy out there. There are plenty of people looking for jobs, and if job applications and competition among other applicant’s wasn’t tough enough now potential employers may be adding one more line to that form; one that says “What is your Facebook/Twitter/Other social networking site password?” Would you provide it?  Continue reading Social networking passwords requested by prospective employers

David Briggs, FOX & Friends Weekend Co-Host, Email Hacked: How easy would it be to hack your email account?

How easy would it be to have your password or “secret” question answered? Find out how we often give away password clues and didn’t even know it.

Continue reading David Briggs, FOX & Friends Weekend Co-Host, Email Hacked: How easy would it be to hack your email account?