Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. — Clifford Stoll
We all have numerous passwords that we count on in our daily lives, but how safe and secure is that password? Have you shared it with anyone? Were you aware that a federal court has made sharing passwords illegal? Do you use a password manager? Today I saw news of a zero-day vulnerability on Lastpass.
We must be ever-vigilant with our passwords and password managers as well as two-factor authentication (2FA) (see links for more). Despite a federal ruling on sharing passwords, one of our presidential candidates asked their potential VP and his entire family, including grown children, to share all of their social media passwords with the campaign. California has ruled in favor of employers demanding the social media passwords of employees (long-standing ruling). There are numerous other examples of overreaching attempts at circumventing your privacy and security, so we all must be fully aware of what is and is not legal as well as what we will and will not allow when it comes to our data and privacy. It is best practice to use a password manager, 2FA, secure passwords, unique passwords for each and every location that requires a password, and to change passwords on a regular schedule based on the data that is being protected. It is also a good idea to make sure you are aware of the latest issues and/or updates for your password manager of choice.
It is your security that is at stake and you must take every reasonable step to protect it in this ever-changing digital landscape.
NIST Says SMS-Based Two-Factor Authentication Isn’t Secure
ACCESS TO SOCIAL MEDIA USERNAMES AND PASSWORDSIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
Nobody can hurt me without my permission. — Mahatma Gandhi
As I read this week’s news about Pokemon Go and how it has full access to your Google Account on your phone and subsequently online it caused me to re-examine the access that I have granted to applications on my phone. When you do this, you will be surprised at what they want to access.
Our phones each have a different way of granting privileges to applications and some give us more control over each piece than others. The scary piece is when an application wants to access your call records or to be able to make a phone call when it has no business even interfacing with that section of your device. I have seen and read about applications accessing every part of the phone in what can only be seen as poor coding on the part of the developer, a blatant attempt to infect and control your device, or a lack of knowledge on the part of the developer with regards to the actual needs of the application. If you have the access to limit what rights are given, it is in your best interest to do so. Turn off access to contacts, sms, phone calls, gps, photos, etc if the application does not need access. This will make your phone more secure and efficient, and therefore will protect your privacy and increase your level of security. It is also a good idea to periodically look at these settings in case an update changes them.
We all use our phones for contact, news, entertainment, and more. What we need to do is be aware of how someone might corrupt that process to their benefit or to our detriment. Be safe, be smart, and be aware.
Pokemon Go Has Full Access Permissions to Your Emails and Documents
Google to change app permissions for ‘Pokémon Go’ after security concerns
Senator voices concerns about ‘Pokemon GO’ data privacyIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
On the soft bed of luxury many kingdoms have expired. — Andrew Young
As time progresses and smartphone technology advances, we become ever more reliant on the power and presence of the computer we carry in our pockets. With everything it does and contains it is truly indispensable in so many ways that if we were to lose it or have it compromised we would be in dire straights.
Beyond the standard ideas of a secure pin or passcode of at least six characters and locking your device when you are not using it, there are other things to consider. One piece that many people do not think about is the authenticity and reliability of the software they install. Do you? All of the different phone platforms have an app store, and their own standards and rules for getting an app in the store. This does not always protect you as the user, and some platforms allow you to add apps from alternative sources. All of this opens us up to the chance of getting infected with malware. An application I have been happy with and been using for years is Lookout. They were recently featured on 60 minutes in a great piece about cell phone hacking. They watch and protect against malware, offer a tracking and alert option, and also a backup option for your contacts, all in the free version (iOS and Android).
There are many options and settings for protecting your phones no matter the platform or data you store and consume, so make sure to research and determine your particular needs. Remember, it is your privacy and your security at stake so it is your responsibility to make sure that anyone that wants to affect that is hindered to the best of your ability or those you enlist to aid you in this important endeavor.
How to Crack Android Full Disk Encryption on Qualcomm Devices
Apple iOS App Store riddled with malware — XcodeGhost haunts hundreds of apps
BlackBerry to Stop Making Classic Smartphone, Shares FallIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.