Category: Security

How to Find Your Lost Device – Android Edition

If you have ever experienced the acute trauma of losing your smartphone, you may be wondering if there is a way to track it when it is out of your sight. The answer is yes! If you use Apple or Android devices, you can set them up to be tracked in the event you cannot find them. Last week, we highlighted how to find Apple devices. This week, we’re shining the spotlight on Android’s Find My Device app. This app will help you find, lock, or erase Android phones, tablets, and Wear OS devices. We should probably note that your device must be running Android 8.0 or later to use all of the features of the Find My Device app.

Setting Up Find My Device

Before you can use Find My Device, there are some setup steps that need to be taken on the devices themselves. Some of these will probably already be done, like being signed into a Google account.

  • Make sure your Android device is logged in with a Google account.
  • Turn location on (Settings>Location>Toggle on)
  • Turn on Find My Device (Settings>Security and privacy>Find My Device>Toggle on.). If Find My Device is not already installed, install it from the Google Play Store: https://play.google.com/store/apps/details?id=com.google.android.apps.adm&hl=en&pli=1
  • Google states that “Store recent location” needs to be on so your device can be found if it’s offline. However, this is a relatively new feature that I have yet to find on my Pixel 5. According to their instructions, this toggle should be found in Settings>Security>Find my device.
  • Make sure your device is associated with your account on Google Play, or it won’t show in Find My Device. To double-check, find your device list here: https://play.google.com/library/devices. In the upper-left of the screen, make sure the “show in menus” box is checked.
  • Double-check that Find My Device works on the device by going to https://android.com/find and logging in with the same Google account as the device. You should see your device in the upper-left of the screen. If you have multiple devices associated with the account, you may need to toggle between them.
  • If you want to be able to lock or erase the device remotely, you must create a 2-step verification backup code. To get backup codes, log into your Google account and select security from the left menu. Scroll down to “How you sign in to Google” and click on the “Backup codes” section. You may be prompted to enter your password again, but then you can create codes to print and use later.

Find a Lost Device

In order to use Find My Device on one of your devices, it must have power (even if turned off), be connected to Wi-Fi or a mobile data connection, and be prepared using the setup steps above to enable the Find My Device app to work. If you would prefer to watch a video on using Find My Device, there is one embedded at the end of this article. To continue with text instructions, read on!

When you log into Find My Device and select a device, notifications will be sent to the device before you select any options. If the notifications don’t help, here are your other options:

  • “Play a sound” make the device ring for 5 minutes, even if it’s set to silent.
  • “Secure device” will lock the device and sign out of your Google Account. You can optionally display a message or phone number on the lock screen in case someone finds (and wants to return) your device. You can still locate the device, and after finding it, you may need to log in again.
  • “Erase device” is the nuclear option. It will erase all content from the device and keep it from being re-registered to a different account. You won’t be able to find it on the map after erasing it, but if it gets returned, you can reclaim it by signing in with the Google account to which it is registered.

Find Using a Browser

To find a device using a browser, go to https://android.com/find and sign in using the Google account your device is registered to. If you have more than one device listed on the same account, you may need to toggle between them. It will show how much battery is left and what network the device was last seen on.

Options for playing a sound, locking the device, or erasing the device are in the left menu, while a map indicating the location (or last known location) of your device is in the main part of your screen.

Screenshot of browser version of Find My Device showing device selection in the upper left, an action menu below that, and a map indicating the phone location in the main part of the screen

Find Using the Find My Device App

When using the app, you have the option of using a friend’s device that isn’t registered to your account. Whether using your own or someone else’s device to find another device:

  • Open the Find My Device app on another Android phone or tablet.
  • Sign in
    • If your own device is lost, select “Continue as [your name]”
    • If you’re helping a friend, select “sign in as guest” and let your friend sign in.
  • From the listed devices, select which device to locate.
  • Follow the steps from the browser above.
  • You may be prompted to provide the lock screen PIN for the device you want to locate. If it does not have a PIN, you may be prompted for your Google password.
Screenshot from app showing a map with device location on top, the device name and details in the middle, and the options at the bottom.

If you want to use the Wear OS watch to find a device, there are instructions here: https://support.google.com/wearos/answer/6166506?authuser=2.

Video Instructions

If you would prefer to watch a short video on using Find My Device, check this out:

Summary

Find My Device is an extremely helpful tool if you are ever unfortunate enough to need it. The flexible action options allow the user to disable the phone in the event it can’t be found, which acts as a deterrent for the resale of a stolen device. Have you ever had to use Find My Device with your Android device? If so, let us know how it went in the comments.

How to Stop Your USB Cable from Spying on You

Let’s be honest, not all of us are using the original USB cables that came with our phones and tablets when we bought them. Maybe it is lost, or maybe one cord just isn’t enough. Cords are cheap online, so why not grab a few extras? As it turns out, not all cables are created equal. Some could be used to steal your information.

How Can a USB Cable Be Dangerous?

Cables seem like pretty basic items, and it seems odd that an item without an electronic “brain” could pose a danger. Remember, though, that USB cables can be used to transfer data as well as charge hardware. If you want to put a picture from your phone onto your computer, you could plug it in and copy it over.

This same functionality could be used by bad actors to trigger a data transfer any time you use that wire in a device – even at a public charging station. You would assume that because it is branded as a charging station, that is all it does. But there is no good way to check if your wire is trying to do more. Some devices will not initiate data transfer without a confirmation prompt on the device, but that is not always the case. The only way to be sure your data remains safe would be to use an adapter that disables the data wires in the USB, allowing it to charge only.

USB Data Blocking Adapter

One inexpensive product that can protect you from unauthorized data transfers is a USB data-blocking adapter. It is a small dongle you place between your wire and the charger (or other devices) with the data wires removed so that it can only charge your device.

PortaPow (available at Amazon) is a trusted name in data-blocking technology, but neither I nor the library receives any compensation for mentioning them. No matter which brand you use, make sure there are no data wires at the end that plugs into the charging device.

Summary

If you are using after-market cables or public charging stations, it’s a sensible safety precaution to use a USB data blocker. At under $10 per adapter, this is one of the least expensive ways to secure your data. Do you use a USB data blocker? If so, let us know in the comments.

Access 20+ Free Tools to Enhance Your Online Presence

If you create online content, whether for fun or profit, you know there are lots of tools out there to help you design and secure your creation. Some are free or low-cost, while others can be staggeringly expensive. While in search of free tools to help me with simple graphic design, I stumbled upon a treasure trove of them in a variety of categories.

Experte.com

When I needed one, I found a background remover for images on Experte.com’s design tools page. I found it so helpful, I blogged about it. That page also revealed some other tools I thought may be of use, such as an image cleaner that could help remove unwanted elements from an image. Of course, all of these tools are available in software like Photoshop and GIMP, but sometimes you just want a simple tool to do a simple job.

After finding the design gems, I poked around Experte.com to see what else was on their site. I was really impressed with the number of website tools on offer, and I have made use of several of them. Google, W3C, and other providers offer free tools for testing your site’s speed, validating your code, checking mobile compatibility, etc., but Experte.com has put several of these website tools on one page for easy access. Using these in conjunction with other, similar tools may help you get a more complete picture of how your website is functioning.

Experte.com also offers tools for IT security and business. To access any of the tools on this site, hover over a menu item (e.g., Design) and select the sub-item at the bottom of the list labeled “tools.” There is a page of tools for each top-level menu item (except About).

Summary

Lots of free tools exist from a variety of sources on the internet to assist online content creators in putting their best foot forward. Experte.com helpfully gathered many key tools in one place for their users. Have you tried any of the tools at Experte.com? Let us know what you thought in the comments.

Unsure How To Stay Safe Online? Help Is Available!

Given today’s online climate, cybersecurity is more important than ever. Our recent technology survey revealed that this was one of the top concerns among our library users, prompting us to plan more events and education on that topic. Even if you’ve had security training in the past, security recommendations are changing all the time. As the person in charge of technology security at the library, I can tell you it’s no small feat to secure a network and online services from intruders. Even if you put all of the proper measures in place, all it takes is one user to click the wrong link or open an unknown attachment and the worst-case scenario could happen.

As such, the best line of defense is to make sure individual users know how to recognize and avoid traps and how to practice good technology hygiene (like keeping your computer and its software up-to-date). Once upon a time, it was easy to spot a scam. You knew no Nigerian prince would contact you looking for help, and those weird characters in the middle of the word to trick spam filters were a dead giveaway. These days, criminals are getting a lot better at spoofing emails and other communications to make them look legitimate.

Even if you think you know everything about cybersecurity, you still have more to learn. Fortunately, there is a reliable online resource that can teach you general concepts and help you with your cybersecurity questions, presented by the National Cybersecurity Alliance. There is a lot of information there, so I would suggest starting with these two sections of the website:

One of my favorite things about this resource is that the topics are broken down into short, easy-to-understand parts with practical advice. As an example, one of the longer articles is an 8-minute read called How To Tell If Your Computer Has a Virus and What To Do About It. Dating scams, travel tips, hacked accounts, smartphone security, and many other topics are represented in articles all estimated to take less than 10 minutes to read.

One drawback to this resource is the fact that almost all of their education resources are written. If you prefer your education in video format, try this Tech-Talk collection or GCFLearnFree.org.

What are your biggest cybersecurity concerns? Let us know in the comments. Until then, stay safe!

Is It a Social Media Game or a Clever Hack?

If you’ve been on social media sites such as Facebook and Twitter, chances are you’ve seen them. Posts that appear to be innocuous enough, asking for a combination of personal info to find out things like what your Bridgerton name would be by asking you to name your grandmother’s name combined with the street you grew up on.

The problem with these types of posts is that they are not innocuous – far from it. These attempts by various entities to gather personal information are a type of social engineering.

What is Social Engineering?

According to this helpful article on Imperva, social engineering is “the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

The types of posts you may see on social media sites will ask all sorts of questions related to personal information that is often the same type of information used in security questions used to retrieve a forgotten password. A single question may appear innocent enough, but the way these scammers often operate is to gather information through multiple questions. For example, to gain access to someone’s account by answering security questions, you will often need to enter your birth date. These social engineering posts will be clever in the way they ask for information. Instead of, “post your birthday!” they will instead ask things that combine your birth month or number combined with other information. If you were to comment that you were born in January, they would have one piece of information. Another post may ask when you graduated high school, or what age you were in a certain year. When pieced together, the perpetrators have your birth date.

Type "Halloween" and the year you were born in the GIF bar. That's your costume this year.
Example of a social engineering meme

Answering security questions can be used to retrieve a forgotten password or as an extra security measure to log in to some websites. Some common security questions ask about the street you grew up on, your favorite pet’s name, or the name of your firstborn child. To get this information, the perpetrators will word it in a different way such as, “what’s the name of the child who made you a mom?” A question that sounds innocent, but has malicious intent.

What Do They Do With the Information?

There are several ways the perpetrators can use your information. The easiest way is security questions. Once they have your information, they can visit your various accounts, be it Google, Yahoo, or even your bank account, and use the information to reset your password. What about the example question mentioned above about the name of the child that made you a mom? A common security question asks the name of your firstborn child. Your favorite subject in high school is another common question asked in Facebook posts that people answer without hesitation.

Besides answers to security questions, this information gives a heads up to those attempting to guess passwords. If hackers have a starting point, for instance, if your password contains the name of your childhood pet or your first born, it makes it easier to guess the rest of the password, especially if they are using hacking programs that can automate the process.

Men laughing with text "we posted a Facebook quiz with password security questions and they not only answered the questions, they shared it with their friends.

An Easy Solution

An easy way to combat this problem is to not share personal information on social media. While you may think only your friends will see the answers, once you comment on a public post, anyone on the internet can see the information you provided. Another way to avoid this problem is to not use security questions when given the choice. Instead, opt for a backup email address or a text message as a way to verify your account in the case of a forgotten password.

While the attempts to find out personal information on social media are plentiful, with due diligence, you can keep your information away from these information harvesting attempts by scrolling right past them.

Have you noticed these types of posts on social media? Let us know in the comments.