Category: Security

Have Your Passwords Been Compromised?

These days, security breaches are in the news so often you may think there is no way to avoid having your information stolen. While no credentials are fully safe from hacking, using good password hygiene (not reusing passwords, using complex passwords, etc.) and staying on top of which of your accounts has been hacked can go a long way in keeping you safe.

Even if you watch or read news 24/7, it is impossible to keep up with all of the account breaches yourself. Luckily, https://haveibeenpwned.com/ exists to keep track of this for you.

The process is simple and free. Point your internet browser to https://haveibeenpwned.com/ and enter your email address.

When I put my personal email in, I got this message:

If I scroll down a bit, I can see the individual instances in which my information was compromised, along with more information about each particular hack:

What Do I Do with This Information?

Just because you have an account with a service that was breached doesn’t mean someone is actively using your account. It just means your information may be in the wrong hands. Knowing which accounts have been compromised can help you in the following ways:

  • Quickly change passwords and/or associated email addresses to prevent someone taking over your account. Also change credentials for any other account that uses the same email/password combination.
  • Get a heads up to check and make sure no unauthorized activity has happened on your compromised account.
  • Evaluate whether this is a service/account you really need. If not, delete your account, if possible.
  • Discover services you forgot you had signed up for!

Try It Out

Now it’s your turn to see if any of your email addresses have been pwned. If they have, there is no need to panic. Just follow the steps above to re-secure your accounts.

Detecting Email Scams

Have you ever received an email you thought might be dodgy, but couldn’t tell for sure? Given the prevalence of email scams, your instinct is likely correct. But what if that email from your bank is real and requires a response?

The folks at Tech-Talk have written a great article to teach you how to scan the email for clues that it might be a scam. Even if an email passes scrutiny, you may still want to avoid clicking links in the email. If it is from an entity with which you have an account, try typing the site’s known login address into your browser rather than clicking a link.

Keeping Your Facebook Account Secure

Thief with laptop

In today’s world, bad actors are constantly trying to hack all of our accounts, and Facebook is no exception. In case you missed it, check Tech-Talk.com’s article suggesting ways to keep your account secure.

Would you like to get tips like this delivered straight to your inbox? Head to https://bit.ly/egtechtalk and sign up to receive the weekly Tech-Talk newsletter.

Tips for Staying Safe Online

Man dressed as a thief with a laptop

It seems everywhere you look there is a new story about how criminals are using technology to steal your money or identity. Here are some tips to help guard yourself from the most common methods of attack.

Keep Your Hardware and Software Updated

Let’s face it, updates are a pain. Whether it’s Windows bullying you into stopping work for a restart or your iPhone begging for your iCloud credentials, updates always seem to initiate at the worst times. However, keeping up with updates is a crucial step in staying safe. Often, those updates contain code that fixes vulnerabilities that bad actors are already exploiting in addition to any new features.

Privacy Settings

Each platform (Windows, MacOS, iOS, Android, etc.) has its own series of tasks that can increase your privacy, and therefore security, on that device. Please note that increasing privacy may break some functionality. For example, if you turn off location access, you will be unable to use the GPS to get guided driving directions.

Wi-Fi Networks

Wi-Fi undoubtedly makes staying connected easy and convenient. Unfortunately, it is another avenue that can be used for attack. Here are some suggestions for staying safe when connecting to Wi-Fi networks.

  • Pick the right network. People with bad intentions have been known to create networks with names similar to those that people expect to connect to in an attempt to make you vulnerable. For instance, you could be in the waiting room at a medical office and see an open network called “Dr. Jones guest wi-fi” that seems legit. After all, you are here to see Dr. Jones. But maybe the official guest network is “Jones Medical Associates guest wi-fi”, which is also on the network list, but not the first one you saw. Connecting to the wrong network can give a thief full access to your device. When in doubt, double-check the network name.
  • If possible, only connect to networks with a password. While this does not guarantee security, it does limit who can connect.
  • Some devices have a feature that will allow you to auto-join open networks. Unless you have entered a password and saved a network, it is not a good idea to allow it to connect automatically. See this article for more information about how to disable auto-connection on different devices.
  • If you are on a public network, do not conduct any personal or financial business without using a virtual private network (VPN). A VPN encrypts all of your device’s traffic, not just internet browsing. Your workplace may already offer a VPN. There are free VPNs out there, but beware – many are worth what you pay for them. You can find many review sites online claiming they know the best VPNs to use, but two industry leaders for general use are ExpressVPN and NordVPN.

Multi-Factor Authentication

Have you ever been doing business online and the site sent a code to your phone or email to confirm your identity? That is multi-factor authentication. The first factor is your password. Some sites just want to make sure you are human, so they have you check a box or identify which pictures have an object in them. Other sites need to be sure the correct person is logging in to the account and use a more secure second factor. Common second factors include a code sent to a phone or email account, a fingerprint on the phone’s sensor, or a third-party program like Google Authenticator.

If you use a service that offers multi-factor authentication, turning it on will go a long way to securing your accounts. Privacy breaches can reveal your usernames and passwords, but it is exponentially harder, if not impossible, for identity thieves to fake the second factor. Yes, it is inconvenient to add a step to every single login, but it isn’t nearly as inconvenient as having your identity stolen or your bank account emptied.

Internet Browser Tips

My number one tip for browser security (besides keeping it updated) is to use the Duck Duck Go search engine instead of Google, Bing, or other searches. Duck Duck Go doesn’t gather your info like the other players. They provide a private, encrypted search and block trackers. Search is available on their website or via browser extension. You can even download Duck Duck Go as an app on your phone. Brave is a browser alternative to Firefox and Chrome that promises secure and fast browsing.

If you use Chrome or Mozilla Firefox to browse the web, you can add extensions to your browser. Extensions are like little apps that add functions and tools. Duck Duck Go has an extension for Firefox, but not for Chrome. Here are some extensions, most available for both Chrome and Firefox, that can help keep you safe on the web.

  • Privacy Badger blocks trackers, even if they are “invisible.”
  • HTTPS Everywhere encrypts your web traffic, making it tougher for bad actors to see it.
  • uBlock Origin blocks ads and other content that slows down your browsing.
  • AdBlock Plus is another well-reviewed ad blocking extension.
  • Multi-Account Containers (Firefox only) allows the user to separate traffic into containers, preventing cross-tracking. Not only is this useful to keep Facebook from seeing what you are shopping for on Amazon, but it allows a user to use different containers to login to different accounts on the same service. For instance, one could have three different Gmail accounts open in the same browser at the same time.

Other Browser Strategies

One safety strategy is to use one (secure) browser for banking, internet, and other work, while using a separate browser for shopping and visiting other “snoopy” sites. This keeps the services from “seeing” each other. No matter which browser(s) you use, you should clear your cookies regularly.

Got Questions?

If so, let us know in the chat or contact us at the library: 518-477-7476 or eglibraryinfo@eglibrary.org.

Have You Been Pwned? Find Out with This Tool

pwned

Data breaches and internet security are a big concern for many individuals, and with good reason. Large companies that have had their users’ information (such as email addresses, passwords and password hints) compromised include Adobe and Snapchat.

Luckily, there is a website, Have I Been Pwned?, which searches across various domains and known breaches to see if a particular email address or username has been compromised.  The site’s name comes from the gaming term “Pwned”, which is a twist on the word “owned” (defeated).  The exact origin of this term is disputed.

The website also can inform you if your information has been “pasted,” which the site describes as:

A “paste” is information that has been “pasted” to a publicly facing website designed to share content such as Pastebin. These services are favored by hackers due to the ease of anonymously sharing information and they’re frequently the first place a breach appears.

This website is a valuable tool to find out if your personal information has been compromised.  Check out this post for suggestions on strengthening the security of your accounts.