Category Archives: Internet Security

Passwords – again

To mark World Password Day, I thought I’d run through some statistics and hints:

  • 76% of people use the same password up to 14 times;
  • The average password has 8 characters or less;
  • 68% of people are worried that they will forget their login information;
  • 92% of passwords include readily available information.

Which means if a hacker gets hold of your simple password they could get into every on-line account you have!

So use a combination of UPPER and lower case, numbers and symbols, like 0C^7G0xSaqoqB9st. OK, quite hard to create or remember yourself but password managers generate and remember them for you.

So use a password manager like bitwarden (free) or lastpass (mostly paid for).

And if you can, turn on 2FA (two-factor authentication) where after login you are, for example, sent a code by SMS that you enter to prove it is you. Some people say 2FA by SMS is insecure but it is better than nothing.

Upgrading your password security

I do write from time to time about the importance of password security. Long, complex and unique is the way, but they are hard to remember and type in!

That is why I recommend using a password manager to create, remember and enter your login details. Examples are Lastpass, 1password and Bitwarden.

These also have the benefits of synchronising between your computers, tablets and phones so you always have your passwords with you.

Up to now they also have had password security checks to let you know that some of your passwords are weak (bad) or reused (really bad). But changing your password could be a drag and many people didn’t bother.

Most of them now have a system to help you update these insecure passwords by logging you onto the site and getting you to the password change page. This makes it easier to update your password.

So if you don’t use a password manager, then do. If you do use a password manager, then run the security check on your passwords.

Stay secure, stay safe.

Whatsapp changes group security

After starting data-sharing with Facebook, WhatsApp has reportedly changed a setting to allow anyone to add you to a group: this might mean marketing businesses or, more worryingly, scams or loan sharks or whatever.

To change the setting on your phone so that only those in your contact list (or even fewer) can add you to groups, go to settings> account >privacy>groups and select ‘my contacts’ or ‘my contacts except’

Enter passwords securely

We live in a period when bad people are always trying to access our computers to steal passwords and other stuff.

This is often done by keystroke loggers that have been loaded onto the computer. How can we bypass the logging? Don’t use the keyboard!

One method is to use a password manager to generate and enter passwords for you. This also has the benefit of creating passwords that are hard to crack and that you don’t have to remember. If you want to know more, get in touch.

Many security system have ‘sandboxes’, a sealed environment that doesn’t let stuff out into the rest of the computer. If you have this, then use it. I have Bitdefender security and that provides ‘safepay’. Others have similar.

Finally – and the least secure – is to use an on-screen virtual keyboard, like you have on a phone. Windows calls this an on-screen keyboard and OSX a virtual keyboard. You can enter any key or combination into any text box.

In Windows, press the start button and type ‘keyboard’. Then open the on-screen keyboard. If you want to use the shift, function or similar keys, just press then to toggle them on. ‘Shift’ then ‘s’ will give you ‘S’, for example. Here is a video: https://www.youtube.com/watch?v=stBpv9MzH9U

For OSX you need to do some preparation:

Open the Apple menu and system preferences, choose the keyboard panel and the keyboard tab.

Now check ‘Show Keyboard & Emoji / Character Viewers in menu bar’

You will now see a keyboard menu up by the clock. Use this to turn ‘keyboard viewer’ on or off.

Who is listening to your microphone?

I know that many of us are concerned about bad people remotely accessing our webcam and microphone. That’s why many laptops have shutters or people put tape over them. As I have a desktop for most of my work, I just unplug them.

But your laptop microphone is still there. Now you can go through lots of hoops to disable and enable your mic, but SoundVolumeView from NirSoft turns that into a one-click operation.

Download and run SoundVolumeView

The scammers are still there – please read this

I know that I’ve written several times about scammers, but they are still there and getting better – and catching people from all and every walk of life.

To be clear: Microsoft, your internet provider or anyone else does not know the status of your computer. Frankly, I doubt if they care about your computer. I don’t see why they should and anyway, if they did then they would fix it for free and not ask for money like the scammers do.

Scam number one works by ringing lots of people and eventually they will chance on someone who thinks they have a problem. So the scammer gets believed.

Then they will ask you to run something like Team Viewer to get onto your computer. This lets them show you all the problems on your computer by showing you Event Viewer to convince you to pay them money and thus get your bank details. Alternatively while they are doing this they will be looking at your web browser to try and find your passwords.

  • Never, ever, let anyone connect to your computer unless you absolutely trust them (Takes a small bow!).
  • If they start talking about money put the phone down straight away. They will ring back to try to pretend to be genuine. They’re not.
  • If you see your mouse or anything else suggesting that your computer has a will of its own, just shut it down by pressing the power button until the lights go out – about four or five seconds.

Then get expert assistance.

Scam number two is an automated call telling you that something major will happen (like your internet being cut off or failing to get a refund) unless you press button ‘1’ on your phone. This puts you through to a person who will try to extract your bank details and enough information about you to pretend to be you.

  • Again, just put the phone down.

Scam number three pretends to be your bank, Amazon or someone. They will be trying to get your credentials, maybe asking you for security details.

  • Just say ‘thank you’ and put the phone down. If they are genuine they won’t mind. Then visit the website of the organisation they claim to be from just to make sure – or call them on the number on a statement or card from them. Don’t use any number or website the caller gives you.

In all cases, if you have given out any bank or card details:

  • call the card issuer or bank immediately and tell them;
  • Change your online banking logons and passwords;
  • Sign up to a free credit checking service and monitor that for a while in case the scammers try anything;
  • Change any other passwords on any websites that are important to you or access your money like Amazon and PayPal.

It’s a great shame that the world is like this but that’s the way it is. Treat any phone call as a potential scam.

Lastpass password recovery

I recommend Lastpass to create, store and fill-in passwords for you. It works across most computers, phones and tablets.

But as with any password manager, you need to remember your master password. What if you forget it?

Lastpass now lets us use biometrics to sign-in on our phone or tablet, so we can then change the master password. To make sure this is turned on, in Lastpass go to settings, security and make sure fingerprint or face unlock or similar is on.

A useful tool for boilerplate text and other automations is TyperTask, which I have set to such things as typing ‘mesig’ inserts

‘Regards,

John’

into any program

Avoid getting hacked

Well, it’s only just 2019 and already new threats are being rolled out. So here are a few thoughts:

emails

Always a favourite! But now the bad-guys can make emails seem more genuine. There have been so many data breaches that your name, address and many other details are floating around. So hackers can put your name and address into an email (that looks like it is from someone you trust), or even a password that you use – or have used – into those blackmail emails to make it look like they have got into your computer

As ever, do not click on links or open attachments as even worse things will happen.

Chatbots

A lot of us are quite used to ‘talking’ to customer service staff via a pop-up window. It’s better than hanging on the telephone. Online chatbots are similar but use a machine at the other end. Hackers are now starting to insert their own into genuine websites that have been hacked in an attempt to get personal information and data about users.

In both cases be aware what you are telling them and if you get uncomfortable, just close the window and get on the phone.

Dangerous websites

It is always good to use secure websites (the ones that start ‘https://’) but it is less and less a guarantee. About half of all phishing sites use HTTPS already.

So protect yourself. Good internet security packages come with a website scanner built in. Google Chrome comes with ‘Safe browsing’ built in to warn you. Otherwise Norton Safe Web is a good free add-in for your web browser. Look in the add-ins or extensions page.

Ransomware

This is still out there and becoming more sophisticated. Again, good internet security packages will protect your most important files but as ever, there is nothing like a good backup and system image held on an external system like a USB HDD or cloud backup. It is unlikely to happen to you if you take basic internet precautions but I have seen it strike and the effects are always devastating.

Programs and packages can help, but in all cases the best protection is you. If you get a gut feeling that something is wrong or you don’t like what you are about to do, then just stop.

It really is better to be safe than sorry.