We live in the age of the insecure and daily we find our Internet safety threatened. Diligence is needed these days by anyone who uses a computer or that has a bank account. We need shredders to keep our records safe from dumpster diving bandits, a video doorbell to record who is stealing our packages, and an identity theft protection subscription to protect us from the fallout from the Equifax breach. In short, you’re not safe even if you live in a cabin in Montana. Odds are the Russians probably hacked your states voting database or DMV or some other poorly protected government system.
Bad actors and bored teens have been around a long time. In the 1980’s, phone cards came into common use for long distance calling. The first cards used rather short account numbers which were quickly exploited by enterprising bored teens . . . I mean bad actors. My point being that people have long employed questionable tactics or ethically questionable decisions.
Social Engineering and other tricks
Kevin Mitnick is a well known hacker who mastered the art of social engineering. In short, social engineering is the act of convincing someone that you are someone you are not and then convincing them to assist you in getting access to a system that you shouldn’t be accessing. In Mitnick’s case this could be a phone system which he would then use to make long distance calls after convincing a person that he was with AT&T.
Most people are well acquainted with scammers who are using a variant of social engineering. The most common scams these days are the IRS agent scam and the tech support scam. Hint, the IRS doesn’t call you. The tech support scam is so prevalent that I’ve been called more than a few times. My favorite way to respond to the call is to ask if they’re calling about my downstairs computer or upstairs computer. When they give an answer, I indicate that I’ll need to go and look at it. When I finally get to it, I ask how Microsoft is going to be able to help me with my Mac! Sometimes to change it up I ask them what they know about Linux Mint or Ubuntu. I need to remember to ask about Free BSD next time.
Internet Safety Common Sense
The problem today is that you’re likely to encounter the modern electronic version of Mitnick or foolishly fall for a scam perpetrated by someone much smarter than the person pretending to be from Microsoft. This is why we need to invest in services to protect ourselves from not only bad actors and bored teens but ultimately from our own stupidity.
Some simple rules:
- Use two factor authentication whenever possible
- It’s not safe to use a single password for all sites since it is likely that one of the sites will be hacked.
- Do not safe to write down your passwords in a book sitting on your desk or on a sticky note under your keyboard.
- Never keep all of your passwords in a file on your computer that isn’t encrypted with a strong encryption scheme.
- Use a passphrase like “I was born on a Tuesday but I do not remember it at all” or some other easy to remember phrase.
- Always use a program to create passwords and manage them for you.
- If you do write down your passwords for someone to find after you leave this earth then lock them in a safe or put them in a sealed envelope in a safe deposit box.
Two Factor Authentication and Software Solutions
The single best thing that you can do to improve your security and internet safety posture is to utilize two factor authentication for your accounts. Common methods for two factor are using a third party program like Google Authenticator or requiring that the website text you a code that needs to be entered before the site will complete the login process. The idea of two factor authentication is that you supply something you know – your password. Then you supply something you have – a token in the form of a code sent to your phone or generated on a device that you control.
In addition to utilizing two factor authentication we need somewhere to store the long and unique passwords that need to be used for a secure internet experience. There are a lot of high quality software solutions available to make password management easier for the average user. Picking the right software comes down to it fitting your needs. Any of these solutions will help increase your personal level of Internet safety.
If you are someone who likes something that is well written and free then you can’t go wrong with KeePass available at www.keepass.info. It works great on Windows and the Mac port is fine. I’ve had less success with the IOS and Android versions. Use dropbox or another cloud service to keep your file in one central location. This way you can always sync across multiple machines and devices.
My preferred solution today is LastPass available at www.lastpass.com. The premium version is two dollars a month. It works well across all platforms and integrates with all major browsers. Much like the iPhone of the iPad or most other Apple products, it just works.
Theft Protection
Finally we come to the cherry on the top of the sundae. Theft protection. Theft protection and monitoring are cornerstones for a fully realized Internet safety strategy. There are a few major players in this area and frankly all of them will do a nice job. LifeLock is a name that everyone knows in part because of the their advertising efforts. Less known quality players are IdentityForce and IDShield.
After reviewing the three services and comparing their features and benefits, I decided that IDShield was the best fit. I liked that I was able to set up monitoring for my whole family with one plan. IDShield comes up short compared to the other two when it comes to credit monitoring. My recommendation is to review your reports from the three primary credit services on a rotating basis every four months. Look for out of date information and asked that it be corrected.
The final thing that can be done to protect your credit is to lock it with a credit freeze. The only downside to a credit freeze is that you need to plan to unlock it when you are going to make a major purchase that will leverage your credit history.
Further Reading on Internet Safety:
Google Security Blog – New research: Understanding the root cause of account takeover
Password Managers:
Theft Protection Services: