Two Factor Authentication – It’s No Longer Optional.

There is an old saying that there are two guarantees in life:  Death and Taxes.  Well, when it comes to personal computing, there are two guarantees as well.  Passwords and password changes.  Yes, if you use a computer, a smartphone, or anything that connects to the internet, you have a username and password as a means of identifying who you are in order to access information.

For many years, the standard has been that your username be unique, as well as your password.  This criteria for many years has been sufficient in guarding your account information at your bank, your social media accounts, everything.  However, this is no longer the case.

Two Factor Authentication (2FA)

What is “two factor authentication?”  Simply put, it is a way of identifying yourself by use of multiple pieces of information.  Without getting into the gory details, it means that you are using something else, in addition to your username and password, to verify your identity.  Many corporations have used this type of technology for years.  However, for consumer users of computers, this is something we are seeing more and more each day.

To give an example, lets say you have a Gmail account.  When you login, you enter your username and password and you press enter to login.  If you have two factor authentication enabled, once you login, you would be presented with a screen asking for an additional code to enter.  That code could come in the form of a text message, or through use of an authentication app.  Once you enter that additional code, you gain access to your account.

At this point, I can already hear you groaning at the idea of having to enter something else to secure your account.  Thoughts like, “That’s annoying!”, or, “I have to enter another piece of information to check my email?”, and finally, “This is stupid!  I’m not going to do it!”, I am quite certain are going through your heads.  However, before you make a hasty decision, consider the following scenario.

Vacation Gone Wrongvacation gone wrong

A husband took his wife and kids on a family vacation to San Francisco.  For this trip, the husband brought his smartphone, and instead of a laptop, he decided to bring his Android tablet.  After a wonderful two weeks in sunny California, they decided to hit up Fisherman’s Wharf for some last minute shopping.  After several hours of walking around, they returned to their vehicle only to find both back windows smashed out.  Several items of luggage were stolen, including, the husband’s bag that had his tablet inside.

That tablet had all sorts of apps, such as email, banking and investment apps, all major social media account apps, and the like.  After having to deal with the frustration of having their stuff stolen, this husband spent the better part of the night changing passwords for literally everything in his digital life.  It was at this point that he setup two factor authentication where he was able to do so.

What If It Was You?

Imagine yourself in the above scenario.  Having to frantically change passwords before the other person got to your digital stuff is not fun at all.  If that person had setup two factor authentication on his accounts prior to the theft, that would have at least put up a roadblock for the thief, while that person went down the list to change passwords.  Two factor authentication is not the “magic wand” of security.  It is simply another means of securing your information.  You can either do that, or run the risk of a hacker getting access to your banking information, or deleting all your photos from your cloud account.

Setting Up 2FA

Setting up 2FA (more jargon to impress friends) is very simple, and you may already be using it.  If you have logged into your bank from another machine that you typically do not use, the website may say they have sent a verification code via text message.  This is a form of 2FA.  Another way you can set this up is to go to your social media sites and look under settings/security.  Usually you will find a way to enter your mobile number and enable two factor authentication.

You may download and use apps like LastPass Authenticator, or Google Authenticator.  These apps allow you to setup 2FA with different sites that allow use of such an app.  You scan a barcode that is provided by a website, and once you have it in there, each login you do will require use of that additional code.  A nice feature of 2FA is that you are instantly notified on login attempts.

Many sites that allow, or even force you to setup 2FA also allow you the ability to check a box to remember you on that machine.  This way you do not have to enter a secondary code each time.  A word of caution on this.  By doing so, if your device is ever stolen, and they can get to your apps and have a greater chance of logging into whatever site(s) you have enabled that feature.  I would caution against doing this from your tablet or mobile phone.

No Excuses

Two factor authentication is not a passing fad, but is a standard in computer security.  When considering whether or not to set it up, ultimately the decision rests with you.  However, each week it seems we hear about another company having a security breach.  Therefore, 2FA is no longer something that is optional, but is a necessity in securing your digital life.

Advertisements

Global Hack Attack – Ransomware

Keep your eyes peeled regarding a global hacking attack that has hit 12 countries so far.  The attackers apparently are using technology stolen from the NSA of all places, to launch ransomware onto people’s machines.  Heavily hit already is Britain’s National Healthcare System.

Now more than ever, we have to be vigilant.  These things usually are transmitted via email attachments.  Some may look weird, but oftentimes, they can appear harmless.  If you think something is strange, go with your gut and do not open that attachment.

You can read more about this story here.  Also, feel free to review an article about email security to brush up on how to protect yourself.

Google Docs Phishing Scam – ALERT!

If you receive a message that someone shared a document with you from Google Drive, as of this moment DO NOT OPEN IT!  It is a massive phishing scam that is going on all over the internet right now.

Just delete the email and then delete it from your deleted items folder.  Hopefully we will have more to report as the details come out.

 

UPDATE:

According to Google’s own system status page, the issue should be resolved.

https://www.google.com/appsstatus#hl=en&v=issue&sid=4&iid=c708d68b1884a629816e361895c125a5

This particular scam brings the user to a convincing Google Drive login page.  Once you login, you are given the choice of what account you want to sign in with.  Once a person clicks that, this is where the fun begins, because you’ve just given access to some hacker/scammer who can lock you out of your account, delete all your stuff, and fun things like that.  You will know it’s a scam when you look in the from field in your email and it says:  From:hhhhhhhhhhh

My recommendation is that for the rest of this week, do not open a thing from Google Docs that is shared via email.  If by some chance you did click on the link, and you saw a screen of gobbledygook, then please change your Google password immediately.

 

Old Computers Can Still Be Useful

The Holidays have long since passed and you have been cruising around the internet on a brand-new desktop or laptop.  It’s shiny, it smells new, and it’s so much faster than your old computer.  However, your old computer sits there in a corner, disconnected from power, and gathering dust.  You have said to yourself, “What am I going to do with this old thing?”  Below are some things to consider regarding an old PC and how it can still be useful.

The first suggestion for an old PC is to consider using it as a home server.  But wait you say!  “Servers are just for businesses I thought?”  Well, think again.  Today are homes are becoming more and more internet connected, and especially when it comes to media storage.  Videos and pictures take up a lot of storage space over time, so that new rig you got for Christmas could easily start slowing down like your old PC if the hard drive starts filling up.

 

Take that old desktop, which probably has a 500GB hard drive, and wipe the operating system off it and reinstall Windows.  Of course, before you do this, make sure to back up your files to an external drive.  Just wiping the drive and reinstalling Windows will make that old PC run much faster, if not like new.  If you are going to use this computer as a home file server, and the current drive is too small, head out to the store and buy a larger one and install Windows on it.

 

Take all those videos, pictures, and your document files and offload them onto that old PC.  Finally, make sure that all computers in your household have the same network name, turn on file and printer sharing in the operating system, and you can now access those files from any machine in the house.  Congratulations!  You have just setup a home file server.

 

Do you have kids?  Are they always getting on your computer and leaving a trail of destruction behind, such as downloading games, or getting it infected with malware and the like?  This is another reason to repurpose an old PC.  Follow the same steps above to reinstall Windows, and now you have a computer that your kids can use, thus freeing up your machine.  Be sure when you do this, that you set each one of them up with their own user account, so they can have their own settings, layouts, and the like.  I would also highly encourage anyone to make those user accounts “Standard Accounts” and do not give them Administrator access.

 

Another consideration is donating that old PC to someone who is in need.  The first thing people think of are schools and libraries.  However, schools and libraries get their computers through budgetary allocations.  Private schools however may be a route to consider, as they are not funded by taxpayers, but by those paying tuition.  Also, consider charitable organizations, such as churches, women’s shelters, or organizations that help people with job placement.  Please consider however that when you donate your old PC, it should be something that they can use.  If you have an old Windows XP machine, they are not going to be able to use that.

 

The options I mentioned in this article primarily dealt with using the Windows operating system.  However, you may want to try your hand at the Linux operating system.  There are Linux distributions that you can download for free from the internet and install on that old PC or laptop.  You might find that it runs even better than before with a different operating system, as many Linux users, such as myself have discovered.  This can be especially useful if you have a child, or an adult, in the home that likes to tinker around with computers.  You can even use that operating system to network with your other Windows machines in the home server option mentioned earlier.

 

In the past, old PCs usually were relegated to the garage, where they would only emerge years late to take their place as one of the last items to go in a garage sale.  However, old computers can and are still very useful today, when applied to the right situation.  So, go get that old machine and try some of the options mentioned here today.  You will be getting the most out of your money that you invested in that machine, and you might find that it will enhance, or make more efficient, how you do things regarding your personal computing.

Hackers Going Old School

I have written quite a bit about attacks on computers through poisoned search results, and of course, just hitting an infected webpage.  When these things happen, your computer may starting “talking” to you announcing that if you try to shutdown your computer, your files will be infected, blah blah blah.  Of course, this is nothing more than a scare tactic to get you to click that button for “remote assistance”, which of course the only assistance you will get are your files stolen, held for ransom, and of course the high possibility of identity theft.

However, some hackers are going old school, by using the telephone as a launch point into hacking your computer.  For example, you may get a call on your home or mobile phone, and the caller ID might say “Microsoft”, or “Google Support”.  The person on the other end of the line will say that, “they have received alerts that your email account is sending out a bunch of spam”, or, “we have detected that your computer is infected with viruses, and we need to clean your computer, or we will have to lock down your machine.”

Of course, none of what I described is the case, because like I mentioned in a recent article, these companies have no idea if your computer is sending spam email, or infected with viruses.  These hackers, who are really scammers, use fear tactics, such as using inflected voice tones and a lot of technical jargon to get you all flustered and worried.  It is at that point they will have you turn on your computer, goto a site like Ammy Admin, Aero Admin, or they may use a legitimate remote control software like Teamviewer or LogMeIn, have you enter a code, and then they are on your computer where the games will begin.

So what can you do?  First of all, if the call comes out of left field, with the person on the phone stating something similar to what I mentioned earlier, my best advice is to hang up.  To verify if the call was a scam, call the number back on the caller ID.  Most likely it will refer either to some other number, or national 411 assistance.  Did I forget to mention that when they call on the phone, they also put forth false caller ID information?  Of course, this is assuming that anything other than “PRIVATE” or “BLOCKED” showed up on the caller ID.

This next part is a bit of a sensitive topic, but nonetheless true when it comes to these scammers.  The overwhelming majority of the scam calls you get, the person on the other end will have a heavy foreign accent.  Most of the calls are not coming from the US, but are in fact coming from overseas from the Middle East, India, and even Southeast Asia.  Again, if you get a call out of the blue, with foreign accented person on the line stating they need to connect to your virus laden computer, hang up.

Finally, you must understand that these phone calling hackers do not limit their calls to your mobile or home phone number.  They can and do call business numbers, because they are literally just going down a list of numbers that their criminal boss gave them, and have no idea if they are calling a home, mobile, or business phone number.  Therefore, it is absolutely imperative that you be alert when at the office.  Allowing a hacker who called you to get access to your work computer, will in all likelihood be a career limiting move for you.  In other words, you are likely to be fired.

Hackers use many methods and means to gain access to your information.  While most hacks occur while you use the internet, hackers are not above giving you a good old fashioned phone call to scare you into giving them access to your machine.  However, you have now been equipped with the knowledge to defeat them.  And defeat them we shall!

 

Poisoned Searches – A Launching Point Into Trouble

It has happened to us all at one point or another, where we search something on a search engine, click on the top result, and the next thing we know, we are getting popups telling us to contact tech support that our machine is infected.  Immediately, we go into panic mode thinking that all our files, folders, pictures, etc are summarily being stolen, or worse, deleted.  Most of these types of attacks have not infected the computer at this point, but are designed to scare you into clicking the OK button.  That is where the fun will begin.  However, with a little bit of knowledge, you can get around these attacks, and get on with your life.

First, we need to understand that search engines list search results based on several factors.  One of those is that companies pay them to have their business listed at the top, which means people will click on those results first, versus scrolling down the page.  For example you may see the address www.amazon.com and it will say (Sponsored) in the link.  However, hackers, scammers, and what I like to call them, scum, will hijack these results, strictly to separate you from your money.  They essentially write computer program code that instead of going to www.examplesite.com, you wind up at a different web address that pops up the alert stating your computer is infected, and that you need to click OK to connect to “Microsoft Support.”

If the above happens to you, understand this.  Microsoft does not proactively monitor or otherwise try to help you if you get a virus.  They are never going to know you are infected, and if you need their support, you must contact them at their number.  With modern hijacks like this, the attacker/scammer wants you to click that OK button, because that will start a remote session where someone connects to your computer.  In such a scenario, you can be assured that they will either start stealing information from your machine, or, they will launch a virus code that will encrypt your files on your computer, and then they will demand a ransom from you to unlock and access your files.

Second, another thing you need to understand about search results, is when you are needing technical support.  For example, a computer user I know recently needed help with his Yahoo email account being reset.  He went to Google searching for “Yahoo’s Support Phone Number”, and lo and behold, it was at the top of the results.  However, when he called the number, the person on the other end of the phone was not from Yahoo, unbeknownst to him, and he directed him to go to a website and download a program that remotely connected him to his machine.  Thankfully, he got wise enough and severed the connection.

I mentioned this because most of the technical support out there today is done by going to a company’s website, and filling out a support ticket webform, or contacting them at an email address.  In this situation that happened above, a group of scammers created a webpage, that got cached by the search engine, but that had a fake number for support.  Even if they answer “Yahoo Support” I can tell you that Yahoo does not have a phone center to contact for help.  Also, a legitimate support outlet for a company will email you a confirmation shortly after requesting help, usually with a ticket number, and a phone number to call in.  Also, if you ever call a number you searched, and they do not answer something like, “Thank you for calling (insert business name)”, that’s a clear indicator you are talking to scammers.  Hang up.

So what is a person to do?  In my experience, I highly recommend to never click on search results that have the words “sponsored” or “paid ad” listed in the result.  These are just breeding grounds for hackers and scammers, and it’s just not worth it.  About one month ago, there was one listed for Amazon, that literally for a couple of days, that poisoned search result stayed up.  I wonder how many were goaded into scam support sessions?  Sadly enough, probably a lot.

Another thing you can do, and this mostly applies to business is, if you are needing support with your computer, a program you use, or anything technology related, and you have a help desk in place, please, submit a ticket to your helpdesk.  As an IT Professional, I am constantly amazed that there are procedures in place that clearly state, “All requests for support must be submitted to support@abc.com”, and yet employees will try to resolve their own issues, which more often than not, lead to bigger problems.  Those situations again, are just one Google search away from kicking off.

Finally, vigilance and awareness, more than anything else, will go a long way to keeping you from hitting a poisoned search result.  Look at the search result, and before clicking on the link, hover your mouse over the link.  What will pop up is a complete showing of the URL, and if that URL does not have the name of the company or site you are trying to reach in it, you probably do not want to click on that.

Poisoned search results are a pain for sure, but with the knowledge above, you should feel confident you can navigate the minefields that idiots layout for unsuspecting users.  Awareness of what you are looking for, and awareness of what results are returned to you will go a long way to keeping your PC healthy, happy, and more importantly, safe.

Decrapifying your computer

Your computer is slow, your productivity is down, and as a result of this, you have a greater inclination to kick a puppy.  (Can’t wait for the animal rights advocates to light me up on this one.)  The answer is, you need to decrapify your machine.  We are going to outline how you do this.

First of all, why is your computer all “crapped up” in the first place?  There are many answers to this, but the most common reason is that your computer accumulates lots of temporary files that over time just take up space, can contain errors, or you might have picked up some malware or spyware that is hogging all your memory and processing power.  This will cause all sorts off things to start happening such as slow web pages loading, slow computer startup, or you may start to get a slew of popups while browsing.  Below are some recommended tools to help you get the crud out of your machine.

First, clear out your browser cache.  This is a space on your computer where images of webpages get stored to help them load faster the next time you visit.  There are many browsers that are out there so I recommend using something like CCleaner.  You can also simply use the tools that are built in your browser.  Usually they are located under “settings.”.

Second, most computers come with a ton of “bloatware”.  These are program extras that the manufacturer of your machine put on your computer.  If you are not using these programs, why keep them?  Head over to the internet and download PC Decrapifier.  This is a program that will scan for common bloatware programs and in one swoop, deletes them from your PC.  This frees up more hard drive space, which gives you some more speed.

Another thing that will help is to defragment your hard drive.  What is hard drive fragmentation?  Well, I am not going to cover that, because most people just want their computer running faster.  Suffice to say, it slows your computer way down.  Download Defraggler which is an excellent program for defragmenting your hard drive.  Be warned that this is something that you do not want to run while you are using your computer for something else.  This can take a long time and ties up a lot of your computer’s processing power.  This is something you may only run once or twice a year.  If you have a solid state hard drive, which you can find out from your computer manufacturer, you will not want to run this.

Finally, if your computer is creeping along, you may have malware/adware.  These are programs that gather information about you, or could just be there to make your life miserable.  A great program to clear all that stuff out is Malwarebytes.  This program will find malware and other things causing issues, even trojans and viruses, and delete them off your machine.

If you follow these simple steps, you can “decrapify” your PC and be back up and running faster than ever before.

Computer Security – Convenience can cost you.

This is part 1 in a series on Computer Security

Computer security.  I can almost sense that just from the title of this article people’s eyes are glazing over with the familiar, “Do we have to discuss this stuff again?”  The answer is yes, and the reason why is that you are likely to be the one at fault if your data is compromised.  Read on, because I know I’ve already enraged you by implicating you as the source of trouble.

 

Data security is not something that consumers and businesses can simply try to address in a cavalier manner.  It is a serious topic that in today’s digital age can have serious ramifications not only on your business, but in your own personal life.  Yet despite the fact that we do everything online from paying our bills, to telling people what type of salsa we are eating at the next FourSquare check-in, securing ones data is sadly handled in a lackadaisical way.

 

Take for instance the very basic of security levels; Passwords.  Passwords are those secret codes that unless someone has that item, they will never get past that login screen.  But is your password secure?  Most likely it is not.  Rather, it is probably something very easy for a hacker to guess, and probably without a great deal of effort.  Is your password “Password” or your date of birth?  If I just guessed your password here in this article, I’ve got some news for you.  Your password stinks, and you might as well not have one at all with a password like that.  That was cutting I know, but it’s because I care enough to tell you the truth!

 

Passwords should be complex and difficult to guess.  They should never be something that is personally identifiable with you, such as date of birth, last 4 of Social Security Number, or anything like that.  Also, passwords should not be recycled, meaning, that you shouldn’t use the same password on different sites.  I’ve been guilty of this in the past so I am preaching as much to myself as I am anyone.  They should be a combination of letters, numbers, and characters.  The more you have, the better off you are.

 

If you are in need of a program or tool to help you generate strong passwords, there are a plethora of choices out on the web.  A quick Google search will pull up several options, many of which are free, that will generate passwords that are random characters that will be very difficult to figure out.  If you go with the pay for services, you can actually just have to remember one password to access all your randomly generated ones.  I highly recommend seeking out services like these, because as recent news stories about hackers stealing people’s login information shows us, the name of your favorite pet for your password is not good enough.

 

Keeping your passwords secure is good.  What is not good is writing down your passwords!  I see this all the time both in homes and especially in businesses.  It is just a major NO NO!  Now there will be those who will say that they have to do this because they will not be able to remember all those passwords.  I will again point them to the options I mentioned earlier. 

 

The main reason why people continue to still write down passwords, which again, is careless and dangerous, is simply due to laziness.  Yeah I said it!  It is a simple matter of them not taking the time to properly secure their information because convenience trumps security in their minds.  Here are some things to consider for those who feel that Post It Notes are a great way of storing passwords.

 

Imagine you have someone over to your home.  Could be a repairman, could be even a friend.  They walk by and see these colorful, eye catching sticky notes all over your computer screen.  You leave the room for just a few moments, and in those few moments, they capture your passwords that you have written down on a sticky that says, “Bank Login”, or, “Brokerage Account.”  A day or so later you check your bank account and see a massive withdrawal.  What happened?  You happened is what happened.

 

How about for business owners?  Take a walk around the office and you will soon find out that more employees than not have passwords out in plain sight.  Is this the impression you want to leave with your existing and perspective new customers?  To have passwords out in the open sends a message to them of, “We do not care enough to secure your data.”  They will take their business elsewhere, believe me.

 

Some will say that traditional passwords are on the way out, and we are heading more towards biometrics.  That may be, but for now, it’s still usernames and passwords.  Therefore, make your passwords secure, and difficult for someone else to guess.  You will be better off, and it sure beats dealing with an identity theft issues down the line.

Charter Communications Internet Outage – My thoughts

If you are a Charter Communications Internet subscriber, then likely on Saturday your internet service was spotty at best, and most likely, completely down like everyone else.  As of this morning, Charter has officially stated on their Facebook page that there was an outage, and that services have been restored and they are continuing to monitor.  There is still no word yet as to what the root cause of the issue was.  Here are some thoughts I have about what happened.

First, even ISP’s are going to have outages.  It’s not a matter of if, but when and the sooner that people understand that the better.  However, what happened Saturday was so severe that even if you called their tech support phone number, you got a busy signal.  No automated phone system, or anything like that.  So lets keep things in perspective that whatever happened was major when the phones do not even work.

Having said that, the way Charter has handled this outage in terms of communications with it’s customers was without a doubt, terrible.  Several hours into it, there was nothing posted to their Twitter or Facebook accounts.  In fact it was not until 16 hours ago that they finally posted something to their Facebook page acknowledging an issue, though again, root cause has still not been posted.  Having worked in support for many years, nothing ticks off the public than the internet being down.  What will definitely make it worse is when there is no communication with the public to at least say, “Hey Houston, we have a problem.”

Even though they were having an internet outage, someone could have early on jumped onto their smartphone and posted just a quick blurb acknowledging a problem to at least let people know they are aware of it.  Instead we heard silence only interrupted by the constant busy signal that lasted, by my experience, for well over 10 hours this past Saturday.  This is not how you run a business.  Outages come and go and that’s the nature of IT.  However, closing off the lines of communications is never a good idea.  Social media outlets proved that with postings like, “Charter you suck!” type comments.

As stated already, Charter finally reported to the media that, “there were intermittent outages..”  This was, frankly, understating the issue, and thus, a lie.  Yes, I said it.  A lie.  Understating the situation for the purposes of damage control was and will forever be a form of lying, because it deceives people into thinking that the situation is not that bad, when in fact, it was a royal disaster Saturday.  Charter quite honestly should issue a credit to it’s customers simply due to the fact they did not communicate at all with those who pay their bills.

Finally I will say this about this outage, and any other outage of internet service.  While it can be incredibly frustrating, I am always amazed at the vitriol that I see come out of people, in the way of comments on social media, in such harsh fashion.  At the end of the day people, if the internet goes down for several hours, it’s not the end of humanity as we know it, so stop acting or reacting like it.  Go do something else like, I don’t know, talk to a real person instead of liking every status update from people you are barely friends with in real life, and people you probably cannot stand or will rarely, if ever, meet.