It’s everywhere these days: 2FA (two-factor authentication).
More and more, you must use something more than just a password to secure your online accounts.
Some sites, like PayPal, are apparently requiring 2FA for everyone.
So, what types of 2FA are there? Do you have to use a smartphone? Is there an alternative to SMS-based 2FA? And most importantly, is it that much safer?
Finally, I reveal the other reason why everyone is pushing 2FA so much – and it doesn’t have anything to do with your security or privacy!
As regular readers know, I’m not a big fan of the traditional smartphone craze.
Sure, they’re really handy gizmos, but the amount of data being hoovered up and shipped off to large service providers is a bit frustrating.
As if things aren’t bad enough on that front, it gets better! It turns out that even individual APPS running on your phone are spying on you – specifically, they’re tracking your location (among other things).
What’s more, your location data can be easily linked to you as a private individual. To top it all off, this data is bought and sold to anyone who will pay – and all in the blink of an eye!
I’ve been using dumbphones for awhile now, but I started to miss some smartphone features.
Then a friend of mine mentioned LineageOS again. I decided to take the plunge… And I’m glad I did!
It IS possible to have a relatively private smartphone without all the Googley madness – even in this day and age.
But it does take a bit of time, patience, and some technical know-how.
Note that I don’t walk through the entire installation process here since it’s particular to your specific phone…
In a shocking revelation that simply re-affirmed what everyone already knew, the 9th US Circuit Court of Appeals again ruled that internet platforms have nothing to do with the First Amendment because they’re private corporations.
In a ruling on February 26th, the court said that, “merely hosting speech by others is not a traditional, exclusive public function and does not alone transform private entities into state actors subject to First Amendment constraints.”
Can’t say I didn’t see that one coming – again…
There are a few things you need to understand about staying safe and secure online. You need to realize what you’re actually up against.
But don’t fret, because it’s really not a big deal if you always keep in mind how things usually work.
For example, e-mail is never really safe, HTTPS doesn’t really always keep your connection secure, you can be tracked online very easily despite what most people will tell you, and you should always use some kind of anti-virus/malware protection no matter what OS you use.
And remember that the OS you use makes very little difference if you’ve taken some basic precautions… In fact, thinking you’re safe because you use Not Windows is probably a bad idea!
I’ll be honest: I didn’t think I had to explain any of this, because I thought it was obvious.
Given the number of recent online security breaches – including the release of really, really bad passwords – clearly it’s not so obvious.
Well, I guess I shouldn’t be surprised. After all, I think about this kind of thing as part of my work. Most people don’t. It’s my job to program things that work, but a big part of it becomes making things that other people will find difficult to exploit.
Otherwise, what’s the point? No one cares if it “just works” if some evil person out there can break it in 5 minutes! The way to go about doing this is to not program a single line of code until you’ve got the whole thing sorted in your head. Then, think about how you would hack it.
You don’t do this by thinking like yourself; you must think like someone who wants to attack you. Unless you’re a Russian chess master, you probably don’t think this way very often.
But, not to worry! The following are a few tips that will greatly increase your online security without making your brain catch on fire. Which is nice…
Here’s a fun one:
The Department of Homeland Security (??) announced that QuickTime for Windows has 2 nasty security flaws.
They also say that Apple is no longer providing updates for QuickTime for Windows, so they are recommending that QuickTime be uninstalled from Windows machines.
So… DHS? What?!
In this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as “browsing with https://”.
The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies – or anybody else with enough knowledge about how these supposedly “secure” connections actually work.
It’s true that connecting to web sites with SSL will certainly prevent “script kiddies” and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it…
We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.
This issue is, after all, so extremely important that I think everyone needs to understand what is really going on, and how web security actually works, without needing a PhD in cryptography, computer science, or engineering!
NetworkWorld has an interesting article entitled How to use electrical outlets and cheap lasers to steal data. The article discusses a presentation that will be held at the Black Hat USA conference later this month.
The deal is that two researchers are supposedly going to demonstrate how keystrokes can be read from a remote computer using either a laser, or signals transmitted over the ground line coming from a nearby computer.
While these techniques might be interesting to know about, somehow I think we have bigger things to worry about.
Read on to see what I mean…
Many people these days use a Wi-Fi (IEEE 802.11) router, or they have a broadband modem with built-in wireless. It’s amazing to me that in this supposedly “high-tech” and “high-security” age, many people still are completely unaware just how wide open their home network really is.
With a Wi-Fi modem, usually your provider will be smart enough to lock down your wireless connection for you. But if you bought a wireless router or access point and set it up yourself, there are a few things you should know to keep others from “stealing” your connection and using it for nefarious purposes…