Apple recently added two new features to their latest iOS 15 operating system that will help you and someone you trust access your Apple account and mobile device should you forget your password or when you die.
Setting up a Recovery Contact now will allow someone you know and trust help you regain access to your Apple/iCloud account or device should you forget your account password or device passcode.
Adding a Legacy Contact now will allow someone you know and trust access data such as your photos, messages and notes after your death.
For more details and instructions, see the Apple help articles below. If you need help with setup you may contact your tech.
Your mobile phone number has become increasingly valuable because it’s the way that hackers can gain access to your online financial, email and social media accounts. We now are encouraged to use our smartphone and attached phone number to prove who we are – often via Multi-Factor Authentication (MFA), a method that requires not only entering your username/email address and password into a website, but also entering a code or responding to a prompt sent to your cell phone.
But what if someone gained access to your mobile phone – or increasingly more common – your mobile phone number? Hackers that successfully SIM swap or port-out your phone number would have access to reset/change “forgotten” passwords and gain access to online financial, email and social media accounts.
Fortunately the major wireless carriers have taken steps to let you thwart hackers and prevent your phone number from being taken from you without your prior knowledge. It involves contacting your wireless carrier.
Instructions for the major U.S. carriers are below. If you use an MVNO (Mobile Virtual Network Operator) such as Consumer Cellular or Spectrum Mobile – call 611 from your wireless phone and ask to setup a port-out PIN or other port-out/SIM swap protection to prevent unauthorized porting of your phone number without your prior knowledge.
It’s important to protect your phone number before a hacker poses as you and takes over your phone number before you get a chance to protect it. If you need help with protecting your phone number, contact your tech.
Google announced in May that it would start automatically requiring users to adopt two-step verification as a security precaution when they sign into services such as Gmail. That plan, which the company said would expand by the end of this year to 150 million users on mobile and desktop, has now started.
What is two-step verification?
Passwords, no matter how strong, may not actually be the best way to keep online accounts secure. Two-step verification, sometimes referred to as two-step authentication, reduces the chances of hackers or other outsiders gaining unauthorized access to your information. This usually means adding an extra security step to log in, like a code sent to your phone via text or a voice call, or a code generated by a Google Authenticator, that users must enter in addition to their usual password.
Why is this happening now?
Google has been encouraging its users to enroll in two-step verification for the past few years. The company has also moved to reduce the need for its users to enter passwords and pushed the use of secure tokens, which instead allow users to sign in to partner websites and apps with a single tap. In addition to the 150 million user accounts Google will automatically enroll in two-step verification this year, creators on sister service YouTube will be required to turn it on by November 1 to access their channels. Google expects that all of its users will eventually be required to login using two-step verification, the company told Fortune.
What’s going to change for me?
You can check whether you’re already enrolled in two-step verification through Google’s Security Checkup. If you’re not, it’s likely you will be eventually. Users who regularly sign in to their account, use Google products on their mobile devices, and who have recovery information on their accounts, like a recovery phone number or email, will be among the first to be automatically enrolled. But if you’re annoyed by the idea of signing in twice, don’t worry. After setting up two-step verification on your computer, you can choose not to use it again on that particular device, and go back to using just your password when you sign in. It’s only when someone else tries to sign in to your account from another computer that users will still have to go through the two-step verification process.
All major web browsers have the option to save the login and password for the websites that you visit so it’s easier to login the next time you visit a site. If you don’t already have a password system to create secure and memorable passwords, or a password manager to store your logins and other secure information – your browser’s password manager can securely store logins for you and will suggest a strong and unique password for new websites that don’t have a saved password yet.
If you don’t want your logins visible to anyone looking at your computer or device, make sure that you use a password or PIN to access it. Below you find instructions for accessing the password manager for the most popular web browsers:
Google Chrome: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to use Google’s Password Checkup to “Check Passwords” to keep your passwords safe from data breaches and other security issues.
Microsoft Edge: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to “Show alerts when passwords are found in an online leak”.
Mozilla Firefox: In Settings > Logins and Passwords, Firefox Lockwise will display your logins with the ability to view, edit or remove passwords individually. There’s an also a default option to “Show alerts about passwords for breached websites”.
Safari: In Preferences > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also a default option to “Detect passwords compromised by known data leaks.”
You can also store and access passwords within the operating system of your device. Details for various operating systems are listed below:
You can also find out more about information leaked in data breaches and check to see if your email address has been exposed at Have I Been Pwned and Firefox Monitor.
The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion.
Topping the list of types of reported internet crimes was phishing, which more than doubled last year. People over 60 were the most common victims according to the report. Nevada had the 8th most complaints of the states and territories included in the report – yet it is the 32nd most populous.
The phishing category also includes vishing, smishing and pharming – all techniques via email, voicemail, text messaging or via fraudulent websites that attempt to trick victims into divulging personal information such as passwords or credit card numbers.
People over 60 were the most common victim – likely due to the age group growing up in a more trusting society and their less understanding of technology.
Perhaps most surprising is that Nevadans reported the most complaints per thousand people than any other state.
In summary, become educated on how to spot internet crimes so that you or someone you know doesn’t become the next victim.
A massive government and business computer hack was discovered early this month (December 2020), but the long term effects likely won’t be known for months or years as more knowledge is obtained about what companies were affected and what data may have been (or will be) breached.
Early details of the hack are explained in these comprehensive articles from CNN and CNET. The hack was spread to thousands of computer systems, altogether likely containing the private data of a majority of US citizens. That data may be compromised and leaked to miscreants if the data on those computer systems was not securely stored or encrypted. Hackers may be holding onto such data for months or years to come.
So what should the home computer user do?
Change your passwords ASAP: Data breaches usually contain email addresses and sometimes passwords. If you use the same password for different websites, you are more vulnerable to having your other accounts hacked. Click here to read the top 5 password tips that you need to know.
Make sure all of your devices are up to date: By default Windows and MacOS computers update automatically. But other internet connected software and hardware usually require manual updates – such as iOS, iPadOS, Android, internet routers, video doorbells and cameras, streaming media players, etc. If you need help making sure all of your internet connected devices have the latest security patches, please contact us.
Be suspicious of every email, phone call, SMS or browser pop-up: Initially do not trust any unsolicited email, phone call, SMS or pop-up in your web browser – particularly if it’s asking you to do something. Treat everything as “guilty until proven innocent”. See how to recognize scams and phishing attempts, and for more information review all of our security articles.
In mid-March after people were encouraged to stay at home, Zoom became a popular platform to hold online meetings. But shortly thereafter, security researchers and pranksters found flaws in the platform. Fortunately Zoom acted quickly to fix security and privacy vulnerabilities, and change default settings to help prevent ” Zoombombing ” from unwanted participants. Therefore, Zoom is now safe while remaining easy to use.
To participate in a Zoom meeting, you’ll need a camera and microphone – which is included in all modern laptop computers and smartphones. If you don’t have a smartphone and only have a desktop computer, a separate webcam is needed to participate in the meeting so others can hear and see you (optionally). Unfortunately webcams are currently in short supply, and online sellers have been charging 2-5 times the normal ~$50 average price of a webcam.
If you only want to view and listen to the meeting (and not participate), you can use Zoom on a desktop computer without a webcam.
You don’t need to have or create a Zoom account in order to participate in a meeting. Therefore there’s no login or password information to remember, or have the chance of it being discovered due to a data breach . Accounts are only required for people that host a meeting and invite participants.
Do you need help connecting with others at a distance? We can help with most online meeting platforms like Zoom, Facebook Messenger and WhatsApp, Google Duo and Hangouts, Microsoft Teams and Skype, Apple’s FaceTime, etc…
Sure it’s easy to just use the same password for everything. But with data breaches seemingly occurring on a daily basis, your email address and password that’s part of any data breach is surely being used to try to log into your email account and other accounts that hold personal, financial and other private information.
It’s been suggested by some clients that nobody would be interested in reading their email, so their email password doesn’t need to be secure or unique. However if a hacker accesses your email consider the following common occurrences:
A hacker can reset/change your email password and lock you out of your account.
A hacker can read all of your emails to figure out all the financial and shopping accounts that you do business with. With that information they can begin attempting to login to those websites, and if unable to do so – they can intercept the password reset emails sent to your email address and reset the passwords for those accounts too.
A hacker can copy your contact list and/or send emails on your behalf asking for money, gift cards or to send spam and phishing emails that appear to come from you.
Not only does your email account password need to be unique, your login information obtained from data breaches and phishing emails are also being used to login into other types of online accounts:
Online file storage and personal backup accounts – to access to any personal documents that may contain private or financial data.
Your wireless phone provider – to attempt to hijack your phone number and receive password reset codes.
Online shopping accounts – to order merchandise with your stored payment information, and have it sent to the hacker.
Online social media accounts – to impersonate you in attempt to convince friends or family to send money or gift cards to the hacker.
To create secure and unique passwords for every online account, check out how to safely manage your passwords, which includes tips for creating a secure a memorable password system.
For more information, I suggest reading this more in-depth article by security researcher and former Washington Post reporter, Brian Krebs: The Value of a Hacked Email Account.
You likely spend most of the time on your computer using your web browser. Years ago the web browser was primarily used for reading news and email. Now we can do everything from grocery shopping, managing finances, word processing, and even work in browser-based versions of powerful business applications – without leaving a browser window. Part of what has made web browsers so useful – but also potentially hazardous – is the popularity of browser extensions.
Browser extensions are applications, often developed by third party developers, that users can download to expand the functionality of their web browsers. A few different extensions that we recommend can block ads, manage passwords, manage too many open browser tabs, or save web pages to Google Drive or Evernote – just to name a few. However there’s also an abundance of extensions that promise to do great things, yet cause far more trouble than they’re worth.
Some of these “bad” extensions just cause annoyances, displaying ads or automatically redirecting you to websites that you didn’t intend to browse to. Others are more malicious, spying on your browsing, stealing your data, or injecting malware into your system. What’s worse is that some extensions start out life perfectly legitimate, but then get bought by bad actors and become malicious.
Some of our most common calls for service are due to bad browser extensions. So how do you get the most out of browser extensions without falling prey to malicious ones? Here are 5 tips:
1. Be very wary of pop-ups advertising an extension.
Many users install extensions because they are prompted to in pop-up messages on websites. You always have the option to decline the extension, or close your browser to avoid installing a persistent installation prompt. If you didn’t go to a website looking to install an extension, it’s best to decline, since a large majority of the time the website is offering something that’s in their best interest – not yours.
2. Only download extensions from websites that you trust.
Do some research into the company behind the extension you’d like to download. Many extensions are developed by companies you know, such as Google or Microsoft, and these are generally safe. If you don’t recognize the vendor, be sure to read reviews of the extension on the browser’s extension interface – such as Chrome’s Web Store or Firefox’s Add-Ons page. Often malicious extensions will receive enough bad reviews to warn careful users away.
3. Take time to read all the fine print.
Whenever you’re downloading extensions, slow down to read all the messages your browser gives you about the extension. Chrome, for example, will show you exactly what information the extension will have access to, as pictured below.
In this example, you’d need to absolutely make sure that you want to give the extension – a third party app – access to “read and change all your data” and to “capture the content of your screen” before clicking “Add extension.”
4. Don’t download extensions bundled with other apps.
We’ve written before about the potential dangers of downloading/installing free software from the web. In many cases, free software applications will include browser extensions, which the user may download without paying attention, simply because they click “Next” on the installer window without reading the fine print. When downloading anything from the internet, always be sure to read every message carefully so that you are downloading only what you want and expect.
5. Monitor extension permissions
Be wary of any permission updates from extensions you already have installed. Pay attention to notifications about new permissions, especially if the extension has changed publishers.
6. Block or close prompts to allow websites to send notifications
Though not technically a browser extension – web browsers have enabled a “feature” to allow websites to pop-up notifications from a website, even when you’ve left that site. Though it may be useful to get notification alerts when you’re favorite news website is not open, or notifications about new email or Facebook activity – some untrustworthy websites have abused the feature and are causing excessive pop-ups for unrelated content. We recommend being very judicious if clicking to “allow” notifications, and only do so on websites that you know and trust. For more information read: How to block browser notification pop-ups.
Are you getting excessive pop-ups and getting redirected to websites that you didn’t intend to visit? Please contact us if you need help cleaning up your browser.
Considering all the data breaches lately, you should be monitoring and protecting your accounts and personal information – but what is the best method for you? Should you use a credit monitoring service or subscribe to identity theft protection instead? What’s the difference between the two methods?
Credit monitoring services monitor activity on your accounts with the major credit reporting agencies (TransUnion, Experian, and Equifax). Creditors report all activities related to borrowing money, including your payment history, to credit reporting agencies. Monitoring services may monitor your history with all three agencies or be exclusive to a certain agency.
With credit monitoring, you’re alerted to various changes in your credit report – for example, when a potential creditor asks for your credit history or when new credit card accounts or loans are opened in your name. Any activity that is reported to the credit reporting agency is monitored.
However, identity theft can involve more than fraudulent loans or credit accounts in your name. Thieves can use your Social Security number and other personal information to open bank accounts, get jobs, receive government benefits – even commit crimes in your name. None of these activities will show up on your credit report because borrowing is not involved.
Identity theft protection services typically include credit monitoring and also check for non-credit related abuses of your information – or let you know that your compromised information is out there, available to thieves for future abuse. Monitoring may include dark web scans, arrest records, court filings, changes of address, and social media accounts.
Identity theft protection services may also include help to restore your identity and resolve fraudulent uses and claims, as well as identity theft insurance. However despite the marketing claims to scare you into buying such protections there are things that identity theft services can and cannot do for you.
Victims of data breaches are often offered free credit monitoring or identity protection services for a limited period of time – however you need long-term protection, especially once your personal data has been compromised. You can always cancel accounts and change passwords, but once your Social Security number is compromised, you are in for a lifelong battle with identity thieves.
Note that most credit monitoring and identity theft protection services are reactive, not proactive. They let you know when suspicious activity has occurred, but they can’t prevent it from happening. You can supplement either service by using following these proactive tips:
Shred any sensitive information before discarding it.
Be suspicious of all e-mails, text messages, pop-ups and unsolicited phone calls claiming that there’s a problem that requires your immediate reaction – such as calling an unfamiliar phone number or divulging your personal information or login credentials over the phone or via an email link.
Check your credit frequently, and consider a credit freeze on your accounts to prevent thieves from opening fraudulent accounts in your name.
Help either service by making it more difficult for identity thieves to get your information, or to use your information if they do get it. Now is the time to follow through with whatever protection you choose. Identity thieves look for the easiest unprotected targets – don’t be one of them.
Print This Article
