💾 Archived View for gmi.noulin.net › mobileNews › 5206.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

The secret to staying safe online

By Colin Barras

It s impossible to be 100% secure online, but as Colin Barras explains, there

are a few non-obvious tricks that anyone can use to be safer.

Why should I care about online security?

It s tempting to assume that only big businesses or big celebrities have to

worry about their online security. After all, personal information like our

photographs aren t as interesting to anonymous hackers as compromising pictures

of Jennifer Lawrence and other Hollywood A-listers, are they?

But the truth is we all have photos and messages we would prefer to keep

private, and information like credit card details we would like to keep safe.

According to a report by security software-maker McAfee and the Washington

think tank Center for Strategic and International Studies, more than 40 million

people in the US had their personal information stolen last year, as well as 54

million in Turkey, 20 million in Korea, 16 million in Germany and more than 20

million in China.

While it would be a mistake to think that the data we store online can ever be

100% safe, it would also be an error to assume that we can t make our email

accounts and the data including photographs that we store in the cloud a

little bit more secure with very little inconvenience.

I m pretty sure I don t store anything in the cloud, thanks

Many of the celebrities at the heart of the recent leaks may have thought the

same. But as cloud services grow it s becoming common for devices like

smartphones to upload user data to remote servers by default. If you re at all

worried about some of your photos falling into the hands of malicious parties

it s probably not a bad idea to check your phone settings to see what data is

being automatically backed up to the cloud, and disable automatic uploading.

Still, there s no doubting that the cloud can be very useful ask anyone who

has lost all their photos and contact information because they lost or broke

their phone. Fortunately there are other actions you can take to keep your data

in the cloud safe. Probably most importantly, you ll want to consider using a

strong and secure password.

So what makes a good password?

For starters, some computer security experts say that password length is more

important than complexity, which means that a 16-character memorable password

like ilovemysportscar is more difficult to guess than an eight-character

unmemorable password like T9$ey!!q . This is because there are far more total

possible combinations of 16 characters than eight, meaning malicious software

must take longer to hunt through all the possible options to find the correct

password. One survey found that 22% of strong eight-character passwords that

contained numbers and symbols could be cracked after 10 billion guesses

compared with only 12% of 16 character passwords.

In his book How to Predict The Unpredictable, the author William Poundstone

proposes other tips, such as including avoiding obvious number substitutions

most people substitute the letter I with a 1 , for example, which creates a

false sense of security. Better would be to create a seemingly random string

from the first letters of a phrase you have memorised. (As an illustration, the

previous sentence in this paragraph could become: bwbtcasrsftfloapyhm ).

Alternatively, you might choose a random string of letters and numbers, and use

it to create a nonsense sentence. So, the (admittedly too short) password

RPM8t4Ka , explains Poundstone, might become Revolutions Per Minute, 8 track

for Kathy .

I don t know what it means, he writes, but I do know it s fairly easy to

remember.

OK, that s my email password changed. Am I safe now?

Not completely. Even a 16-character password is useless if you inadvertently

hand it over to a hacker. Unfortunately, that s all too easily done. Use an

unsecure wi-fi hotspot, for example, and an eavesdropper on the same hotspot

can easily monitor your internet activity and read your passwords. If you re

not prompted to enter a password to access a wi-fi hotspot, there s a good

chance it isn t secure. It s probably best to restrict your online activity to

basic browsing on these wi-fi hotspots, and perform more sensitive actions

(checking email, uploading data to the cloud) on your home wi-fi or using your

phone s secure data network look for the 3G or 4G symbol on your screen.

You can actually go one step further for minimal extra fuss. Install a virtual

private network (VPN) app on your phone, switch it on when you re on a wi-fi

hotspot and it will essentially make it more secure: the app scrambles all of

the data from your online activity including the passwords you use to check

email in a way that makes it unintelligible to eavesdroppers. VPNs aren t

free, though, so privacy comes with a price.

And that should protect me from data theft?

It s a start but you ve still got work to do. We don t know for sure how

hackers compromised the online accounts of the celebrities at the centre of the

recent leak. There s some evidence that they exploited a vulnerability in Apple

s iCloud service to repeatedly guess the user password until they found the

correct one. But there is another way to gain access to someone s account, no

matter how strong their password is. If you know the person s username, you can

ask the service provider to reset their password using the forgot my password

function. To work this particular trick a hacker needs to know a little

information about the person whose account they are trying to access things

like their date of birth, their mother s maiden name, or the first school they

attended so they can guess the answers to the security questions that must be

answered to reset the password.

Of course, celebrities will find it difficult to keep this kind of personal

information secret, which makes them particularly vulnerable to this form of

attack Sarah Palin s email account was hacked this way in 2011. But many of

us are all too willing to publish online the personal information we rely on to

protect our passwords many of us display our full date of birth on a social

network profile, for instance. Navigating the privacy settings on social

networks to hide this data is often not easy, but in the interests of keeping

your data secure, it s probably worth taking the time to make sure this

sensitive information is kept out of sight of potential fraudsters.

Some people even advocate using false information on social networks like an

incorrect date of birth or un-birthday to keep your identity elsewhere

secure.

OK, I ve done all that. Am I finally safe?

Sadly, probably not. But you ve certainly made life more difficult for hackers.

And there s one final trick you can use to add an extra layer of security. Many

email and cloud services now offer two-factor authentication. With this service

enabled, simply entering your correct password on a website won t immediately

offer you access to your account instead it might trigger an automated call

or text message to your mobile phone that requires you to punch in a PIN to

complete the sign-in process. The idea is that confirming your identity twice

is more secure than making you confirm it just once.

So I have to memorise, or do, yet another thing, then?

As with almost all of these security measures, two-factor authentication adds a

little bit of inconvenience every time you want to access your account. Not

everyone is prepared to trade convenience for security. But the bottom line is

that we each have to make a personal decision about just how seriously we value

our online privacy.

Is my personal information ever going to be more secure?

As The Economist noted earlier this year Securing cyberspace is hard because

the architecture of the internet was designed to promote connectivity, not

security. And this will get harder over the next few years and decades, as the

internet of things begins to flourish where billions of devices, from cars

to household appliances to medical equipment, will be connected to the web.

The tactic of pumping out new software as fast as possible and then issuing

patches later to fix flaws in the code may be tolerable if all that is lost is

data, but if it involves personal safety, consumers will be less tolerant,

noted The Economist. And if we want companies to be more proactive in keeping

our information safe, then it s all the more reason why we need to make sure we

take enough precautionary steps ourselves.