💾 Archived View for gmi.noulin.net › mobileNews › 5206.gmi captured on 2023-01-29 at 05:33:34. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
2014-10-13 10:39:50
By Colin Barras
It s impossible to be 100% secure online, but as Colin Barras explains, there
are a few non-obvious tricks that anyone can use to be safer.
Why should I care about online security?
It s tempting to assume that only big businesses or big celebrities have to
worry about their online security. After all, personal information like our
photographs aren t as interesting to anonymous hackers as compromising pictures
of Jennifer Lawrence and other Hollywood A-listers, are they?
But the truth is we all have photos and messages we would prefer to keep
private, and information like credit card details we would like to keep safe.
According to a report by security software-maker McAfee and the Washington
think tank Center for Strategic and International Studies, more than 40 million
people in the US had their personal information stolen last year, as well as 54
million in Turkey, 20 million in Korea, 16 million in Germany and more than 20
million in China.
While it would be a mistake to think that the data we store online can ever be
100% safe, it would also be an error to assume that we can t make our email
accounts and the data including photographs that we store in the cloud a
little bit more secure with very little inconvenience.
I m pretty sure I don t store anything in the cloud, thanks
Many of the celebrities at the heart of the recent leaks may have thought the
same. But as cloud services grow it s becoming common for devices like
smartphones to upload user data to remote servers by default. If you re at all
worried about some of your photos falling into the hands of malicious parties
it s probably not a bad idea to check your phone settings to see what data is
being automatically backed up to the cloud, and disable automatic uploading.
Still, there s no doubting that the cloud can be very useful ask anyone who
has lost all their photos and contact information because they lost or broke
their phone. Fortunately there are other actions you can take to keep your data
in the cloud safe. Probably most importantly, you ll want to consider using a
strong and secure password.
So what makes a good password?
For starters, some computer security experts say that password length is more
important than complexity, which means that a 16-character memorable password
like ilovemysportscar is more difficult to guess than an eight-character
unmemorable password like T9$ey!!q . This is because there are far more total
possible combinations of 16 characters than eight, meaning malicious software
must take longer to hunt through all the possible options to find the correct
password. One survey found that 22% of strong eight-character passwords that
contained numbers and symbols could be cracked after 10 billion guesses
compared with only 12% of 16 character passwords.
In his book How to Predict The Unpredictable, the author William Poundstone
proposes other tips, such as including avoiding obvious number substitutions
most people substitute the letter I with a 1 , for example, which creates a
false sense of security. Better would be to create a seemingly random string
from the first letters of a phrase you have memorised. (As an illustration, the
previous sentence in this paragraph could become: bwbtcasrsftfloapyhm ).
Alternatively, you might choose a random string of letters and numbers, and use
it to create a nonsense sentence. So, the (admittedly too short) password
RPM8t4Ka , explains Poundstone, might become Revolutions Per Minute, 8 track
for Kathy .
I don t know what it means, he writes, but I do know it s fairly easy to
remember.
OK, that s my email password changed. Am I safe now?
Not completely. Even a 16-character password is useless if you inadvertently
hand it over to a hacker. Unfortunately, that s all too easily done. Use an
unsecure wi-fi hotspot, for example, and an eavesdropper on the same hotspot
can easily monitor your internet activity and read your passwords. If you re
not prompted to enter a password to access a wi-fi hotspot, there s a good
chance it isn t secure. It s probably best to restrict your online activity to
basic browsing on these wi-fi hotspots, and perform more sensitive actions
(checking email, uploading data to the cloud) on your home wi-fi or using your
phone s secure data network look for the 3G or 4G symbol on your screen.
You can actually go one step further for minimal extra fuss. Install a virtual
private network (VPN) app on your phone, switch it on when you re on a wi-fi
hotspot and it will essentially make it more secure: the app scrambles all of
the data from your online activity including the passwords you use to check
email in a way that makes it unintelligible to eavesdroppers. VPNs aren t
free, though, so privacy comes with a price.
And that should protect me from data theft?
It s a start but you ve still got work to do. We don t know for sure how
hackers compromised the online accounts of the celebrities at the centre of the
recent leak. There s some evidence that they exploited a vulnerability in Apple
s iCloud service to repeatedly guess the user password until they found the
correct one. But there is another way to gain access to someone s account, no
matter how strong their password is. If you know the person s username, you can
ask the service provider to reset their password using the forgot my password
function. To work this particular trick a hacker needs to know a little
information about the person whose account they are trying to access things
like their date of birth, their mother s maiden name, or the first school they
attended so they can guess the answers to the security questions that must be
answered to reset the password.
Of course, celebrities will find it difficult to keep this kind of personal
information secret, which makes them particularly vulnerable to this form of
attack Sarah Palin s email account was hacked this way in 2011. But many of
us are all too willing to publish online the personal information we rely on to
protect our passwords many of us display our full date of birth on a social
network profile, for instance. Navigating the privacy settings on social
networks to hide this data is often not easy, but in the interests of keeping
your data secure, it s probably worth taking the time to make sure this
sensitive information is kept out of sight of potential fraudsters.
Some people even advocate using false information on social networks like an
incorrect date of birth or un-birthday to keep your identity elsewhere
secure.
OK, I ve done all that. Am I finally safe?
Sadly, probably not. But you ve certainly made life more difficult for hackers.
And there s one final trick you can use to add an extra layer of security. Many
email and cloud services now offer two-factor authentication. With this service
enabled, simply entering your correct password on a website won t immediately
offer you access to your account instead it might trigger an automated call
or text message to your mobile phone that requires you to punch in a PIN to
complete the sign-in process. The idea is that confirming your identity twice
is more secure than making you confirm it just once.
So I have to memorise, or do, yet another thing, then?
As with almost all of these security measures, two-factor authentication adds a
little bit of inconvenience every time you want to access your account. Not
everyone is prepared to trade convenience for security. But the bottom line is
that we each have to make a personal decision about just how seriously we value
our online privacy.
Is my personal information ever going to be more secure?
As The Economist noted earlier this year Securing cyberspace is hard because
the architecture of the internet was designed to promote connectivity, not
security. And this will get harder over the next few years and decades, as the
internet of things begins to flourish where billions of devices, from cars
to household appliances to medical equipment, will be connected to the web.
The tactic of pumping out new software as fast as possible and then issuing
patches later to fix flaws in the code may be tolerable if all that is lost is
data, but if it involves personal safety, consumers will be less tolerant,
noted The Economist. And if we want companies to be more proactive in keeping
our information safe, then it s all the more reason why we need to make sure we
take enough precautionary steps ourselves.