How do I protect my Social Media accounts?

Strong Passwords and Two Factor Authentication on Social Media

This brief post is in response to a Facebook conversation I saw regarding local community leaders and public figures having problems with attempts to access their social media accounts.

I’d like to recommend two steps:

  1. Use strong passwords
  2. Switch on two factor authentication

Strong Passwords

Go to https://www.grc.com/ppp.HTM which is Steve Gibson’s Perfect Paper Passwords. Make sure you set the length of the password/pass-code you need – default is 4 you should use 10-12 (or more).

This will give you three pages of passwords you can use for all your accounts. Cross them off the list as you use them. Use a different password for each account.

This avoids people inadvertently using patterns or reusing passwords. You must use a different password for each account, to protect yourself if a service provider has a security breach and hasn’t encrypted passwords. You don’t want one breach providing the keys to all your online services.

Two Factor Authentication

Two factor authentication involves adding a factor when logging on to a service as well as your password. This can be a code via text message that is only good for a few minutes, a fingerprint or retina scan. At the current time the text message to your mobile is the most common approach.You then enter the code you have been sent. The code expires after a few minutes – so it is a one time code good for one use only.

For those of you with a historical leanings, one time codes date back to World War Two where flammable one time pads were used to co-ordinate forward air support.

To enable two factor authentication in your social media services look for settings option in your social media service. Then look for security settings. You are looking for the option where you are sent a code on your mobile phone when logging on (or in some cases where logging on a device other than your main device). It could be listed as login verification or authentication. You will then be taken through a test process that will text you a code and validate it.

Google+, LinkedIn, Twitter and Facebook all have options for two factor authentication. Your service may also have options to let you know about log in attempts from unknown devices.

Still Concerned

If you are feeling insecure check here https://haveibeenpwned.com/ to see if your accounts may have been exposed in data breaches – use your email addresses you use with online accounts.

 

Recommended TED Talk: James Lyne: Everyday cybercrime — and what you can do about it

Folks, this is an excellent presentation for a non IT Audience on IT security issues. Good clear non technical language, clear analogies, demonstrations  and examples. I particularly like that James covers Social Engineering and Browser based attacks.

Well worth the 17 minutes!

After watching the video see the discussion here: http://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it.html

Office 365 Backup Options Part 1

The basic Problem

Microsoft back up Office 365, but we’d all like our own backup, because we can sleep better that way….

My choice is different to what you might choose due to:

  • Cost – I need to find a service to suit a micro business and a micro business budget!
  • Existing services – eg I already have cloud and on site backup facilities
  • Scale of backup required – I am willing to accept more manual backup features than you, I have to consider backing up Email from Exchange – I may do this manually to allow me to choose a cheaper Office 365 back up service with fewer features. Continue reading “Office 365 Backup Options Part 1”

Getting Started with Information Rights Management and SharePoint Online (or On Premise)

Question:

“How can we protect documents that users might download from SharePoint?”

Answer:

You need Information Rights Management (IRM) service – now available in some Office 365/SharePoint online plans

And now some resources to get you started if you have SharePoint Online (2013) . Continue reading “Getting Started with Information Rights Management and SharePoint Online (or On Premise)”

Keeping up with issues arising from PRISM and all that

If you are in IT in any way, or have even a little propeller on your hat you should be listening to Security Now. Recent episodes have been explaining and covering thoroughly the mechanics and issues arising from the US government internet surveillance program.  It can get a little heavy technically at points, and I am glad I did networking at college once upon a time..but don’t let this put you off. You won’t be the first or last person to rewind and review parts of an episode. its well worth the effort.

I’ve included the video in my post, but I think its best consumed as audio – you get get it from iTunes or the link above.

Regards

Steven

How do I find out about IT security threats without the media hype?

Listen to Security Now!

I was on the road this afternoon, so I had the chance to listen to episode number 392 of Security Now. While I am a long time advocate of Security Now, I recognise it can be a bit geek heavy in places. That said, I urge any one who works in or with IT to listen to the first two thirds of episode 392 for the discussion with hosts Leo Laporte and Steve Gibson and guest Brian Krebs covering “Organized crime on the Internet, botnets, ransomware, and more”. The interview will give you an overview of what is happening on the dark side free of media hype.

The tone is informal, informative and the language isn’t geek heavy, and is suitable for all levels of IT knowledge.

Continue reading “How do I find out about IT security threats without the media hype?”

How long will your password stand up under a brute force attack?

Steve Gibson of the Security Now Podcast is always good value. He has created a client side (ie you will need Javascript enabled) application to tell you how long a password will stand up under a brute force attack. Try this with your favourite password at https://www.grc.com/haystack.htm. Be sure to read the additional information at the site.

Regards, Steven

Things I learn from Security Now, Free Microsoft Safety Scanner

While I am a fan of the Security Now podcast for Steve Gibson’s in depth, detailed, geek oriented analysis of security issues, it does have tips for end users. The lastest is the free Microsoft Security Scanner, which is an on demand tool for detecting and removing malware.

This doesn’t replace your normal anti-malware suite, it is a tool you would download (only 70MB) from time to time and run an extra security check.

 

SharePoint End User Assorted Questions

Sharing an accumulation of answers and resources covering recent questions I have been asked.

Which SharePoint books have you read and found useful?

I have both of the books below on my bookshelf at Safari Books Online. I have downloaded many chapters as pdf to my e-book reader.

SharePoint® 2010 How-To

  • By: Ishai Sagi
  • Publisher: Sams
  • Pub. Date: August 15, 2010
  • Print ISBN-10: 0-672-33335-X
  • Print ISBN-13: 978-0-672-33335-4
  • Web ISBN-10: 0-13-248748-9
  • Web ISBN-13: 978-0-13-248748-1
  • Pages in Print Edition: 400

Microsoft® SharePoint® 2010 Plain & Simple

  • By: Johnathan Lightfoot; Chris Beckett
  • Publisher: Microsoft Press
  • Pub. Date: November 1, 2010
  • Print ISBN-13: 978-0-7356-4228-7
  • Pages in Print Edition: 256

Continue reading “SharePoint End User Assorted Questions”

Twitter Lists make Twitter manageable. Here are some I made earlier…

Folks

Twitter is an undervalued resource for leads to IT and Business resources. But as I am only able to review my Twitter account every couple of days, I felt I wasn’t getting value out of it, just seeing masses of posts. So I have set up some lists, which filter the accounts you follow by categories you create.  I know I am the last person to discover this feature, but really useful, all the same!

You might find them useful, so here they are: Continue reading “Twitter Lists make Twitter manageable. Here are some I made earlier…”

Good Computer Security Advice for the normal PC user OnGuardOnline.gov

At the start of each of my application courses at a major metropolitan University, I have been asked to hand out some security “postcards” and briefly discuss anti spyware/malware security precautions. The institute wants to reduce the incidence of staff bring in problems from home to the work network. A real concern to IT departments in this age of highly mobile devices of increasing power and usefulness. The official discussion often leads to a few questions seeking explanation of the threats and what to do in response.

So I have been looking for a good Security primer on line for the general person, that I can refer people to. Continue reading “Good Computer Security Advice for the normal PC user OnGuardOnline.gov”

I’m from your ISP’s support department…

The I’m from your ISP’s support department phone call

Look folks, you know its a scam, I know its a scam. And I am just venting pointlessly, because,  only inter governmental police liaison will stop them.

It is rampant, I have had three call me in the last ten days.

Arrgh! – and now for some Hagar the Horrible style swearing @#$%^&!!!. Continue reading “I’m from your ISP’s support department…”

A Sermon on the evils of Apparently Cheap Adobe Software

Brothers and Sisters,

Gather round…

I am often asked if  a cheap price on Adobe software is a good deal. Continue reading “A Sermon on the evils of Apparently Cheap Adobe Software”