How do I protect my Social Media accounts?

Strong Passwords and Two Factor Authentication on Social Media

This brief post is in response to a Facebook conversation I saw regarding local community leaders and public figures having problems with attempts to access their social media accounts.

I’d like to recommend two steps:

  1. Use strong passwords
  2. Switch on two factor authentication

Strong Passwords

Go to https://www.grc.com/ppp.HTM which is Steve Gibson’s Perfect Paper Passwords. Make sure you set the length of the password/pass-code you need – default is 4 you should use 10-12 (or more).

This will give you three pages of passwords you can use for all your accounts. Cross them off the list as you use them. Use a different password for each account.

This avoids people inadvertently using patterns or reusing passwords. You must use a different password for each account, to protect yourself if a service provider has a security breach and hasn’t encrypted passwords. You don’t want one breach providing the keys to all your online services.

Two Factor Authentication

Two factor authentication involves adding a factor when logging on to a service as well as your password. This can be a code via text message that is only good for a few minutes, a fingerprint or retina scan. At the current time the text message to your mobile is the most common approach.You then enter the code you have been sent. The code expires after a few minutes – so it is a one time code good for one use only.

For those of you with a historical leanings, one time codes date back to World War Two where flammable one time pads were used to co-ordinate forward air support.

To enable two factor authentication in your social media services look for settings option in your social media service. Then look for security settings. You are looking for the option where you are sent a code on your mobile phone when logging on (or in some cases where logging on a device other than your main device). It could be listed as login verification or authentication. You will then be taken through a test process that will text you a code and validate it.

Google+, LinkedIn, Twitter and Facebook all have options for two factor authentication. Your service may also have options to let you know about log in attempts from unknown devices.

Still Concerned

If you are feeling insecure check here https://haveibeenpwned.com/ to see if your accounts may have been exposed in data breaches – use your email addresses you use with online accounts.

 

Keeping up with issues arising from PRISM and all that

If you are in IT in any way, or have even a little propeller on your hat you should be listening to Security Now. Recent episodes have been explaining and covering thoroughly the mechanics and issues arising from the US government internet surveillance program.  It can get a little heavy technically at points, and I am glad I did networking at college once upon a time..but don’t let this put you off. You won’t be the first or last person to rewind and review parts of an episode. its well worth the effort.

I’ve included the video in my post, but I think its best consumed as audio – you get get it from iTunes or the link above.

Regards

Steven

How do I find out about IT security threats without the media hype?

Listen to Security Now!

I was on the road this afternoon, so I had the chance to listen to episode number 392 of Security Now. While I am a long time advocate of Security Now, I recognise it can be a bit geek heavy in places. That said, I urge any one who works in or with IT to listen to the first two thirds of episode 392 for the discussion with hosts Leo Laporte and Steve Gibson and guest Brian Krebs covering “Organized crime on the Internet, botnets, ransomware, and more”. The interview will give you an overview of what is happening on the dark side free of media hype.

The tone is informal, informative and the language isn’t geek heavy, and is suitable for all levels of IT knowledge.

Continue reading “How do I find out about IT security threats without the media hype?”

How long will your password stand up under a brute force attack?

Steve Gibson of the Security Now Podcast is always good value. He has created a client side (ie you will need Javascript enabled) application to tell you how long a password will stand up under a brute force attack. Try this with your favourite password at https://www.grc.com/haystack.htm. Be sure to read the additional information at the site.

Regards, Steven