Why you shouldn’t save your passwords

 

As a tech who has been in this industry for 10 years now, I’ve come across a myriad of issues I’ve had to fix, ranging from the simple and mundane to the complex and long-standing. Enjoying the satisfying feeling I get from solving the problem, seeing a big smile come across the face of the customer, followed by a big sigh of relief and elation. I’ve noticed one thing that’s always re-occurring. While this is one of the many things that will keep me in business and guarantee never ending work, it’s also the biggest pitfall I see people not take seriously enough. Both techie’s and user’s alike. 

That is saving your passwords. I know it’s convenient and you have lots of passwords for different things to remember, but please understand the slight inconvenience associated with the extra effort it takes to remember and/or safely store said password, pales in comparison to the fallout that occurs when your account gets hacked and your identity gets stolen as a result of your negligence. 

There are many ways to go about building the habit of properly creating and storing your passwords. including ways to remember them. Even though I always suggest memorizing your password’s I know that’s not always an option for everyone. 

1) You can make your password, from a passphrase, a quote, a line from a song or poem, that only you know. Like a favorite cartoon, movie or food item. Anything that helps you meet most password complexity requirements and makes it harder for anyone who isn’t you, to guess it. 

2) Don’t use the same password across different sites or accounts. From online banking and bill pay, to shopping and social media, the last thing you want to do is have one password unlock your whole internet life, that easily. As I always tell friends and family, if someone decides to hack your account, make them work for it, at least.  

3) Store your password in a safe and easily accessible place for you. This can be in a notebook if you prefer the old school approach, a tablet/iPad or any digital note taking app on your phone that can be accessed from your computer/ tablet or alternate device. I reccommend going the digital route as notebooks can be misplaced, and if you don’t find it, there goes your passwords. The digital option is more reliable, as long as the battery isn’t dead. You can also take a picture of the passwords in your notebook, as a middle ground compromise, as well. 

4) Another way to store your passwords is using software that acts as a vault (such as google password manager or bitwarden, etc.) This is a web browser plug-in that saves and encrypts your password and automatically enters it into the website you visit when prompted. This option is highly utilized however I don’t suggest it, because that option is locked down to your device and if you use an alternate device, that your profile isn’t signed into (on that browser) you have to enter your password manually anyway.

The reason I’m so adamant about safeguading your passwords, is because unfortunately data breaches happen very often and you never know when a hacker is trying to log into your account. Enabling MFA (multi-factor authentication) at the bare minimum, in addition to creating stronger, more unique passwords, are required now. Plus that added step gives you a warning of attempted break-in, in the rare event they actually guess your password. I had such an experience recently with my linked in account.  

I received a alert in my Google e-mail, stating a hacker tried to access my account and they were located in germany. Opening my e-mail it asked me if I was trying to log in and asking me to approve that log-in. Obviously I didn’t approve it, plus given the time difference, i’m sure that prompt expired, long before I saw it. Despite the fact that I was “saved” in that instance, I became paranoid, as I had no idea my data attached to that e-mail had been breached. Up until this point only one other e-mail I was notificed was leaked during a company data breach. So how did they even get that far on this account?

I then did a deep dive with my e-mails and Google: I changed all the passwords to all of my accounts, enabled a third form of MFA, and cleared all the old password data and browser cache’s. I was mortified to discover that not only was there data stored in browser settings that I had previously declined for it to be saved. (such as passwords, payment cards, addresses, etc.) but there was even other people’s e-mails and saved data that I discovered in my cached settings.

I saw two people’s e-mail address/ username and password as well as the websites it belonged to, saved in the cached settings. I won’t reveal here what they are, out of respect for their privacy, however I am still not sure how it got there and why it was there all that time. So if I ever had the gumption to log into those accounts and do “damage” for those two people, I wouldn’t have to do any work. The info I needed was waiting there for me. 

That made me question whether these browsers shared that same cached info with other people who also used the same one. My paranoia went into full effect, and I started scrubbing the data from the other browser’s I’ve used to access other data- sensitive websites. Going down that rabbithole, I checked the websites I frequently access to see if any login data was saved. While I have changed how I log into those websites; while exploring pinterest, I saw pins and sections that sold people’s data. 

Yes, on Pinterest, of all places, had pins that were titled “Do you want free netflix?” If you clicked on that Pin, you were brought to a web page that had a list of peoples e-mail address and passwords that if used, you can see if you can log into a netflix account and enjoy that service on someone else’s dime. Netflix has since changed how it’s services work, by preventing anyone from utilizing an account that is outside of the household of the primary account holder. That decision was possibly made from an economic standpoint, as a means of “making” people to get their own account so they can use the streaming services, inevitably it helped secure the accounts of it’s customers, as regardless if anyone get’s their credentials, they won’t be able to use it without paying for it. As they aren’t located in the account holders’ household. 

Google: Case study in business ethics of their suit and data breach

Google: My gmail email is compromised (found out on capital one credit tracker) but that might not be the fault of google as opposed to where they got my e-mail from 

Pinterest: Has a section that’s “selling” and displaying account login and passwords for everything from Netflix to bank accounts, birth certificates and credit and gift cards. Some of these things are expired but the fact that they’re up there in general is bad enough. 

Solutions: Password manager- shaky, it’s cloud based but if it opens all your stuff is in there. It can scramble passwords but if you have to enter your stuff elsewhere you don’t know it.

Notebook- can get lost, the ink fades, have to remember to look for that book

Tablet- You can save it in a digital planner if you have a tablet or phone that you use for everything- safer- but must be used and battery charged efficiently to use it. (Utility wise)

Regardless of that do these solutions as well: 

-Create passwords based off of events in your life. Things that are near and dear to you, it’s harder for people to guess such minute/ minuscule information, but easy for you to remember

-Change your password syntax regularly. It doesn’t have to be a major change, just capitalize what was once lowercase, change the symbol you used last time and/ or add something to the password that wasn’t there before 

Please for the love of god, don’t save any passwords in your web browsers, not only does it make it easier to access and hack your stuff, but if you ever change the password to that particular website, the old password doesn’t automatically sync, which leads to conflict; thus locking you out of you’re stuff due to the conflicting password mismatch. 

Why you shouldn’t save your passwords

30.3.24

How to stop broadcasting your SSID

 

You get a new wifi router, open up your internet service provider account, and you are excited to have access to your network.  Setting up your wifi network for the first time can be both an exciting and complex experience. Access to a reliable internet service is a game changer, as you are putting yourself in the driver's seat to acquire more opportunities with it.  Whether technically savvy or need step-by-step instructions; to set up your network,  identify your SSID, and set up the password, I want to assist you with how to better protect and gatekeep your access to your wireless network. 

From a security standpoint, you protect that which you value. While wireless connectivity isn't a "tangible" asset, access to it is. As stated before, having reliable access to it opens up a world of opportunities for you and everyone else who get's a hold of it. Securing your SSID, along with other aspects of your home wireless network, is not only necessary but essential to get the most out of your internet service. Below are the steps you need to take and why they're necessary. 

Stop Broadcasting your network SSID-  This means the name of your wireless network, upon set-up, needs to not broadcast and be visible to anyone looking to connect to any available wireless network in a radius of them. In short, they can't hack something that they can't see. The easiest way to do this is to log into your router by navigating to the admin portal IP Address (while connected to your home network) and signing into it with the credentials. 

Change the default admin password- On your router to something more familiar to you. While you're at it, change the name of the SSID too for your network. You want to make it very hard for anyone who is looking for a wireless network to hack to be able to access yours/ Changing the SSID from the default routers name to something more familiar to you stops anyone who is familiar with your router from being able to google and guess the default admin and password to log into that router.    

Set up a guest network- On your router, so when people come over, they have their own network to connect to. It's a win-win as if you're unsure how secure their devices are; they can still have a connection, and you can keep your own network safe. As with your original SSID, don't broadcast it, either.   

Set up your own Vlan- This is a more advanced step as it requires a little more configuration, but this is another layer of security with its added benefits. If you'd like to create your own ad hoc home network with your wireless connection, doing so will increase your ability to secure access to your home network. You can do this by logging into the router and go the advanced tab, click the security tab and then go to the mac filtering section and manually add each devices' mac address. This will keep unauthorized devices out of your network. 

Set up your own VPN- A VPN is a virtual private network that encrypts your connection from a remote location back to your home network. This is important when you are accessing documents and files located on your home network. This is integral in hardening your network against outside attacks from hackers. Before doing so make sure you update your firmware and generate the certificate needed to set it up. 

 

You can get to the VPN settings by clicking the advanced settings, scrolling down to the VPN tab and selecting which VPN option you want to setup.

Make sure you upgrade the firmware: You can do so by clicking the advanced tab, then system tools and then firmware option. In the resulting box, click the option to upgrade the firmware. 

To be the most secure, I advise doing all the above to ensure the best chances of securing your network and all its access points. For more in-depth information on the philosophy behind hardening your network and testing to see if your home network can be hacked, refer to the video here. 

     

How to stop broadcasting your SSID

27.12.22

How to tell if your phone's been Hacked.

 

 Phone hacking is one of the more sophisticated technical ways of acquiring your personal and financial information. It's not much different than hacking into your computer, because smartphones are just that. Portable, mobile computers. With the increased use of smartphones, how easily accessible the internet has become, along with the advent of social media platforms, it's not hard to see how easily personal information can be shared and utilized to impersonate someone to gain access to other accounts, attached to their name.

 

 

 This is why it's imperative that you be more vigilant than ever, when it comes to safeguarding your stuff; including your identity. Most hackers and scammers tend to go for the easiest target first, and then work their way up, from there, in terms of level of difficulty. This happens as a result of what the hacker stands to gain from successfully accessing your financial and personal information. Since this is a never-ending always evolving practice, I have listed below some pointers' that suggest your device might have picked up some malware that aids in transmitting your information, unknowingly, thus making you an easier target. 

 

 

If you notice your phone is running slower than usual- While this can be the result of several things; normally you can pinpoint the exact chain of events that lead to your phone slowing down, overtime. Whether's it's accumulated updates throughout the lifetime of ownership of your device, the amassed data, that's stored on your phone from all of the apps downloaded; or even the regular data that's taking up space such as pictures and other files. In the absence of these factors, your phone slowing down suddenly and tremendously is a good indicator that malware or spyware is on your phone and feeding your info to an external source. That process is what is causing/ contributing to the degraded performance of your phone.  

 

 

Your phone either heats up or overheats quickly- Temperature variables aside, similar to the previous point, if you notice your phone is heating up quickly and you're not overclocking, over utilizing or running a resource intensive application or game on your device, chances are whatever malware/spyware that's on your phone is feeding your information back to the host, externally. This action can contribute to the high temperatures being generated, while seemingly being in normal use by you.  

 

 

You are getting strange pop-ups, multiple unsolicited ads- If you're surfing the interwebs, on your device and notice that the websites you normally visit have more frequent and pervasive ad's and pop-ups, and there is a marked difference between your experience's there. This can indicate that something has downloaded on your phone is running in the background causing this distortion, to how it normally operates.  To test this, I often suggest going to the same website on other devices to see if the changes on your device, appear elsewhere. If so, then the website is to blame, if not, then run a virus scan on your phone immediately.

 

 

Frequently visited websites now look different in your browser-This is a dead giveaway that you have a virus or some form of malware on your device. If you notice that websites you frequently visit all of a sudden look "different", are redirecting to another website or just isn't loading or operating the way it used to before; your device is definitely infected with malware and you need to run a virus scan immediately.

 

 

You notice strange phone numbers, texts and e-mails that you didn't originate- Also includes seeing mysterious apps appear on your phone, where  you have no recollection, of downloading them. Often times, if a person has been hacked, this symptom is what I call the "calm" before the storm. Reason being is because by the time things get to this point, the hacker already has other personal information, from your device, in their possession.

 

 

Aside from running a virus scan immediately I highly suggest you check all of your bank and financial accounts (on another non-infected device) and put a lock on any and everything that may be accessible to anyone who has your username and password or any information, they can use to that end. This is a good time to change passwords and set up multi-factor authentication, including resetting your phone back to a factory reset.

 

 

While I personally advice having your data backed up and syncing elsewhere to a cloud account, I suggest this level of caution, as whatever is feeding your information to a third party; needs to be stopped immediately. While not knowing to what extent the damage that was done; the sooner we mitigate it, the better off you'll be.  

 

 

While this gives you a brief overview of how to avoid being hacked in general, you can still utilize the tips here to better protect yourself behaviorally, no matter what device you use. There are a few anti-virus software options (some are free) that you can employ to help scan for malware, spyware and worms and other viruses' on your desktop and mobile devices in addition to helping to get rid of them. One that I often employ is Avast. McAfee and Norton are also two other choices to pick from. These brand's have options that are available for download on both your laptop, desktop and mobile devices.

 

 

 

While surveying the habits and patterns that often put you at risk, I implore you to make the behavioral changes, as soon as you become aware of them. The quicker you implement what you learn, the faster it sticks and the more beneficial it is to you in the long run. There's always something you can do to protect yourself from being a target and making it harder for hackers to easily glean your personal information. For a shorthand way to keep these reminders accessible to you, please refer to the checklists below that denote if your mobile device has been hacked. 

 

How to tell if your Android is hacked

How to tell if your iPhone is hacked

How to tell if your phone's been Hacked.

26.10.22