Let's get current! Breaches, leaks, and passwords...
It's been too long since our last episode. Let's get caught up and then move forward!
* It's been a challenge to do these episodes on top of being the sole person building my business. I've worked with a mentor, though, and I'm changing my process. Episodes are going to be coming much more quickly now.
* Data breaches - I talk about the Facebook and Ubiquity data breaches and what do do about them.
* 2FA/Two-factor authentication via texting and email. These are bad methods for securing your accounts. Well, OK, they're better than NOT using two-factor authentication. IF you have the option of using app based 2FA such as Authy, Google Authenticator, etc. or a hardware token such as a Yubikey, please use one of those methods INSTEAD of text messaging or email. A lot of banks (WAY TOO MANY) don't allow anything but text or email. We do our best.
* Backups - I like SpiderOak One for a secure, private data backup provider.
* Secure file sharing services - I'm playing with Boxcryptor for encrypting data inside less private services like OneDrive, Google Drive, Dropbox, Box, etc. So far it looks very good. It's not super easy to use, but it's not bad. Plus, there is a free option.
* Text messaging is NOT secure. It's very easy to steal your cellphone number for texting. This is why I don't want you using texting for two-factor authentication. There's a link to an article on this. It's a quick read!
* Apple and Google are most definitely collecting information from our devices every few minutes (at least). There's an interesting study (link below). I hope to revisit this in future episodes.
HOMEWORK FOR NEXT TIME
* Do you first, or next backup! Extra credit: Do a test restore!
* Collect your data from Facebook. Extra credit: Leave Facebook (if you can)
* Update your passwords, especially at Facebook and Ubiquity/UniFi, especially if you've been in these breaches. Check https://haveibeenpwned.com to see if you're listed there.
* Move form text (SMS) and email two-factor authentication to using Authy, Yubikey, etc. as much as possible. Links are below