The Social Media Revolution 2016 (published 31 March 2016)
An interesting look at how social media is being engaged with.
The Social Media Revolution 2016 (published 31 March 2016)
An interesting look at how social media is being engaged with.
Nicola Osborne (EDINA) live blogging about Digital Footprints….
Today I am again at the European Conference on Social Media 2016 and will be liveblogging the sessions. Today is a shorter conference day and I’ll be chairing a session and giving a poster so there may be a few breaks in the blog. As usual these notes are being taken live so any corrections, questions, …
Nicola Osborne (EDINA), lead collaborator on the Digital Footprint campaign (2014-2015), member of the research team and actively supporting students, researchers and staff at the University of Edinburgh, has just been listed in the Jisc 50 most influential HE professionals using social media.
Congratulations Nicola! It’s fantastic to have your expertise and involvement with the Digital Footprint service and research.
What does this have to do with e-Professionalism?
Imagine that your account was hacked. They may be looking to harvest information from you. Or, they could use it to make damaging posts from your social media account – a French TV station recently experienced this (http://edition.cnn.com/2015/04/09/europe/french-tv-network-attack-recovery/). Keeping your account safe keeps it in your control, which means that no one else can damage your branding.
Okay, but what about my privacy?
How much information do you put out on Social Media? Do you think they could use that information to fool someone else into thinking they were you? These attacks, commonly known as Social Engineering (in a computing context), use your personal information to bypass security systems by working with humans directly – fooling support centres (for example) into handing over your information. The less vulnerable you make yourself, the less likely you are to be a victim of this attack that can result in credit fraud or worse. Many companies have strengthened their security against Social Engineering attacks recently, but the threat still remains and people have to be wary of this as they use the internet more and more.
Is there anything else I can do?
Keeping your computer and other devices secure is also incredibly important. Our colleagues at the Information Services department have produced this succinct yet comprehensive guide into keeping all of your devices secure from a variety of security issues. Finally, security is virtuous. Once you get into good habits, they are easier to work with. Having a password manager and different (secure) passwords for everything is actually easier than having one password for everything – and massively improves your security. And once it’s set up, you can mostly leave it. On the other hand, think how much time you’d have to spend recovering from a serious breach! We hope you found this series useful! It isn’t a complete guide to online and computer security – and if you use online services and computers a lot, it really is worth spending a bit of time keeping up to date with security. However, if you followed these guides you will be in a much better position than when you started (hopefully)! Comments or questions? We’d love to read them on our social media accounts! Also, make sure you subscribe to this blog – or follow us on Twitter and Facebook – to keep up to date with what we’re doing.
Welcome back to the third part of our series on securing your social media and online accounts! This week, we’re going to look at how you can improve your security by using more than just passwords on online accounts. The great thing about passwords is that if you’ve been following our guides, you’ve got passwords that are easy for you (or your computer) to remember yet very hard for anybody else to guess. However, when computers are so powerful they can test millions of passwords every second, it is very quickly putting the security of any password under strain. A new type of security has emerged however, and it is called “two-factor authentication”. This relies on both something you know such as a password, and something you have such as your smartphone. You will enter your username and password, and then be asked for a code from your phone which it either randomly made or was texted to you. Only once you enter that will you be allowed access. The security is fantastic – assuming that there aren’t any weaknesses in the software running on their websites, a computer could test every possible password yet still not get into an account. And if an unauthorised party takes your phone, they still need to have your password.
Every website that uses 2FA (short for two-factor authentication) will have slight variations on how their version works. However, most follow this basic pattern:
As you can see it is simple. However, some websites will instead text you a code rather than use an app. Most websites use an app called Google Authenticator (https://support.google.com/accounts/answer/1066447?hl=en) but if you are on another platform you may have to find an alternative app. Some websites also use other apps – they will tell you how to get them.
Good question! As the list changes all the time, you should check this website (https://twofactorauth.org). This website will also tell you how to enable it for each service that supports it.
As many as you can be bothered to is the honest answer! However, start with the services which are most crucial and work backwards. That may mean online banking for you (contact your bank to see what they offer). Then right after, securing your email to prevent anyone from accessing all your other services as discussed earlier. If you have a Google, Microsoft or Apple account these may have lots of sensitive information saved (such as payment details) in addition to your email – they may even allow a hacker to remotely lock and wipe your devices. These accounts should definitely be a priority if you use them a lot. In general though, think about which accounts would be the worst to get hacked and start with them.
When you sign up for 2FA, most sites offer you a recovery key which YOU SHOULD KEEP SAFE!!! If you lose that, you may NEVER be able to get access to your account again if you lose your phone. This does depend on the service you use, but do ask them or research to see what would happen. You do get services that back up your authentication codes, such as Authy (https://www.authy.com), and can share them between devices. This does decrease security, but increases convenience and for many may be a good compromise. However, do your own research for this!
If you lose your phone you may never be able to login to something again. If your phone is out of charge or not on you, you may also not be able to login at that time. It will also make your day to day online life ever so slightly more inconvenient. It is up to you to decide if those are worth the very big improvements in security. As we store more and more of our important data online and those wanting to break into online services get ever more sophisticated, this may be something you want to consider using more and more.
In the last post, we looked at why and how to set secure passwords for online accounts. We even included tips on how to create easy to remember passwords! If you’ll remember however, one of our primary rules was to keep a separate password for every online service. That gets confusing really quickly! With the help of some software called Password Managers, you’ll find that setting new passwords for everything is easier than just remembering a few passwords for everything!
A password manager simply stores passwords for you, with most entering the password when you go onto a website. If you’ve ever been asked by your web browser if you want to save a password (Internet Explorer, Chrome, Firefox and Safari just to name the 4 largest browsers all offer this as do many others) then you’ve encountered a password manager before. Password managers should securely save your password, either using it’s own password to encrypt the other ones or unlocking when you log into your computer. The simplest ones store them on your computer, so it shouldn’t create any more security problems to use one. The best thing about many password managers is that they can automatically make you a new password when you register a new account or change your password, then save it! This obviously saves you a lot of time.
Good question! Today, most people will have a ‘main’ computer such as a laptop, their smartphone, the university PCs and possibly a tablet or another secondary device. There are ways to keep your passwords saved across all of these though. Some password managers save your passwords online in the cloud, which means they can be accessed anywhere with an internet connection. You may be worrying about security, and you’d be right to do so, but as long as you understand the risks and keep your password for any sort of program secure it should not be a problem. Do keep in mind though, if the service does get hacked so do all of your passwords and you will need to change them ASAP!
We don’t ‘recommend’ any service in particular, however the website Lifehacker has compiled a list of the Five Best Password Managers (http://lifehacker.com/5529133/five-best-password-managers) in January 2015, and would be a great place to look as they were voted for by the readers of Lifehacker! Most of the services listed though do cost money or require some more complicated set-up. However, if you use Apple’s products you might want to consider iCloud Keychain (https://support.apple.com/en-gb/HT204085). Alternatively, if you use Google Chrome (http://www.theverge.com/2013/4/3/4180514/google-brings-password-autofill-sync-to-chrome-for-android) this can synchronise passwords across every Chrome browser you are logged into. Again however, we do not recommend or endorse either of these services nor do we guarantee that they are secure. Whichever solution you choose, you should do research to ensure:
Password Managers can be very useful, but they are not entirely without risk (either technical or security). A good, if slightly older, discussion of this can be found on PC Pro (http://www.pcpro.co.uk/features/380377/password-managers-are-they-safe-which-is-the-best/page/0/1). If you choose to go for one, make sure you look into it and then research which one is the best for you! It’s not something you’re locked into, although it may be slightly inconvenient to move your passwords between two different password managers it can be done. So hopefully this has been an informative guide on how to improve the security and convenience of all your passwords! Our next article will look on increasing security using more than just passwords. Do you have any experience with password managers? Do you have any tips for people to help get the best out of it? Do you have any questions? Tell us via our Facebook or Twitter!
Welcome to part one in our series on keeping your online accounts secure! Today, we’re going to be dealing with one of the simplest ways to ensure that all your passwords are secure and your email account is locked down.
Most people assume that secure passwords have to be incredibly long, indecipherable strings of symbols and numbers that a computer itself would struggle to remember. While this may keep you secure, there are far easier and better ways to achieve this.
The easiest way to keep your passwords secure is to never use the same one online twice. There’s an “*” after every, because for sites that are very low risk (as in, it doesn’t matter if someone does get access), this rule could be bent slightly. But for every website that matters even slightly, use a different password for each one.
This means that if someone does get your password, they can only access one site with it which should very significantly slow down the amount of damage they can do before you can fix it all.
Secondly, you should not assume that all websites will keep your password safe. The secure way for them to store passwords is to turn it into an irreversible code, which they can compare the password to but can’t get the original password back out of (those interested in mathematics, or computer security, can read more at this Wikipedia link). However, some websites may not do this, and some websites may even be run by those who will try to use your email address and password to log into other websites.
Keeping a different password for every website reduces or removes these risks. In our next post, we’ll discuss ways that you can safely remember these passwords (no, sticky notes on monitors or Word documents on desktops don’t count!) so that this isn’t an inconvenience.
“I thought you said that there were far easier and better ways than very long complex passwords?”
Yes, there are! “S%V6Yap9ROzHj*t” is a password that was randomly generated just as this post was being written. It is very secure; long, almost impossible to guess (or remember) and very likely will be the only time this password will ever be used.
But if you’ve been on the internet for a while, you may have come across the comedic genius of XKCD. They have a rather different take on secure passwords:
As you can see, taking four simple words and putting them together makes a much more secure password than the one I suggested above.
Some websites may require capital letters, numbers, symbols or a minimum length for the password. That does help to keep a password secure; “phonebox” is very insecure, whilst “PhoneB0x1992!” suddenly becomes very secure (and isn’t much harder to remember).
Finally, pick a password suitable for the account. Anything to do with banking or money (for example, eBay, PayPal, online banking accounts etc.) should be very secure because more people will want into it than perhaps other less lucrative websites.
This one is simple. If the media reports a website has been hacked, change your password for it immediately. If you used the same password for any other websites, change it for all of those as well.
To be absolutely safe, you could consider changing your password for every website that you use – although that probably won’t be necessary. In every case, read any messages the affected websites send you and follow their instructions as well as the ones above!
Most people will have forgotten at least 1 password in their life, and we all know the drill – click “Forgot Password?”, enter your account name or email address, maybe answer a security question and they’ll email you out a reset password link or new password in a few minutes.
So if someone has access to your email account that all your other accounts send emails to, then they can access pretty much all these other accounts with not much difficulty. And that’s before you consider the amount of personal information you probably have sitting in your Inbox.
You may be tempted to create a special email account for this purpose, but you still have to keep it totally secure or the same problems emerge. Instead, make sure any email accounts handling personal emails or emails from online services are kept as secure as possible! The following posts will detail further security (and convenience) measures you can take, and you should definitely read them.
Even if you decide that it’s too inconvenient for all your other online accounts, secure your email account! It will be the best thing you can do to secure all your other online accounts.
This article was written by Connor Stuart, a 2nd Year Informatics student at the University of Edinburgh