In light of the recent nude picture leaks that have hit the headlines, TechWeekEurope has teamed up with James Mace, security consultant at ethical hacking firm Pen Test Partners, to help you stay safe and secure online, as well as keep your privacy protected.
It’s not just adults who are guilty of clicking that ‘send’ or ‘upload’ button far too willingly. Children are also at risk, with many having their own smartphones directly connected to the web.
One of the most effective steps you can take is to apply Two Factor Authentication, often abbreviated to ‘2FA’, to your social media sites. Usernames and passwords are often stolen during hacker breaches. If the victims of the breach re-use passwords, their other accounts can be compromised. 2FA is about asking for extra information when you login, something like a one-time code sent to you by text message. Without the one-time code, it is far harder to hack your account. Some ask for an extra code every time you use a new computer or smartphone – the idea is that the attacker is unlikely to have your PC/Mac/phone too, so their attack is crippled.
Many social networking services have now implemented 2FA, but it’s not always obvious how to do it. Here is Mace’s quick guide to setting up 2FA on some popular web sites:
Login to Facebook
Navigate to the user settings page via the icon. That’s one of the links in the top right hand corner of the page
Run through both the ‘Security’ and ‘Mobile’ tabs to set up 2FA
Follow on-screen instructions
Login to your account and visit the following URL: https://accounts.google.com/b/0/SmsAuthConfig
Pop in your mobile number and follow on-screen instructions.
Login to your account and navigate to the settings page.
Click ‘Security and privacy’ on the left-hand navigation panel
Then enable: ‘Send login verification requests to my phone’ (NB You will have to add your phone to the account first. If you don’t want SMS overload, just uncheck those options!
Follow on-screen instructions.
Login to your account using your apple id at https://appleid.apple.com
Click on ‘Manage your Apple ID’ located on the right-hand side of the page.
Choose ‘Password and Security’
Select ‘Two-Step Verification’ and follow on-screen instructions.
Login through the paypal.com website
Click on the image of a cog to view account settings
Choose ‘Security’ from the navigation panel
Select ‘Security Key’ and follow on-screen instructions
Some further tips to help prevent information leakage:
· It is paramount that you understand that once information has been uploaded to the web, it is often VERY difficult to remove.
· Be aware of the types of information/images you have stored on web connected devices.
· Always enable the highest setting security options for your device – advice often found on the vendor’s website.
· Ensure commonly overlooked options such as ‘auto-backup’ are turned off on sensitive albums.
It’s also worth noting that this doesn’t just apply to your current gadgets; old devices with storage capabilities have also the potential to be private data gold mines. The ‘factory reset’ option often doesn’t wipe the device sufficiently for data to be recovered, so encrypt where possible. If your device is lost, opportunists will struggle to retrieve encrypted files, particularly if your PIN is strong. And don’t rush into data migration when buying new devices; seek advice before copying one set of private selfies on to a new device
Ultimately, my advice would be to think before you upload. If you’re putting something on the internet that you wouldn’t want everyone to see, make sure you secure it. Don’t feed the pervs and trolls.
How well do you know Apple? Take our quiz!
Intel China responds after influential Chinese cybersecurity association called for a security review of its…
Gamers who sued Microsoft to halt its purchase of Activision Blizzard have agreed to the…
Meta has reportedly begun laying off staff across various departments, but as of yet there…
After blacklisting in 2020 and 2021, drone giant DJI reportedly says some of its imports…
A controlling stake in data centre cooling firm Motivair has been acquired by industrial giant…
New x86 ecosystem advisory group formed by Intel, AMD, as well as a slew of…
View Comments
2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.
Sufficiently strong passwords are the key. Generally speaking, hard-to-break passwords are hard-to-remember. But it is not the fate. It would be easily possible to safely manage many of such high-entropy passwords with the Expanded Password System that handles images as well as characters. Each image/character is identified by the image identifier data which can be any long. Assume that your password is “ABC123” and that those characters are identified as X4s&, eI0w, and so on. When you input ABC123, the authentication data that the server receives is not the easy-to-break “ABC123”, but something like “X4s&eIwdoex7RVb%9Ub3mJvk”, which might be automatically altered periodically or at each access if required.
When such high-entropy data are hashed, it would be next to impossible to quickly crack the hashed data back to the original password. Give different sets of identifier data to “ABC123” and the different servers will receive all different high-entropy authentication data. Brute-force attacking of “ABC123” and other similarly silly passwords would perhaps take less than a few seconds with dictionary and automatic attack programs but it could be an exhausting job when criminals have to manually touch/click on the display with their fingers.