Digital Security

“Your identity is your most valuable possession. Protect it” – Elastigirl, the Incredibles

The Easy and Must do of App Security that is being Ignored by Many Users

As smart devices such as cell phones and digital tablets become more ubiquitous, we begin to enjoy the comfort or the nightmare of accessing our email and other digital resources from almost any location. The problem with technology has always been that security doesn’t always keep pace with the rapid growth of the accessibility of data.

The Stolen Password

Let’s start with my email application and assume someone got a hold of your email password. They have several ways to access your email. They can log in to an email application, go through a website, or use an App on a smart device. What kind of damage can they do? They might be able to reset passwords for your banking sites or some other private resource. They might use it to mass email all your contacts or such and cause embarrassment or obtain some vital information from your accountant or numerous other nefarious tactics.

The trick to protecting yourself is to set up what is known as a Multi Factored Authentication or as some refer to it as the 2-Step or 2-factor verification. The idea is when you or someone else logs into your email (or App) from a different location, a code is sent to you by means of a text, email, or a call. Without inputting this code, you can’t finalize the setup procedure, hence not being able to access the information. Pretty simple and effective. In essence, what we are accomplishing is locking down where your email can be accessed from.

This is not limited to email programs though, there are many apps that also support this feature and all you have to do is look into the App manufacturer to see if they support this. I would advise doing this for your social networking apps like Twitter, LinkedIn, Facebook, etc, and highly advise it for any sort of banking and personal financial or password management ones. You need to have these apps locked down to computers and devices so that access is limited only from them and if someone tries to access it from elsewhere, they will not be able to complete the process without the authentication.

Here are some links to email, social networking, password manager, and banking multi-factored authentication instructions. You should search for the ones not listed below that you are concerned about and activate those on your systems.

Office 365 Multi Factored Authentication Procedure: https://support.office.com/en-us/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6?ui=en-US&rs=en-US&ad=US

Apple iCloud 2-factor Authentication: https://support.apple.com/en-us/HT205075

Google 2- Step Verification: https://www.google.com/landing/2step/

Yahoo 2-step verification: https://help.yahoo.com/kb/SLN5013.html

Facebook: https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920/

Twitter: https://blog.twitter.com/2013/getting-started-with-login-verification

LastPass: https://lastpass.com/multifactor-authentication/

RoboForm: http://www.roboform.com/blog/multifactor-authentication

Wells Fargo: https://www.turnon2fa.com/tutorials/how-to-turn-on-2fa-for-wells-fargo/

Bank of America: https://www.bankofamerica.com/privacy/faq/safepass-faq.go

Security

Keep the device up to date. I am not personally a fan of being the first to update as I’ve seen problems to deter me. But if the updates are security-related, I tend to go for it after about a week or so to make sure the vendor has discovered any update issues and released a fix.

If you have any questions or concerns, feel free to Contact Us