iPad is one of the safest computing devices you can use

July 4, 2013

I haven’t addressed this since 2010 so it is worth repeating again.  The iPad is one of the safest computing devices you can use, probably more secure than your PC, but you have to set it up properly.

First, the biggest security risk probably is physically losing the device. iPads are a great size and easy to carry everywhere, which also makes them easy to leave behind or forget. Luckily for us Apple gave us “Find My iPad.”  Under Settings-> iCloud->turn on Find My iPad.  You also have to have location services turned on, so go to Settings->Privacy-> then turn on Find My iPad (while you are there check to see what other apps are using location services).  And of course you have to have an iCloud account.  You should also enable Remote Wiping, which allows you to delete the data on a lost iPad (as long as it can connect to the Internet). But again to do this you will need an iCloud account which is configured in Settings -> Mail, Contacts, Calendars -> iCloud.  This service also allows you to remotely send a signal to the device to play a sound and/or to display your phone number and a message that the device is lost and ask the person that finds it to call you.  And if all that fails, to wipe the device. It’s a great service!  Find my iPad is actually misnamed, because the same service works on iPhones, iPads, MacBooks, iMacs, basically all your Apple devices.

Also, all iPads ship with hardware encryption built-in, but you need to enable it. The simplest way to do that is to set a passcode on your iPad. As soon as you do, your data will be automatically encrypted. To enable a passcode, go to Settings -> General -> Passcode Lock and then enter a four-digit code twice. If you’d like to be extra-safe, on that same page, you can turn the Simple Passcode option to off then you can then use longer codes. You should also set Require Passcode for no more than 5 minutes and turn Erase Data on.  And please turn on Auto-Lock!

Note: if you have small kids that play with your iPad, you may not want to turn on Erase Data.  Erase Data will erase all the data on your iPad if the wrong passcode is entered 10 times. Something a little one just might do.

You can find more information at:

http://www.apple.com/ipad/business/it-center/security.html

and

http://images.apple.com/ipad/business/docs/iOS_6_Security_Sep12.pdf

 

And if you use wifi hotspots like those you find at Starbucks, McDonald’s, or at hotels / airports please use a personal VPN!

https://www.witopia.net/support/why/
http://netsecurity.about.com/od/perimetersecurity/a/Why-You-Need-A-Personal-Vpn-Service.htm

I personally like https://www.witopia.net  and the price point is good.  But you can find other options at:  http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm

On my iPhone I have done all the above (again, please at least turn on a passcode and auto-lock) plus I have also turned OFF “Siri” and “Reply with Message” under “Allow Access When Locked” on my iPhone.

 

 

 

 

 

 

Links:

https://yourcto.wordpress.com/2010/10/14/security-on-your-ipad/

http://www.apple.com/ipad/business/it-center/security.html

http://images.apple.com/ipad/business/docs/iOS_6_Security_Sep12.pdf

https://www.witopia.net/support/why/

http://netsecurity.about.com/od/perimetersecurity/a/Why-You-Need-A-Personal-Vpn-Service.htm

http://netforbeginners.about.com/od/readerpicks/tp/The-Best-VPN-Service-Providers.htm

Advertisements

2-step verification for gmail

January 7, 2013

In my earlier post on my most use iPhone and iPad Apps in 2012 I mentioned that I hope by now you are using 2-step verification. Google provides us with this great free tool to help better secure your Google account, but you have to opt-in and set it up for it to do you any good.

Basically, once you have 2-step verification turned on and set up, you use your smart phone (android or iOS) as a key fob. The Google 2-step verification app provides a new 6 digit number ever minute. So now instead of just a simple user name and password protecting your Google account (ie your gmail), you now have your user name, your password, and the six digit number from the 2-step verification. Unless the bad guy trying to get into your account has access to your phone and knows your password it is now much much harder for them to get access to your account.

The official Google blog walks you through the process to set up 2-step verification and I don’t think I can improve on what they wrote, so just follow their simple directions:
http://gmailblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

Links:


Is it time to clean up your old internet accounts? Or, who really uses MySpace anymore?

March 13, 2012
So, I was cleaning out my junk mail this morning and found a phishing scam that was made to look like it was from MySpace.  My first thought was – “Wow, I haven’t been to my MySpace page in years, why am I getting an email from them?”  But that thought was quickly replaced by – “What a lame phishing scam, and why would you use MySpace?” 

But that got me thinking, why do I have a MySpace account still? I haven’t been to my page in literally years. What purpose does MySpace serve for me anymore? And with all the websites getting compromised out there, do I want my private information just sitting on their servers? Or passwords?  I use different passwords on each website, but many people use the same password across multiple websites, if one of those old websites gets hacked how many other website will the hackers have access to? Even if they don’t get hacked, what if they change their privacy policies to give away all my info?  I’m not reading their policies anymore.  Or what if they go out of business and new buyers use the data for who knows what?

 

But I don’t mean to pick on MySpace, the thought applies to all my old accounts on too many sites to count.  Like Excite. Who uses Excite for email anymore? I was able to finally guess what my password was on MySpace, but I have no idea anymore what my Excite password was.  And to retrieve your password Excite forces you to know your zip code when you signed up.  I’ve moved way too much to have a clue what my zip code was way back when. I guess I will just have to add it to a list and try to delete it later. How about FriendFeed?  Did that ever take off?  Why do I still have an account there?

 

The more I start thinking about it, the more old accounts I can think of that I should just delete.  I don’t need all those old accounts sitting out on the web like dirty socks on the floor. Time to simplify my life and protect my privacy.  It’s time to clean up my Internet debris.

 

 

Other links:

Passwords – Did Gawker do us a favor?

March 13, 2012

I wrote a posted on how to create strong passwords at the beginning of the year:

The Quandary of Passwords, part 1 – It’s not hard to have a good secure password!

but Gawker getting hacked brings up some interesting points I didn’t cover in detail before.   People may spend the time to create a good strong password, but then they use that one password everywhere! If you trust the all the sites to never get hacked I guess it isn’t a huge deal, but as Gawker proved you can’t believe that!  

 

If you ever posted on any of their properties (which includes Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot) then your user name, email, and password was posted on the BitTorrent site Pirate Bay.  If you are not sure and want to check if your email and password has been published you can check at Gawkercheck.com.  

 

The Gawker hack shows how important it is not to use passwords over and over.  I mentioned in my password post that, if you have a bad memory like me, by using a simple algorithm you can add something you can remember about the site you are on to a good complex password to make it unique. In this way every site you go to has it’s own unique strong password and it is still pretty easy for you to remember.  For example, look at the complex password I created in my first posting, 1L0>3Y0u!  That is a good easy to remember password (maybe too short though).  So now come up with an algorithm to use with it.  For example say you are on CNet’s site – how about adding the name of the site to the end of the password?  In this example, cnet is the site, so the password becomes 1L0>3Y0u!cnet   Even better if you can handle adding more to the end of the password and throw some more symbols in the middle, for example say 1L0>3Y0u!cnet#1h@t3y0u  Or another example say for the New York Times website becomes 1L0>3Y0u!nyt#1h@t3y0u  See, pretty easy to remember and hard to guess! 

 

Of course if someone learns your algorithm they will be able to guess your password, so it is not full proof.  But like I said before, depending on the risk of the site, I use different passwords. Maybe it is ok to use the same password for the New York Times site, the Washington Post site, and CNet, right?  What is the real harm that can happen?  For facebook and twitter I am more careful because of the damage that could be done. And for sites like my banking I use a totally unique password with nothing to do with any of my other passwords. 

 

If you need help for those more secure passwords another suggestion is using mnemonics (like using Roy G. Biv to remember the colors in the rainbow). Using any word from the dictionary as your base for your password isn’t the best practice.  There are a ton of scripts used to hack passwords that start with the words in the dictionary. And my little trick of swapping out numbers and symbols for vowels is pretty well known. That is why my Sys Admin friend uses a pass phrase that he turns into an acronym to create his passwords.  Normally a very dirty mnemonic. The longer the better, but you have to be able to remember it!  I won’t repeat any of his, but for example let’s use the pass phrase “Facebook doesn’t believe in privacy and wants to be the number 1 social networking site in the world” and then turn that into an acronym “FBdbip&wtbt#1snsitw”  Now that is a great strong password for your facebook password!  Think you can remember that?  And like I said, he uses really dirty mnemonics, I have actually heard him chuckle when typing his password.  How often do you get to enjoy a password?

 

Outside links:

Security check list from Google

October 18, 2010
Last week I wrote a couple of posts about security on your Droid or iPhone and security on your iPad.  And a while ago I wrote about how I have switched to Mac for better security.   Last week I also found this great checklist that Google has put together to help walk people through security on their computer (works for PCs and Macs).   I thought it was good enough that I should share it with everyone!  🙂 

 

External links: 

Removing malware from your computer http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=88072
MacScan (removes Malware from your Mac)
iAntiVirus(protects against any virus that might be there for Macs) 

P.S. Yes, I know I am on a Mac and I have never had a virus in the last 7 years of using Macs, but I do have both MacScan and IAntiVirus on my Mac just in case.  Some day Macs will be a target, so why leave the front door unlocked (or at least unmonitored?)?


Move to a Mac for better security?

June 24, 2010
Should we all move to Macs or Linux for better security?  Google is doing just that. The FT.com article said "Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees."

Don't get me wrong, I am not slamming Microsoft.  I was a big Microsoft partner in the past.  And honestly most of their products are pretty decent, if you spend the time to learn how to use them. Unfortunately Microsoft too often falls into the "trying to please everyone, so they end up pleasing no one trap."  And Microsoft Windows is everywhere; they have the largest market share (about 91% to be exact) by far.  

But it is exactly because of that success that they are a target for hackers.  If you were a hacker would you focus on a small target or the biggest target out there with the most novice users? It also doesn't help that Microsoft seems to be more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.  This combination is like crack to hackers. 

Back in 2003 I switched to a Mac and honestly I haven't looked back.  I know I am paying more for comparable speed, memory, etc.  But to me it is so worth it! No viruses in 7 years.  No spyware.  No blue screens of death.  My laptop stays on all the time (yes, I know it uses energy even when it is sleeping. I am bad) and only reboots on the rare occasion Apple has a software update that actually requires a reboot.  Which brings up a good point – Apple doesn't send me multiple updates a day.   And those rare updates even more rarely require a reboot. 

Besides Google I personally know of at least one other corporation that has switched their entire staff over to Mac laptops and desktops.  After their users went through the scary time of change to the unknown they now have fewer help desk calls and reduced support requirements.  They are now able to do more with the same number of IT staff they had before.  I don't know if they have looked at the number of security related issues specifically. 

So is this going to be a trend?  Are more corporations going to move from Microsoft Windows to Mac OS X?  Is it the cheaper (safer) investment in the end?


%d bloggers like this: