You need to defend against hacking — there’s an app for that
● If you’re afraid of being attacked by cybercriminals, your fear is justified. More than two billion people online have had their personal data stolen or compromised, according to a February report by cybersecurity company McAfee.
With enough of your personal data, a fraudster is able to launch an attack that is so sophisticated in nature — and so unique to your online behaviour or personal circumstances — that you could not reasonably be expected to recognise it.
Money recently reported on the case of a Durban psychologist who was defrauded of R1.2-million late last year while attempting an offshore investment, on the advice of her financial planner. A fraudster managed to intercept e-mails between the investor and her financial planner and supply alternative banking details — his own — in place of those originally supplied by the financial adviser.
Money asked Duncan McLeod, editor of TechCentral, and Jason Norwood-Young, a Cape Town technologist and editor of Naked Data, how consumers can protect themselves online.
McLeod and Norwood-Young agree that the use of a password manager is essential.
“Unless you have only two or three passwords, which you can remember, a password manager is a must. Most of us have 30 or 40 passwords, and a major weak point in security is the reuse of passwords,” McLeod says.
“Far too many people use the same password across sites. There’s no reason to do that if you use a password manager.”
Password managers are apps that remember all of your usernames and passwords and automatically plug them into the websites that you want to access.
All you need to do is register and think up one complex and clever master password — which you use to log on to the password manager — and the app does the rest.
Your master password needs to be lengthy and a mix of upper and lowercase letters and special characters, and easy for you to remember. The best passwords are phrases that mean something to you, but that no one could predict. For example, L@zySweetGirlE@ts100Biscuits!
“If you must write down your master password, keep it in a safe,” McLeod says.
A password manager will not only retrieve your passwords but can also help you generate more complex ones.
McLeod says these passwords can’t be guessed through a brute force attack (the trial and error method used by application programs to decode encrypted data) and are stored in an encrypted database.
There are many password managers on the market — the top ones being Dashlane, LastPass, Keeper, Enpass and 1Password — some of which are free, or free if used only on a single device.
McLeod uses Dashlane across all his devices at the cost of a few dollars a month.
“It’s very useful to sync passwords across devices such as multiple PCs, tablets and smartphones. Not everyone needs cross-device syncing, but I find it essential in an app like this,” he says.
McLeod says the best password managers support two-factor authentication for your password vault.
This means that you’ll need to enter a one-time code the first time that you use the password manager on a new device, providing you with an extra layer of security.
A compelling reason to use a password manager is that they can thwart a phishing attack, because they automatically fill in your information on websites. So, you may think that you’re on your bank’s website, but if your password manager doesn’t automatically fill in your login information, it’s possible that you’re on a phishing website with a different URL.
Norwood-Young says the use of a password manager is an easy way to bump up security, and the time spent familiarising yourself with such an app is worthwhile.
Norwood-Young’s second top tip is turn on or opt for two-factor authentication whenever possible. Two-factor authentication is an additional layer of security, over and above your username and password. It comes into play when you or someone else tries to log in to your e-mail or a social media account from a device not usually used by you.
If you had two-factor authentication on your Gmail account, a PIN will be sent to your phone to be used to complete the process of logging in. If your password was compromised, the hacker would need your phone too in order to get into your Gmail. The same applies to your Twitter account and Facebook.
“It greatly reduces the possibility of anyone accessing your accounts, which is why the banks use it before you can process a transaction, for example,” McLeod says.
Norwood-Young says that the use of a password manager and two-factor authentication is neither technically taxing nor intimidating and “just makes it so much harder for hackers to attack you”.
Other important security measures include:
● Keeping your smartphone locked. McLeod says you must use a PIN code or a fingerprint to unlock your phone;
● Keeping up to date with antivirus software on all your devices. “You should be running antivirus software on your computer,” McLeod says. “The Windows 10 default one is very good. And you must keep abreast of updates, because they include important security patches. They are updated almost weekly. If you’re running an old operating system like Windows XP, you should upgrade to a new version.
“The message is patch, patch, patch. If your phone and tablet offers an update, you must update,” he says.
For added security on your smartphone, you can install security software that requires a PIN code before you do any internet banking and gives you control of your phone remotely, enabling you to remotely wipe your phone and take a photo of whoever is using your phone; and
Norwood-Young says that while you do get free security software, “you’ve got to wonder why they are free” — so rather buy a good commercial product. McLeod says he uses Bitdefender for this, which also costs a few dollars a month.
Far too many people use the same password across sites
Duncan McLeod
Editor of TechCentral