Humane Tech:BREACHED! Start using Two-factor Authentication TODAY

A lot of my clients started working with me immediately after they were breached, compromised, or otherwise hurt by someone. Being on the clean-up side of these incidents is awful. Everyone is worried, mad, scared, and/or horrified. Let’s make it harder for criminals to hurt us!

If a website will only provide you with a two-factor authentication (2FA) code via text or email, fine. Do that.

For any site that allows you to use an app, please strongly consider using Authy. It’s works well and it’s free. I use it. Don’t worry if a site says they only use Google Authenticator, Authy is a 100% compatible replacement for Google Authenticator but it’s not owned by Google.

• Authy – https://authy.com/ – Use it just about anywhere including sites that say they’re only offering Google Authenticator.

Have questions, comments, or rants? Email me at podcast@mozu.info or humanetechpodcast@protonmail.com.

Past episodes and show notes

Email newsletter for updates and helpful advice

Copyright, 2022 Jeffrey S Kaye

NOTE: This episode was recorded on video in a city park. That’s why there’s background noises. Some things will make better sense on video. Check out the stream at https://vimeo.com/678455576

(notes edited at 5:30 PM Pacific on 2/16/22 to fix the video link)

After a long hiatus, we’re back!

Scammers always create a sense of urgency around their request. They usually need you to do something RIGHT NOW. It can’t wait. If there’s very little time to verify their claims or ask questions then you’re likely being scammed.

Send questions, comments, and recipe requests to podcast@mozu.info or humanetechpodcast@protonmail.com.

If you like what you hear, please subscribe and review. If not, please email and let me know what you want!

Humane Tech website: https://monozukuritech.com/podcast

Copyright 2022 Jeffrey S. Kaye

Privacy-stealing browsers and search; Will Windows 10 ever end?

Web browsers are our portal to the internet. All the data we want comes in through them; all the data we provide goes out through them. What needs to be checked in the biggest risks to our privacy and security?

TOPICS

* Windows 11 has been announced for release this fall. Should you upgrade right away? Can you upgrade even if you want to?

* It only requires 3 pieces of ‘anonymous data’ to determine who the data belongs to. Sometimes less.

* Browsers and privacy: Most web browsers requires a little bit of configuration in order to protect our privacy. In this first of several episodes discussing browsers and web search, I’ll walk through the key things to watch for. My focus is on Mozilla Firefox, which I consider to be the overall best browser for usability, security, and privacy. But Firefox will NOT protect you if you use it badly. Listen in and then check the links below for additional information. ALSO…get on the mailing list for more tips and tricks.

— First five steps towards better browser privacy

1) Get and use Mozilla Firefox

2) Update Firefox’s privacy settings – lots of information on this in the episode and the mailing list

3) Install the uBlockOrigin add-on and let it do it’s thing (it doesn’t require any configuration but you can change how it works). uBlockOrigin blocks a lot of advertisements and unwanted ‘scripts’. Scripts are bits of website programming that ask your computer to do things which can compromise your privacy or security.

4) Install the Multi-account Containers add-on

5) Learn how to use Multi-account Containers and use them!

HOMEWORK FOR NEXT TIME

* Install uBlockOrigin and Multi-account Containers into Firefox (see links below)

* Use mulit-account containers

* Try the DuckDuckGo.com search engine instead of Google, if you haven’t already

* I’ll be providing bonus information in the mailing list later this week!

LINKS FROM THIS EPISODE

Windows 11, Apple macOS and iOS updates

* Microsoft’s Windows 11 home page

* Microsoft’s Windows 11 for enterprise page (for business users)

* From ZDNet: Windows 11 chaos, and how copying Apple could have helped Microsoft avoid it

* From ZDNet: Windows 11: Microsoft apologized for compatibility confusion, hints at changes

* Windows Central: How to check if your PC has a trusted platform module (TPM)

* Windows Central: One thing Microsoft didn’t discuss: WIndows 11 privacy

* Apple macOS Monterey coming this fall

* Apple iOS 15 (iPhone and iPad)

What Information is “Personally Identifiable”? – even though this post from the Electronic Frontier Foundation (EFF) is 12 years old, it’s still valid and fascinating.

Web Browser and Search Engine Security and Privacy

* DNS over HTTPS (DoH) – Firefox DNS-over-HTTPS

* DuckDuckGo search engine

* Mozilla Firefox – privacy-focused web browser I recommend

* Chromium Project – web browser built on the technology behind Google Chrome without the Google “junk”

* Brave – privacy-focused web browser also built on the Chromium technology behind Chrome

* uBlock Origin – browser extension or add-on aimed at neutralizing privacy invasion through ad-blocking, script blocking, etc. You can install this into your browser and let it do it’s thing. It doesn’t require configuration. However, it can be set up to be more or less ‘active’.

* Multi-Account Containers – browser extension that keeps websites from seeing what you’re doing on other websites. For example, if you are shopping for airline tickets on website A and then on website B on a Monday and then return to each site on a Tuesday, you may see that the prices have changed for YOU. This is because each site can see your browsing history. If you open website A in one ‘container’ and website B in a different ‘container’, the two sites can’t see that you’re shopping around. It takes a little work but it’s very useful for this and for blocking other tracking.

BACKUP HARD DRIVES

* Backup your Windows computer using this hard drive and the included software – WD 4TB My Passport Portable External Hard Drive, Black – WDBPKJ0040BBK-WESN – https://amzn.to/2GjurQQ

* Backup your macOS computer using this hard drive and your Mac’s built-in TimeMachine software – WD 5TB My Passport for Mac Portable External Hard Drive – Blue, USB-C/USB-A – WDBA2F0050BBL-WESN – https://amzn.to/3jtTq2j

POCAST WEBSITE

https://monozukuritech.com/podcast

HUMANE TECH EMAIL NEWSLETTER

Sign-up to receive a weekly newsletter that’s to-the-point with helpful advice, links, and information on upcoming podcast episodes, and more! Your information will never be sold or shared.

mailing list signup via AWeber

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com or podcast@mozu.info.

It’s been too long since our last episode. Let’s get caught up and then move forward!

TOPICS

* It’s been a challenge to do these episodes on top of being the sole person building my business. I’ve worked with a mentor, though, and I’m changing my process. Episodes are going to be coming much more quickly now.

* Data breaches – I talk about the Facebook and Ubiquity data breaches and what do do about them.

* 2FA/Two-factor authentication via texting and email. These are bad methods for securing your accounts. Well, OK, they’re better than NOT using two-factor authentication. IF you have the option of using app based 2FA such as Authy, Google Authenticator, etc. or a hardware token such as a Yubikey, please use one of those methods INSTEAD of text messaging or email. A lot of banks (WAY TOO MANY) don’t allow anything but text or email. We do our best.

* Backups – I like SpiderOak One for a secure, private data backup provider.

* Secure file sharing services – I’m playing with Boxcryptor for encrypting data inside less private services like OneDrive, Google Drive, Dropbox, Box, etc. So far it looks very good. It’s not super easy to use, but it’s not bad. Plus, there is a free option.

* Text messaging is NOT secure. It’s very easy to steal your cellphone number for texting. This is why I don’t want you using texting for two-factor authentication. There’s a link to an article on this. It’s a quick read!

* Apple and Google are most definitely collecting information from our devices every few minutes (at least). There’s an interesting study (link below). I hope to revisit this in future episodes.

HOMEWORK FOR NEXT TIME

* Do you first, or next backup! Extra credit: Do a test restore!

* Collect your data from Facebook. Extra credit: Leave Facebook (if you can)

* Update your passwords, especially at Facebook and Ubiquity/UniFi, especially if you’ve been in these breaches. Check https://haveibeenpwned.com to see if you’re listed there.

* Move form text (SMS) and email two-factor authentication to using Authy, Yubikey, etc. as much as possible. Links are below

LINKS FROM THIS EPISODE

* Authy – two-factor authentication (2FA) app

* SpiderOak One Backup

* Facebook data breach

* Ubiquity data breach

* A Hacker Got All My Texts for $16 – an easy, interesting read

* Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google – very scholarly and interesting (PDF download) or an article by The Register

PODCAST WEBSITE

https://monozukuritech.com/podcast

HUMANE TECH EMAIL NEWSLETTER

Sign-up to receive a weekly newsletter that’s to-the-point with helpful advice, links, and information on upcoming podcast episodes, and more! Your information will never be sold or shared.

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.

It’s not just data that we need to back up. We also need to back up processes. I recently failed to do that and I share a story of woe from my phone breaking my two-factor authentication.

TOPICS

* story about 2FA backup methods

* 3-2-1

* backup to external drives

* consider encryption

* how often? as often as your data changes….

* two local drives – continuous backup vs point in time

HOMEWORK FOR NEXT TIME

* Do you first (next?) backup.

* Extra credit: Do a test restore!

LINKS FROM THIS EPISODE

* Authy – two-factor authentication (2FA) app

* Apple TimeMachine (macOS and Mac OS X only)

* Microsoft Authenticator – two-factor authentication (2FA) app

* SanDisk 256GB USB Flash Drive

* Seagate Backup Plus Portable 5TB for Windows or Mac

* VeraCrypt – encryption software for Windows Mac, and Linux (warning, not incredibly user friendly — I’ll cover this more humanely in the future)

* Windows Backup (Windows 8.1 only)

PODCAST WEBSITE

https://monozukuritech.com/podcast

HUMANE TECH EMAIL NEWSLETTER

Sign-up to receive a weekly newsletter that’s to-the-point with helpful advice, links, and information on upcoming podcast episodes, and more! Your information will never be sold or shared.

COMING SOON

* file sharing services: Dropbox, OneDrive, Google Drive, iCloud Drive, etc

* secure cloud storage

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.

URGENT APPLE UPDATES

Apple releases iOS 14.4 and iPadOS 14.4. These updates fix problems with the iPhone and iPad which have been used to attack devices.

It’s been a while since our last episode. Thank you for waiting! This podcast was going to be relaunched TOMORROW with a full episode, but this update was too important to ignore.

LINKS FROM THIS EPISODE

> HOW TO BACK UP YOUR APPLE IPHONE OR IPAD

https://support.apple.com/en-us/HT203977

> HOW TO UPDATE YOUR APPLE IPHONE OR IPAD

https://support.apple.com/en-us/HT204204

> HOW TO BACK UP YOUR ANDROID DEVICE

https://support.google.com/android/answer/2819582?hl=en

> HOW TO UPDATE YOUR ANDROID DEVICE

https://support.google.com/android/answer/7680439?hl=en

NEXT EPISODE

Once I get all of our Apple devices updated I’ll finish editing Episode 9 – Backups (continued).

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at podcast@mozu.info.

Backups 101

Cybersecurity Essentials #3

We start this episode with two stories.

• How was my old Gmail address found in website’s data breach when I never had an account there?
• A growing small business was horribly hurt because the cybersecurity essentials were not in place. Still, backups partially saved the day.

New Cybersecurity Class – $56

Personal Cybersecurity Foundations opens October 8th. You know that your email addresses and passwords have been stolen in data breaches. Are you using a password manager and two-factor authentication on a daily basis? If not, I’ll walk you through choosing, installing, and using both through live and recorded sessions and step-by-step instructions.

See how to work around any challenges you might face. Ask me questions online or schedule an included one-on-one session with me!

https://training.monozukuritech.com

LINKS FROM THIS EPISODE

Backup Hard Drives

• Backup your Windows computer using this hard drive and the included software – WD 4TB My Passport Portable External Hard Drive, Black – WDBPKJ0040BBK-WESN – https://amzn.to/2GjurQQ
• Backup your macOS computer using this hard drive and your Mac’s built-in TimeMachine software – WD 5TB My Passport for Mac Portable External Hard Drive – Blue, USB-C/USB-A – WDBA2F0050BBL-WESN – https://amzn.to/3jtTq2j

Humane Tech Email Newsletter

Sign-up to receive a weekly newsletter that’s to-the-point with helpful advice, links, and information on upcoming podcast episodes, and more! Your information will never be sold or shared.

http://eepurl.com/he8SQ9

Next Episode!

Cybersecurity Essentials #3: Backups 102

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.

The Evacuation Episode

Hurricanes, fires, COVID-19, and online school…the world is a challenging place for most of us an horribly frightening for many. What can we do to stay safe when we’re suddenly displaced.

LINKS FROM THIS EPISODE

FREE ANTIVIRUS/ENDPOINT PROTECTION

• Sophos Home (free and trial versions) – https://home.sophos.com/en-us.aspx – There are lots of options for good endpoint protection. I’m offering Sophos as an option because it works well, is easy to install and get running, and is free for 30 days. It’s also available for both macOS and Windows.

VPN

• ProtonVPN (free and paid versions) – https://protonvpn.com/ – I’ll be talking in depth about VPNs in a future episode. As with endpoint protection software, there are other good VPNs. I believe ProtonVPN is one of the best for both security and privacy.

Next Episode!

As I upload this episode, the air quality is greatly improving and it’s actually raining. If things remain relatively calm, we’ll be back on schedule with Cybersecurity Essentials #3: Backups.

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.

Multi-factor Authentication (Cybersecurity Essentials #2)

What if there was a way to keep people out of your accounts even if they did steal or hack your password? There is and it’s time to get it on every account you have.

LINKS FROM THIS EPISODE

DATA BREACHES, LEAKS, AND OTHER COMPROMISES

If you haven’t looked yourself up in Have I Been Pwned https://haveibeenpwned.com/ please do it now! If your information has been compromised please change your password at any listed sites. This database is not all inclusive and there are other ways to search for your information but this is a good start.

WARGAMES (1983)

https://en.wikipedia.org/wiki/WarGames

MULTI-FACTOR AUTHENTICATION APPS

• Authy – https://authy.com/ – Use it just about anywhere including sites that say they’re only offering Google Authenticator.

• Google Authenticator – https://www.google-authenticator.com/ – Review it for yourself, but I think you’ll prefer Authy.

• Microsoft Authenticator – https://www.microsoft.com/en-us/account/authenticator – It’s probably no surprise that Microsoft’s own MFA app works great with Microsoft online accounts. It will also work as a replacement for Google Authenticator.

Hardware Authenticators aka Tokens

• YubiKey – https://www.yubico.com/ – YubiKeys are very well known in the security world and have been trusted for a long time. Compared to the free apps the YubiKey options may seem very expensive. If you can afford them, they are much better than the apps. A warning, though, they can be complicated to initially set up. Once they’re working, they’re amazing.

• OnlyKey – https://onlykey.io/ – OnlyKey has options are less expensive and have more features than YubiKeys. Like YubiKeys, they can be more difficult to use than MFA applications.

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.

Passwords (Cybersecurity Essentials #1)

Our passwords are an essential ingredient to our privacy and cybersecurity protections. They’re also a pain, easy to steal, often reused (bad idea), and hard to remember. That said, I want you to forget all of your passwords except two.

LINKS FROM THIS EPISODE

DATA BREACHES, LEAKS, AND OTHER COMPROMISES

Look to see if you’ve been in one or more data breaches or leaks at Have I Been Pwned https://haveibeenpwned.com/. Safely enter your email address(es). If your information has been compromised please change your password at any listed sites. This database is not all inclusive and there are other ways to search for your information but this is a good start.

PASSWORD MANAGERS

All of these are end-to-end encrypted (technically it’s just encrypted if it’s installed on your computer) and are zero knowledge. These terms mean that the organizations creating and managing the password managers can’t see, access, use, or change the information you save in their systems.

• KeePassXC – https://keepassxc.org – free and open-source. ONLY works on the computer running the application. Can be synchronized with your other devices but can be tricky to set up and maintain. Does not automatically store any information in the cloud.
• BitWarden – https://bitwarden.com – free and paid accounts available, open-source. Options to store only on your computer, in the cloud, or both.
• LastPass – https://lastpass.com – free and paid accounts available, closed-source. Cloud-only. Easily accessible and fully synchronized on desktops, laptops, and mobile devices.
• 1password – https://1password.com – only paid accounts available (free trial option), closed-source. Cloud-only. Easily accessible and fully synchronized on desktops, laptops, and mobile devices.

WEB BROWSERS – Do not save your passwords in your browser(s).

If you’re enjoying the podcast please leave a review and subscribe. If you have comments, questions, concerns, or suggestions please email us at humanetechpodcast@protonmail.com.