Thursday, October 29, 2020

October Cybersecurity Tip – What Is Two-Factor Authentication?


Black and white logo showing the words Cyber Security with a lock icon
Cybersecurity - Stay safe on the Internet!


By Virtual Ability Member Orange Planer

What is it?

Two-factor authentication (2FA) is a method of better protecting your assets. Assets could be money, property, information, stock certificates, etc. The idea is to use two ways of verifying who you are before you can gain access to those assets. For example, if you buy something at the store with a personal check, the value written on the check is the asset. The first method of verifying your identity is your signature, which you put on the check. The store clerk will request your picture identification, such as a driver’s license. The license has not only your signature (method one) but also your picture (method two) to make sure who is presenting the check and the picture on the license match.

There are three types of authentication you can offer to identify yourself to someone:
  • Something you have: the check mentioned above, a credit card, your computer, or something else;
  • Something you know: the PIN to your debit card, answer to a security question, a password, or something else;
  • Something you are – that is, something physical about you (a “biometric”): a fingerprint, retina pattern, face, or voice.
If you use a debit card at a store, the asset is the money you are trying to transfer. The first authentication is something you have – the debit card. The second form of authentication is your PIN – something you know. Some smartphones can use your fingerprint – something you are – to use instead of a PIN. On some Windows computers one can set up Windows Hello. The asset is the computer. After setting up a secure password (something you know) a Windows Hello-enabled computer can use something you are (facial recognition or fingerprint) to complete the identification process.

How does 2FA work on a computer?

Perhaps you are trying to log on to a website or application. First you indicate with a username what you are trying to access – information in your account or access to your online game. Now you enter your password – something you know. With 2FA, we need a second way to identify yourself to the keeper of the information.

The most popular ways to do that are by receiving a text message on your smartphone (SMS) or using an authentication app on your smartphone. Popular phone apps are Google Authenticator, Microsoft Authenticator, Authy, and DuoMobile. All of these are available at both the Google Play Store and Apple’s App Store.

Which is more secure, text messaging (SMS) or an app?

Text messages are tied to your cell phone number. They can be intercepted through the cell phone network which can be hacked. Your phone could be infected with malware that sends information to a hacker. Your phone number could be hijacked by a hacker, who convinces your cell provider to transfer your phone number to another device. Some people synchronize their text messages with their computer (maybe with the Microsoft Your Phone application). If someone steals your computer and manages to log on to your account, they can steal your text messages. Lastly, if you cannot access your cell phone or if you lose cell service for any reason, you cannot access the text messages.

An authentication app uses Wi-Fi data and is extremely low bandwidth (does not use much of your monthly data allocation). This means the codes are not transmitted over your cell carrier and even if a hacker manages to transfer your cell number to another device, the codes stay with the app. If you lose cell service you can connect the phone to your secure Wi-Fi and the app will still work. Hands down, an authentication app is more secure.

Which is easier?

Text messaging is easier, no question about that. Authenticator apps, however, are not hard. They require a few more steps to set up. Generally, you download the app, scan a QR code supplied by the website, then enter the secure code shown on the phone into the website.

What happens if you lose or reset your phone?

Most websites with 2FA options also give you the option of downloading several backup codes, each usable once. You can use these as your second method of authentication to gain access to your account and then set up your authentication app.

Does using 2FA make my accounts secure?

There is no such thing as perfect security, so no, using 2FA does not make your account 100% secure. Think of it as making your account so hard to break into that hackers will go for easier targets. It is like securing your car with a door lock and a security alarm. Thieves might not be deterred by a lock.  Add the alarm and they will find an easier target.

Is using 2FA a hassle?

No. While it does require the use of a smartphone or email sent to you, the idea is to increase the security of your accounts. In combination with a password management program using 2FA is about as easy as one can get without taking extreme measures. The password manager fills in your automatically generated, complex password and the authentication app gives you a code to enter. Done deal.

How do I enable 2FA on my accounts?

Each website using 2FA has its own procedure. Check your account page, the site’s Frequently Asked Questions (FAQ) page for help, or search using the phrase “how to enable 2FA on xyz website.”




Sunday, October 18, 2020

October Cybersecurity Tip - Use Strong Passwords and Change Them Often

Cyber Security emblem in black and white
Cyber Security - stay safe on the Internet!

Strong passwords are your first defense against identity and information theft. The strongest passwords have at least 8 characters and make up a phrase. They include special characters other than letters (such as any of the Shift+number keys, “;”, “:”, etc.). One way to set up a strong password is to use a favorite phrase such as “Paint the town red” and then do a letter/number substitution or add some symbols.  It could be “P*int the t0wn red?!&”. You get the idea. Security research shows longer passwords are far more secure; anything over 18 or 20 characters would take weeks, if not months or years, to break.


You should not use the same password for all your accounts and apps. If somehow a password is stolen, that opens up everything to the scammer. Instead, use different passwords for each account. Of course, that means you have many passwords to recall. Rather than try to remember them all (that would be impossible in this age of dozens of different accounts for different websites) or writing them down in a book (unless you encode your passwords with some really fancy techniques anybody can grab your book), or using an application such as Word and password-protecting it (who remembers to go back and change the password in a document? - nobody), try using a secure password manager, such as Keeper or LastPass.


These applications allow you to store all your login information under one password. Password managers can also automatically fill forms online or on your phone and allow you to synchronize your passwords across multiple web browsers and multiple devices. They can help you change your password and make sure the new password is saved. All you have to remember is one super-password to log on to the password manager.  Again, make that password a phrase of some kind and add some symbols and numbers to it, then use that password over and over until you have it in muscle memory.


It may seem like an onerous chore to change passwords, but you can do it easily by clicking the “forgot my password” link when you sign into a website or app. You will be asked to answer one or more security questions such as the answer to a secret question, or the site may email or text you a code or temporary password. Password managers can help you ensure that your passwords stay secure.


It’s important to change your passwords on a semi-regular basis.  To be super-safe, perhaps make a monthly task to change some of your passwords.  Be aware that some websites limit the length of a password - for example, Second Life limits passwords to 15 characters.  All password managers have a way to set the number of characters in a password it generates.


And lastly, if you are accessing a website that uses “http” in the URL, do not under any circumstances create a username and password there because web traffic using “http,” and not “https,” is not secure.


Tuesday, October 13, 2020

October is Cybersecurity Awareness Month

Black and white cyber security logo disc

Think about what is on your computer or smartphone that you do not want to give away. It could be passwords, your banking information, credit card number, or your health records. Maybe your child uses the computer.  You will want to protect all these things. This means not exposing them to cybercriminals.

Scammers are taking advantage of COVID-related uncertainty to convince you to accept phony offers of financial assistance, fake cures, or goods to get your usernames, passwords, and financial information. Children may be doing schoolwork online from home. If you are working from home, the securities set up by your office IT department are sometimes no longer available. This means that cybersecurity is up to you. “If you connect it, protect it.”

For the seventeenth year, the Cybersecurity & Infrastructure Security Agency is sponsoring National Cybersecurity Awareness Month. Check out their website for additional information. Virtual Ability will be posting cyber safety tips on our blog throughout the month.

“Do Your Part. #BeCyberSmart.”


Monday, October 12, 2020

Tips - The Extra Costs of Living with a Disability

 

Picture of caliper squeezing money
Balancing the budget when living with a disability

Adults who live with a disability have additional expenditures beyond the ordinary costs of living. This means they have more difficulty saving for future and unexpected expenses, and simply making ends meet to cover monthly expenses. Many adults with disabilities and their families live in poverty.

The National Disability Institute (NDI) is an organization that collaborates with other organizations, including employers, financial institutions, community organizations and government agencies, to help people with disabilities and their families improve their financial literacy and build a better future.

On Wednesday, October 14, at 11am SLT (2 pm Eastern), NDI offers a webinar entitled “The Extra Costs of Living with a Disability.” Researchers who studied this problem will be part of a panel discussing their findings. Other panelists will include persons with disabilities who will share their financial struggles, as well as NDI staff who will give policy recommendations.

Captioning and other accessibility strategies will be offered. To register and for more information about the webinar, please fill out the form here: https://us02web.zoom.us/webinar/register/WN_zBv3ET95RCO8mkxhgEELcg