Be careful with wireless keyboards

Another day, another article about data vulnerabilities. This time the problem is wireless keyboards. Apparently several brands of wireless keyboards use no encryption whatsoever, and merely rely on obscure radio frequencies for minimal security. This leaves the end user open to key logging as well as key insertion. In other words someone could capture everything you type, or type directly on your computer. Your only recourse would be to unplug your wireless keyboard dongle / receiver. If you have a wireless keyboard from one of the brands listed in the article, you should switch to another brand or even a wired keyboard. I have been using the Logitech K750 for a few years and I love it. First off, Logitech is not one of the brands listed in the article. The keyboard has a low profile, tactile keys and the best part: it is solar powered so there are no batteries to die and replace. I recommend it.

Make Encryption Work For You

Device encryption is a hot topic lately. In the past, device encryption technology has been just out of reach of the average consumer, due to local or national laws, efficiency, cost, processing power, or some combination thereof. Now, pretty much all of those factors have been mitigated with modern devices and software capable of full disk encryption on the fly.

I recommend using encryption wherever possible - encryption protects you, your data, and it even protects your employer, your family and friends. Every once in a while I hear a story about someone who has lost a phone with no password and no way to remotely wipe the device. Their data, potentially their employer's data, or personal details of their family are all exposed to any person who happens to pick up their device; this is a huge risk.

I've also heard stories of people's laptops being stolen, this is a common concern in business. If your disk is not encrypted, then anyone can grab data off of it without needing your password. Encryption can help stop this.

Here's a handy article that gets into deeper detail about the whys and hows of enabling encryption on your devices.

All About Passwords

Passwords are a bit of a problem. Everyday I hear new horror stories about massive website breaches, and the theft of millions of username and password pairs. Some of the major sites that have been hit and have been in the news are LinkedIn, MySpace and Twitter.

Passwords are not the best / ultimate solution to security, but they are the best compromise we currently have in the debate of security vs. ease of use. I highly recommend my clients, family and friends use reliable password management software.

Here are the most basic, universal guidelines for password use in today's current climate of data security.

  1. Use a password manager! It will make the rest of the items on this list easier to accomplish. I need to track thousands of passwords and I also need to follow the very best practices as an IT expert. I have been using LastPass for 4 years and I highly recommend it. I used KeePass before that, it is also highly recommended and I still use it for certain things.
  2. Do not use the same password at multiple sites - in fact use a different password for each and every website / login you use. This is particularly true for email accounts, social media, and banking, the top targets for hackers. The reason behind this is that if you use the same username and/or password at multiple sites, if one becomes compromised, they are all compromisd.
  3. Length is more important than complexity! A 16 character password that is all lowercase numbers is several orders of magnitude more secure than a 10 character password that uses lowercase, uppercase, numbers and punctuation. This is due to the way passwords are cracked. The longer the password, the better. I recommend using the max allowable length at each site, where possible.
  4. Passwords should be hard to remember and impossible to guess. A long string of randomly generated characters is far safer than a short phrase and certainly more safe than your dog's name.
  5. Changing your password occasionally is a good practice, though not as important as it used to be.
  6. Use multi-factor authentication wherever possible and feasible, this is especially true for sensitive sites such as your password manager, email, banking and social media.

Another reason to upgrade to Windows 10

I'm a big fan of Windows 10, I've been using it for over a year. Microsoft has built in a handy tool to get your system fresh out of the box, but without all the bloatware that PC manufacturers get paid to deploy to you. This is a great innovation in my opionin. In the past when I've gotten a new PC, the first thing I have done is reinstall the OS fresh from scrath -- this tool will save a lot of time!

Here's the details: http://www.zdnet.com/article/microsoft-pushes-new-test-tool-to-kill-pc-bloatware/

Uninstall Adobe Flash

Adobe Flash is problematic software. It is software that tends to linger on computers unpatched and full of vulnerabilities, and so has become a common vector for malware and ransomware infections. A 4th zero day exploint in 4 months has been announced, which means more ways your computer can become compromised. In addition to the security problems, it is also a resource hog. This is the main reason Flash has never been allowed to run on Apple iOS devices.

Here is a comprehensive explainer, all you need to know.

So seriously, uninstall flash where possible. If you absolutely do need it, make sure it is set to install patches automatically.