Archive

Posts Tagged ‘Security’

It makes my Heart Bleed!

The Heartbleed bug exploit and a series of high profile hacking attacks over the last year or so, have highlighted the fact that the more we make use of internet based storage for our personal information, the greater the risk we take.

Heartbleed

Hackers are now making use of highly sophisticated techniques to bypass, steal or guess our passwords. Even without stealing passwords through exploits like Heartbleed, hackers can use powerful computers to launch brute force password attacks, which can break even strong passwords, in a relatively short space of time. These attacks throw millions of password combinations per second at the intended target, until they eventually guess the right one.

The fact is that we are now entering an age when passwords alone are not going to be sufficient to protect the increasing volumes of personal data we have stored in the cloud.

But what if we could make use of a device most of us carry with us everywhere to act as a secondary key? A key that could prevent someone from logging into your account with a stolen password, unless they also had physical access to this key? 

I refer to the humble mobile phone. 

Most of the main internet service providers – Google, Facebook, Dropbox, PayPal etc. all provide a little publicised, secondary key option, known as two-factor authentication. Using two-factor, a code number is sent by the service provider to a registered mobile phone number, or generated by an app, whenever a new device logs into a protected account. This way, even if a hacker had access to your password, they could not log into your account, without also being able to enter the code number displayed on your mobile phone.

There is some inconvenience trade off against security, of course. You won’t be able to access your account from a new device, unless you have your phone with you. If you lose your phone, you’ll only be able to access your account from a previously authorised device, before you can update the two-factor settings. However, for the extra security offered, I think the pros far outweigh the cons.

Although no system will ever be 100% secure, it’s a fact of life that we are all going to have to take additional precautions with our data security, if we are to avoid falling victim to the darker side of the internet.

See below for linked instructions to enable two-factor authentication on a number of popular cloud based services.

Advertisements

Time to ditch IE!

September 18, 2012 Leave a comment

According to PC Pro, security experts are warning that users should stop using Internet Explorer for a week or so, after the discovery of it’s latest security flaw!

The zero-day vulnerability came to light last week and can allow attackers to infect the PC of somebody who visits a malicious website and then take control of the hardware.

Microsoft are expected to release a fix ‘within a week’, but in the meantime have issued a recommendation to install their wonderfully named ‘Enhanced Mitigation Experience Toolkit’ and then adjust several Windows security settings, which might, however, ‘impact on the PCs usability’! Hmm…

I think I might best enhance my mitigation experience, by following the advice of PC Pro’s slightly more pragmatic security experts, and switch to Chrome for a couple of weeks instead!

Watch out for even more of the ‘use our wonderful browser’ adverts during the Corrie ad break, as a result!

Categories: Web Browsers Tags: , ,
%d bloggers like this: