Level Up You and Your Families Online Security

Your email inbox is like a 6 lane highway for online phishing and malware attacks. There is no limit to how many malicious email a hacker group can send. If a threat actor can compromise 10 in 5 million emails sent everyday, it’s well worth it online criminals. Recently, I thought hard to come up with an analogy to tell my software engineers and grandma alike.

This is like checking the return address on any physical mail you receive. If the return address is unknown, or more likely something very close to a reputable company like: no-reply@f.acebook.com instead of no-reply@facebook.com . Look at how close these two email addresses are. LOOK CAREFULLY, character by character.

When looking at an email address, all that matters is the characters to the right (.com, .co, ,uk, etc.) and the characters to the left of the last period (facebook or more maliciously .acebook). If you see multiple dots in these characters to the left, stop on the first one you get to. This is the primary domain. If a company is reputable, you should be able to take these characters and navigate to in your browser. Try it! facebook.com works but acebook.com shows a browser error saying this domain is not secured.

Keeping with the snail mail equals email analogy, image this piece of mail is from facebook.com and it says that your account has been compromised, you need to take action. You wouldn’t push a printed button on the letter from Facebook, you would pick up your phone and call them directly. The same concept applies, try navigating to Facebook in your web browser or the mobile app. If something is compromised with your account, you’ll probably be greeted with a big red banner saying “take action now”. At least then you minimize your attack surface by not interacting with the email you received.

Keeping with the snail mail equals email analogy, image this piece of mail is from facebook.com and it says that your account has been compromised, you need to take action. You wouldn’t push a printed button on the letter from Facebook, you would pick up your phone and call them directly. The same concept applies, try navigating to Facebook in your web browser or the mobile app. If something is compromised with your account, you’ll probably be greeted with a big red banner saying “take action now”. At least then you minimize your attack surface by not interacting with the email you received.

If you are anything like me, I’m terrible about anything “routine”. The next couple habits are focused around your home network and devices. With a bustling family, a steady influx of new devices, it’s hard to remember to routinely do anything so here is what has worked for me, create calendar events. This doesn’t necessarily be for these next two bullet items. I have quarterly (every 3 months) calendar all-day events for virtually all aspects of my life. Charging our self-powered jumper cables for our vehicles, switching all of our ceiling fans’ spin direction for the winter and summer, as well as the next couple habits listed below.

Whether you have google, spectrum, AT&T, or a custom home router, most of them will have easy instructions on how to configure your router. If you aren’t very tech saavy, no need to worry, I won’t get too nerdy. There is just one big ticket item I’m calling out here.

Many current internet service providers will offer mobile apps or online admins to easily see what devices have recently connected to your wireless network. In usually just fifteen or twenty minutes you can go through the list of those devices, name them something easy to recognize. Any device you don’t recognize, delete it or lock it out. I’m fortunate to be in an area with Google Fiber. The Google Home app, even allows you to enable a setting where you can be notified if a new device connects to your network that you haven’t registered before. This ensures you have great visibility into would be malicious actors trying to penetrate your network.

The two heavyweights in this arena are LastPass and 1Password. I have used 1Password for years and have never looked back. It offers a number of features and security measures that are several steps ahead of browser’s keychain / password autocomplete functionality. Here are a few big benefits to using a password manager over a browser’s built in ability.

The two heavyweights in this arena are LastPass and 1Password. I have used 1Password for years and have never looked back. It offers a number of features and security measures that are several steps ahead of browser’s keychain / password autocomplete functionality. Here are a few big benefits to using a password manager over a browser’s built in ability.

• “1 Password” to rule them all

  You only have to remember a single password which then unlocks your vault(s) filled with all of your real passwords. Making this 1 password even better, if you device supports biometrics like thumb print or face scanning, 1Password allows you to use a biometric feature in order to unlock your vaults.

• Immediately be notified if you are compromised

  1Password offers a feature called Watch Tower. If you enable this feature, 1Password will scan numerous dark web sources to uncover if any of your passwords or sensitive information has been compromised and exposed. I personally have had a couple of my passwords compromised and immediately changed my password before a threat actor could cause any malice.

• Highest Level of Security

  Most of the browsers nowadays are very secure but these password managers have military-grade encryption and have to be at the pinnacle of security. “In the realm of online security, you don’t need to be an impenetrable fortress, you simply need to be a harder target than the next person.” Having this level of security would typically cause a threat actor to move onto your neighbor or the next IP address. In all likelyhood, that IP address is probably still IPV4. ;-), does this help paint the picture?

• Convenience Feature’s will Increase your Productivity

  If you have begun adding 2-Factor Authentication on all of your most important accounts, you’ll quickly get annoyed by all the text message and emails raining 6 digit codes into your inboxes. 1Password not only allows you to replace this text message approach with a TOTP (Time-Based One-Time Password). Here is a great article on 1Password’s website, explaining how this work. In summary, instead of using your phone number as the second “factor” in 2-Factor Authentication, 1Password allows you to have a 1 stop shop for this short six digit code which changes every 30 seconds. To make this even more convenient, you can autocomplete this TOTP password right in your browser. If I added up all the time I have saved by autocompleting my passwords in my browser in this way, I bet it’s dozens of hours at this point. Along these same lines, in the past year, I can probably count on 1 hand how many times I’ve had to voluntarily reset my password. A password manager greatly reduces the headaches involved in modern day online security.

• Security for the whole Family!

  ”Hey honey, what’s the gas company password?“ These password managers both offer family plans so sensitive information can easily be shared between family members. Not only does your kids, husband, or wife no longer bug you about random passwords but another byproduct is that in the moment all those passwords don’t end up in your unsecured chat log which could easily be used against you in the case of a breach.