Technology is always changing, as is the way we use it. That means we’re always finding new ways to stop bad actors from sniffing our data.
Do you remember when you shared your address book with this trendy new app? Or if you’ve posted photos on social networks? These actions can all have consequences that weaken the safety of ourselves and the people we care about.
Vijay Balasubramaniyan, the executive director of Pindrop, a security company that develops technology to detect fraudulent phone calls, said we should always remember that any part of our identity that we post online could potentially be used by fraudsters to break our online accounts to kidnap.
“Your digital identity, which includes all of your pictures, videos, and audio files, will basically allow hackers to create a full persona of you who looks exactly like you without your being in the picture,” he said.
Here are some of the most important guidelines – like strengthening passwords and minimizing the data shared by your phone camera – to keeping you and your loved ones safe for the foreseeable future. I am calling these the five technical commandments in the hope that you will remember them as if they were a gospel.
You shouldn’t use weak passwords
Let’s talk about poor password hygiene. According to a survey by Security.org, a research company, about 45 percent of Americans use weak passwords of eight characters or less. (Fourteen percent used “Covid” in their passwords last year.) The majority of Americans also admitted reusing passwords on various websites.
This opens doors to many security problems. Weak passwords can be easily guessed by hijackers trying to gain access to your account. If you use the same password for multiple websites, e.g. For example, your bank account, your Target shopping account, and Facebook, only one of these websites needs to be hacked to make all of these accounts vulnerable.
For most people, the simplest solution is a password manager, software that can automatically generate long, complex passwords for accounts. All passwords are stored in a safe that can be accessed with a master password. My favorite tool is 1Password, which costs $ 36 a year, but there are also free password managers like Bitwarden.
The other option is to write passwords on a piece of paper that is kept in a safe place. Just make sure the passwords are long, complex, and contain some letters, numbers, and special characters.
Use multifactor authentication
No matter how strong you create a password, hackers can still get it if they breach a company’s servers that hold your information. For this reason, security professionals recommend multi-factor authentication, also known as two-step verification.
This is how two-factor authentication generally worked: let’s say you enter your username and password for your online bank account. This is step 1. The bank will then send a text message to your phone with a temporary code that must be entered before you can log into the website. That’s step 2. This way you prove your identity by having access to your phone and having this code.
Most popular websites and apps, including Facebook and major banks, offer methods of two-step verification using text messages or so-called authentication apps that generate temporary codes. Just do a web search for the installation instructions.
If a company doesn’t offer multifactor authentication, you should probably find another product, Balasubramaniyan said.
“If a provider says, ‘I only make passwords,’ they’re not good enough,” he said.
You shouldn’t overwrite
Many of us rely on our smartphones for our everyday cameras. However, our smartphones collect a lot of data about us, and the camera software can automatically record our location when we take a photo. This is more often a potential security risk than a benefit.
Let’s start with the positive aspects. If you allow your camera to tag your location, photo management apps like Apple’s Photos and Google Photos can automatically sort pictures by location in albums. This is helpful when you are going on vacation and want to remember where you were when you took a snapshot.
But when you’re not traveling, tagging your location on photos isn’t great. For example, let’s say you just connected with someone on a dating app and texted a photo of your dog. If you had the location feature turned on when you took the photo, that person could analyze the data to see where you lived.
For security reasons, make sure that the photo location feature is turned off by default:
On iPhones, open the Settings app, select Privacy, then Location Services, and finally Camera. Under Allow Location Access, select Never.
On Androids, in the Camera app, tap the Settings icon that looks like a gear. Scroll to Tag Positions and toggle the switch to the off position.
You can activate the location function temporarily to document your vacation. However, remember to turn them off when your trip is over.
Bit Discovery’s CEO, Jeremiah Grossman, said we should be careful about the photos we take and send to others. Explicit photos could eventually be made available to the public.
“People break up and people are idiots,” he said. “Even if it doesn’t, you give someone a few photos and they get hacked and suddenly it’s out there.”
You shouldn’t share data about friends
This is a lesson to learn over and over again: it is generally not a good idea to divulge information about your friends when using websites and apps, especially with unknown brands.
For example, if you share your address book with an app, you might share the names, phone numbers, home addresses, and email information of all your contacts with that company. When you share your address book with an app to invite others to join, you’re sharing other people’s information even if they don’t accept the invitation.
When you share your address book with an app, it is usually used to find other friends who also use a service. But Clubhouse, the social networking app that became popular during the pandemic, was recently criticized for its aggressive collection of address books.
When registering for Clubhouse, users can refuse to share their address book. But even if they did, other members of the app who had uploaded their address books could tell that these new users had joined the service. This wasn’t ideal for people trying to avoid contact with abusive exes or stalkers.
More than 10,000 users have signed a petition complaining about the data breach, according to a French data regulator that said last week it had opened an investigation into the clubhouse.
Clubhouse updated the app this month and addressed some of the privacy concerns. A request for comment was not immediately responded to.
There are easier ways than sharing your address book to find out if your friends are using a new service – like asking them directly.
Remember to stay skeptical
All security experts agreed on one rule of thumb: don’t trust anyone.
When you receive an email from someone who asks for your personal information, don’t click a link and reach out to the sender to ask if the message is legitimate. Fraudsters can easily embed emails with malware and impersonate your bank, said Adam Kujawa, director of security firm Malwarebytes.
If in doubt, deactivate the transfer of data. Corporations and banks have experimented with fraud detection technologies that listen to your voice to verify your identity. At some point, you may even be able to interact with customer service representatives on video calls. The most sophisticated scammers could eventually use the media you post online to create a deepfake or a computer generated video or audio clip impersonating you, Balasubramaniyan said.
While this might sound alarming because deepfakes are not an immediate problem, a healthy dose of skepticism will help us survive the future.
“Think about the different ways that you leave biometric identities in your online world,” he said.