Monday, April 29, 2024

Online Security - Test 2 - 4/29/30

4/29/30--This is a test only.  Please ignore.  Thanks.

March 19, 2024--Wow, have I been busy, but unfortunately not with needlepoint.  Recently my husband and I have become aware of the need to “lock down”, for security purposes, all of our online dealings, such as with email, financial, shopping and entertainment accounts.   This has entailed educating ourselves on the meaning and use of MFAs (Multi-Factor Authentications) that go beyond 2FAs (2 Factor Authentications where, in addition to using a password, a code is sent to your telephone via text to verify your identity).   


You can stop reading here if this subject is of no interest to you (and I wouldn’t blame you for that).

We felt secure with 2FAs, but not so much now that "sim swapping" has become very popular.  We understand that even if your mobile carrier requires a security code before they’ll work with you, or someone claiming to be you, there is no guarantee that a disgruntled employee of the company will not sell your data (and security code) to the highest bidder (and that’s already being done).  So now, as part of the MFA arsenal, are online authenticator “passkeys” which give you a code to verify who you are, but the code changes every 30 seconds or so and is not sent through a text, but through an authenticator app.  This means anyone who obtains access to your phone probably cannot move quickly enough to cause you any financial hurt. 

But I understand the very best thing for online security now is to use hardware passkeys like those made by Yubiko*.  The idea is to set up two passkeys (one to keep with you and one to keep in a safe in case you lose one).   The process is a bit involved, but supposedly worth it since your accounts cannot be hacked at all without your hardware passkey.  This last process in setting up the hardware passkeys is the one that's stressing me out the most.  We're also using biometrics (fingerprint and facial recognition) as often as possible.

Of course, the first line of defense against being hacked is to use a very long and complex 20+ character password that is different for every online account.   So, I purchased a password manager to help me keep track of it all and to generate those convoluted passwords.   This too took time (I love alliterations).

Lastly, we stamped the following phrase on our foreheads—thou shall never open phishing links from any source whatsoever (emails, texts, etc.).  NEVER, NEVER, NEVER!!   

If you’ve gotten to this point, congratulations!  And I feel your pain since you’ve probably gone through this too.  It has taken us some serious time to learn about, and set up, all the security measures--time I really wanted to spend needlepointing.  Oh well, and here’s the big sigh……


PS:  We haven't been hacked, thank God, but are aware of how sophisticated hackers have become in their attempts to bleed you dry, so we are taking preemptive steps to protect ourselves as much as possible.  And I hope my explanations are not too far off base.


*We have no financial affiliation with this company--just like their product.

No comments:

Post a Comment