Security

Everyone uses Social Media these days and we’re trusting it with more and more of our personally identifiable information (PII). Our interests, comments, check-ins, likes and the network of friends and family we build-up all contribute to a context-heavy online identity. If an attacker gains control of your online identity, they can easily: Steal all your personal information Post content and messages on your behalf to hurt you or your network of friends and family Use implicit trust to gain access to other online services Impersonate you, abusing the trust you have with your network of friends and family to … Read more

Here’s a set of guides I’ve put together to help you understand your online security posture and how you might improve it. Stop using the same password everywhere! Weak passwords and how to choose a strong complex memorable password Setting up and using a Password Manager Setting up and using Two/Multi Factor Authentication (2FA/MFA) Facebook security

What’s wrong with my username and password? Typical online authentication requires a username and a password – this is something a user has to know. These can be (and are frequently) written down, shared with other people or leaked from hacked sites to the world by malicious third parties.. Users will often setup the same username and password with multiple online services. This is super-convenient because they only have to remember one set of credentials, but if those credentials get leaked, hackers will have access to all services where that set of credentials have been used. This could be your mailbox, … Read more

What makes a password weak? A weak password is one that can be easily guessed or broken. This might be because it’s made up of public information associated with you. For example: You or your family’s dates of birth Names of your family members Your pet’s names Your nickname your car your favourite football team etc. Your password might be a known default password. Many items of computer hardware which connect to the Internet have factory default usernames and passwords. These are often variations of the words admin and password. Recently installed, but unconfigured software or content management systems will often … Read more

What is a Password Manager A Password Manager (PM) is a service or app that stores and enters usernames and passwords for you into online services or mobile apps. A good PM will also generate strong passwords for you and also help you identify weak or compromised passwords. The core concept is that you have a single strong but memorable Master Password that secures your PM. All the passwords for everything else should be complex and impossible to remember or guess (and often tricky to type). This makes them secure. In theory, the only passwords you ever need to remember … Read more

Why is this a bad thing? Using the same password everywhere makes everyone’s life easier. It means you can log into your bank, your online shopping, your mailbox and social media without having to remember dozens of passwords. However, using the same password on multiple online services is like using the same key to unlock your front door, your car, your suitcase and your safety deposit box. If someone sees your key and makes a copy of it, they can now unlock everything. They can not only steal whatever you’re protecting with that key (money, personal information etc), but they … Read more

How might this have happened? You have authorised an app in Facebook to post on your behalf Your have used the same email address and password on another online service and these credentials have been leaked/exfiltrated. You are using a weak easily-guessed password for either: Facebook (this is fixable) another service such as your mailbox (gmail, outlook etc) that an attacker has used with Facebook’s “forgot password” function (really bad) your password manager (worst case) What should I do? Secure Facebook Change your Facebook password to a temporary one you’ve never used before and isn’t a variation of your previous … Read more