Security Checkpoint Twitter Part 3: Hardware Tokens
Security Checkpoint – Twitter – is a new series of web videos where we go through and improve our digital privacy and security one step and one minute at a time. These are all great security and privacy practices. You can follow along as Alan goes through his digital life and cleans up data and access.
Multi-Factor Authentication
In this quick video we go through multi-factor authentication or MFA. It’s also called Two factor or two step authentication. Think of MFA as a layered approach to verifying you are how you claim to be. Why a layered approach? Simply, the more layers of security you have create more hoops for hackers to jump to breach your data. Good security requires knowing what you value. Then you take as many reasonable measures to prevent valuable data and systems falling into the wrong hands.
Follow along with the video in your own account at twitter.com
Authenticator Apps
We covered these last time, so watch the previous episode for more info.
Hardware Token Keys
We also demonstrate setting up a hardware token key. These function like the technology equivalent of a house key. You’ll have to pay a premium if you want this next-level security. We have the Yubikey 5C with NFC and Yubikey 5 with NFC.
You’ll want at least two (one shared backup is fine for a small company or department). Remember house keys? What happens if you accidentally lock yourself out of your house in a hurry to get somewhere? Well maybe you have another key entrusted to a neighbor or nearby family or friends. You don’t hide it the first place any thief would look under your doormat, do you? Maybe you need to check on that too. That’s why it’s important to buy at least a couple keys whenever you choose to use them. Set up both the same way at the same time and store your backup in a safe place. You can literally use a safe or locked filing cabinet for extra security!
Because you’ll want two hardware token keys and they are roughly $50 each, you should budget $100 to get started with these. You will also need to plan a couple of weeks lead time for the order process and until you get the devices delivered.
Don’t Care About Twitter? Think Again
Don’t use twitter much anymore but still have your account? Neither do we! Who cares? Well we do, and you should too! Cleaning up old data, accounts, and systems is a very vital part of your digital security and privacy well being. Imagine you had your old email from middle school without updates and just left the account running. The old server never got updated enough and now someone got into it and used it to compromise your work Instagram. Yikes! So safe removal, deletion, or updated security are required for all systems you use in your digital life.
If this post helped you improve your digital security and privacy please like, subscribe, and click the YouTube bell. You’ll be the first to know when we have more tips on Security Checkpoint for twitter and other digital services.
Security Checkpoint – Twitter – is a new series of web videos where we go through and improve our digital privacy and security one step and one minute at a time. These are all great security and privacy practices. You can follow along as Alan goes through his digital life and cleans up data and access.
Multi-Factor Authentication
In this quick video we go through multi-factor authentication or MFA. It’s also called Two factor or two step authentication. Think of MFA as a layered approach to verifying you are how you claim to be. Why a layered approach? Simply, the more layers of security you have create more hoops for hackers to jump to breach your data. Good security requires knowing what you value. Then you take as many reasonable measures to prevent valuable data and systems falling into the wrong hands.
Follow along with the video in your own account at twitter.com
Authenticator Apps
In this video we setup an authentication app on our mobile phone. We use Authy and recommend it to everyone. If you already use Google Authenticator, Microsoft Authenticator, Cisco Duo, or a similar app feel free to use that instead. These apps provide a good level of extra security with no additional cost. Don’t be distracted by that long list, just pick the one that you like the most and only use one.
Hardware Token Keys
We also demonstrate setting up a hardware token key. These function like the technology equivalent of a house key. You’ll have to pay a premium if you want this next-level security. We have the Yubikey 5C with NFC and Yubikey 5 with NFC.
You’ll want at least two (one shared backup is fine for a small company or department). Remember house keys? What happens if you accidentally lock yourself out of your house in a hurry to get somewhere? Well maybe you have another key entrusted to a neighbor or nearby family or friends. You don’t hide it the first place any thief would look under your doormat, do you? Maybe you need to check on that too. That’s why it’s important to buy at least a couple keys whenever you choose to use them. Set up both the same way at the same time and store your backup in a safe place. You can literally use a safe or locked filing cabinet for extra security!
Don’t Care About Twitter? Think Again
Don’t use twitter much anymore but still have your account? Neither do we! Who cares? Well we do, and you should too! Cleaning up old data, accounts, and systems is a very vital part of your digital security and privacy well being. Imagine you had your old email from middle school without updates and just left the account running. The old server never got updated enough and now someone got into it and used it to compromise your work Instagram. Yikes! So safe removal, deletion, or updated security are required for all systems you use in your digital life.
If this post helped you improve your digital security and privacy please like, subscribe, and click the YouTube bell. You’ll be the first to know when we have more tips on Security Checkpoint for twitter and other digital services.
Security Checkpoint – Twitter – is a new series of web videos where we go through and improve our digital privacy and security one step and one minute at a time. Because these are all great security and privacy practices you can follow along as Alan goes through his digital life and cleans up data and access.
In this quick video we go through app sessions and user sessions. We apply the principles of least privilege by getting rid of app connections and logged in sessions that are no longer needed.
Follow along with the video in your own account at twitter.com
Over time we all add apps and accounts that we no longer use or care about. Let’s take care of those now on Twitter. Each one of these increases our cyber attack risk surface. It’s a simple theory: any way that I can access my own accounts is also a potential opening for hackers.
If this post helped you improve your digital security and privacy please like, subscribe, and click the YouTube bell. You’ll be the first to know when we have more tips on Security Checkpoint for twitter and other digital services.
Are you ready for the passwordless future with passkeys? It’s already here. Or near. Well, it’s a good goal for all of us.
Passwords are annoying. And many times they don’t do enough to prevent data breaches.
If you’ve ever heard our founder Alan talk for a while you’re guaranteed to hear him say:
Security and usability are fundamentally at odds.
Alan Youngblood
This doesn’t have to be the case though. It is super easy to use Passkeys, but don’t take my word for it:
Login process with Passkeys on Macbook Pro
And it’s even more secure to use Passwordless systems.
By using the security capabilities of your devices like Touch ID and Face ID, passkeys are way more secure and are easier to use than both passwords and all current 2-factor authentication methods.
Typically this is a natural trade-off. Most security measures make your everday work and life a little bit more difficult while also making it much more difficult for hackers. So in practice it’s good security policy to take reasonable efforts that you know will be a slight pain to you and a major pain to hackers making them think twice.
Can’t we have both though? Every so often there is a truly different way that makes that possible!
That’s where Passkeys and passwordless systems come in. There’s a lot to say about this but the bottom line is simple: there are now computer systems that do not use passwords and are actually more secure than the systems that do.
Passwordless Future with Passkeys is More Secure
Do not mistake any of this to say we need to get rid of passwords. We’ll come back to this later but in some ways we may always have passwords for certain uses even in the passwordless future.
This also doesn’t mean wide open access or less secure systems. But how? In InfoSec we refer to authentication in a few ways. Authentication verifies a person or user of a system to make sure they are who they say they are.
Authentication can be:
Something you know. For example: a password.
Something you have. For example: a hardware token or smart badge/card.
Something you are. For example: fingerprint scanning, Face ID, or other biometric data.
Two factor or multi factor authentication (MFA) is just a combo of more than one of those methods. More layers of security tends to give a more secure system.
But many passwordless systems actually combine several factors into one more simple action. For example, using Passkeys combine Something you have: your mobile smartphone and something you are: the phone’s biometric touch or face id. So instead of fumbling around with a 6 digit code or remembering a password that’s hard for you to remember and easy for a computer to guess, you already have MFA built-in with one simple step.
Passwords are the weakest link in security. Think about it: they are shared at some point in the login transaction with the server. It’s something you know but that doesn’t mean someone else might know it too. I can tell you about “MySUPERsecretPasswd456!” and you you already know that one. Pro-tip: we never use that password and we recommend you never use it either. With something like passkeys, the hardware of your smartphone is leveraged and authenticates to the server basically saying you are who you claim to be and everything’s fine to let you in.
I’m just going to assume for a minute that you do a good job managing your passwords and use significantly complex, unique ones on all your accounts. Even if that were true for everyone, there’s a lot of data that gets exposed when you are a part of a service, let’s just say Facebook because so many people are there. Let’s say someone on Facebook signs up with a password “Password123.” This laughably easy password then gives hackers a potential in to the entire system. While it may not expose everyone or everything, at minimum, it provides this hacker with the next step and clues to hack other data and people.
Why We Can Trust the Security of Passwordless Passkeys
What’s wilder about these systems is that they aren’t entirely new. That’s part of the reason we can trust them.
These are all built on well established protocols and technologies. Much of the magic of public/private key cryptography has been around in regular use for decades, since the 1970’s. Passwords we use now are still vulnerable because common wording or being knowable by people other than the authorized users.
Why We Can’t Have Nice Things
The biggest challenge is that even if there’s a better way, it requires change from a lot of people. Many of us are not ready for a passwordless future with passkeys if it involves doing things differently.
There’s two crucial requirements to be able to use Passwordless systems:
Everyone using them has to have either an up to date smartphone, computer, or hardware key token.
Every account and system software needs to have this feature integrated into them and users need to learn how to use it.
Easier said than done.
I don’t wanna change I’ll rise above it But it’s so damn hard to make that change
Adam Granduciel, song Change performed by The War on Drugs
Change isn’t always easy. I get it. Even when we’re in a bad place sometimes we want to cling to the “devil we know.” Why risk it doing things differently?
Plus this requires change from a lot of people, namely those we lack any control or influence over. As a company’s leader it would be easy enough to make it corporate policy to assure all employees make a change that helps everyone. But there’s still the other end of these systems, the platform holders that you can make requests to but ultimately don’t have to do anything. And there’s the bit about having updated computing devices. While this is good practice in general, it doesn’t mean we all do it. And there’s the training, why learn a new thing if what we all did a few years ago seems perfectly fine to get the job done?
Passwordless Future Goals with Passkeys
For all these reasons we recommend Passwordless systems as a great goal. We ourselves are working toward implementing and using these systems incrementally in our business and personal lives where possible. But it has to be opt-in.
You can lead an animal to water but you cannot make them drink.
Old English proverb attributed first to John Heywood
Having the personal buy-in from each person who will use the system means they are showing up ready to learn something new and try it for its merits.
The Password is dead! Long live the Password!
The password is DEAD! Long live the Password!
You didn’t really think we’d be giving up the passwords everywhere so soon did you?
Because it’s simply not practical to expect everyone to give up their current systems we suggest you phase in the Passwordless tech where you can. Meanwhile, passwords are still the best standard way to secure everything from your WiFi connected toaster to databases with trade secrets.
So we’ll end here by pointing you back to advice that’s still great for using BitWarden as your password manager for all the systems that aren’t ready for that change yet. If you don’t feel like you can remember your master password or secure it in a safe place like a lockbox, you should consider using a different trusted system like 1Password in the video below.
Seems like just yesterday I was wrapping my head around Inception-style remote connections and virtualization with the support team at Global Knowledge. Now I’m managing Oak City IT’s microservers in docker on infrastructure we designed and built to serve our clients’ needs!
More than just ransomware, your hardware will break some day. We have already helped clients with both of these underlying issues recover their data, repair or replace their devices, and get back online. A lot of the downtime, pain, and costs can be avoided by having a backup plan in place now for the inevitable problems that will occur.
That’s why we are encouraging new clients to join our flexible subscription plans where we include backup plans, virus protection, and remote monitoring with our support. Our plans offer you a 30 days cancellation policy. We want to earn your trust through reliable work that addresses your core concerns, not contractually obligating you to trust us.
In our first of many meetings Alan met Neal Isaacs of VR Business Brokers at the Oaks of Lake Benson Park. We walked about 2 miles over about 45 minutes while discussing business, life in Garner, and of course tech!
Meet at the Oaks of Lake Benson. Call our business number 919-480-1547 or see the bottom of our Home Page for more details to schedule a walk in the park to talk tech and how our business can help you!
From Left – Alan of Oak City IT and Neal Isaacs of VR Business Brokers
Neal is an ambassador at the Garner Chamber of Commerce and Alan has been getting to know other people and businesses at the chamber. It’s a fantastic group of people who are all passionate about community, their work, and helping others. Neal prioritizes relationships and has great ideas for improving businesses.
If you own a business and you’re looking to sell I encourage you to chat with Neal. You can find more info at his company’s website.
We talked tech briefly because I know not everyone wants to geek out like I do. Neal had asked about Internet Service options which seems to be a popular topic from other businesses I’ve heard. There’s often some relatively cheap and easy ways to boost your Internet speeds and I’m always excited to help clients discover those.
We shared our company goals and some strategies for how we’re both adapting to the rapidly changing market. I always appreciate chatting about business and helping others. This time around Neal may have shared more sage advice with me which I’m grateful. I’m sure it won’t be long before I pay it forward and help others like you!
IT work that actually works! We share all the best tips and tricks to tech in your organization. Also, posts show off our clients’ success stories which are ideas for how we can help you.
Modern computing technology requires a wide breadth and depth of knowledge. Thus we’re not only comfortable sharing our tips and tricks we insist on empowering you.
Your goals are our goals
Many IT service providers stick to old processes to do their job. This might have worked at one point, but you have new needs today to adapt to an ever changing world. Consider asking a professional that’s more in tune to your needs than trying to reach a quota on their ticketing system. To give you IT work that actually works for you we listen to your needs and goals first then apply our vast knowledge to the best solution for you.
Need something faster? Got a tight budget to work with? Need the best in class solutions? Our loyalty is solely to our clients. Trust us to not railroad you into a solution that fits our needs and forgets yours. Instead we will take your goals and consult with you on the best way to reach them.
Think global; act local
We have experience working with clients all over the world, but we like to focus on organizations in the greater Raleigh North Carolina area. We live here and we like figuratively and literally seeing eye to eye in person. If your Internet connection goes down, you don’t want to have to wait on service from someone in another time zone to try to fix it. You need help now. We look forward to earning your trust with the services you need and there’s no better way than to provide knowledgeable timely help in person!
