Tag: advice

Linkedin Pulse Replay: Random Thought of the Night: One Smartphone to secure them all! RTOTN

My preciousss! Most people treat their smart phone as if it were one of the rings of power. Why? The few non-initiates have been asking this question for a long time. The answer is simple. A smartphone is the most
versatile and most often used item I own. I read news, books, comics, listen to podcasts, watch videos, navigate, communicate. I also create content, do picture, videos, write text. I am stating the obvious. But a smartphone also boosts security and helps me become invisible! 

Security
Of course we use a different password for every service. But there is something even better. Two factor authentication is the answer to protect your online persona. The easiest way to do this is to sign up via your cell phone number.  You get a text message with a one time code to login. This is an easy solution to all those hacked social media accounts. Even if the hacker gets his hands on your password, as long as he does not also get the text messages to your cell number you are fine. Since your precious phone is living with you 24/7 it makes a lot of sense to authenticate this way. 

The cell phone option is available from all the big services such as gmail, yahoo, outlook.com, etc. It can be even used with a dumbphone. Another pretty common type of two factor authentication is RSA tags, these small keychain authenticators. But the token might be forgotten, and carrying one for every service is a logistical nightmare. RSA key tags have been around a long time. Most gamers use them to protect their MMO accounts from being hacked. By now there are smartphone app versions which add the benefit of the ‘one ring’ to the security of RSA. If you use these you just have one device you take care off. And no text messages needed. This can be a big help while travelling in foreign countries.
The most versatile app is the Google authenticator. It helps you to easily two factor authenticate with your Googlemail, Evernote, Facebook etc. as you can easily assign the app to do more than one authentication. Mine is producing revolving keys to 5 different services right now. Just make sure you keep a backup of your smartphone setup and some printed out spare keys in a locker for emergencies!

Invisibility:
This sounds counterintuitive. Everyone is clamoring about how a smartphone logs everything you do and everyone you contact. True, but that is ON YOU! If you decide to use life logging or a location service on your facebook picture upload, of course you leave a lot of traces. One way to prevent this is not using a smart phone, but you can also avoid this by using your smart phone more smartly.

Think about why those services for counting your videos, tracking your fitness, displaying your pictures, collecting information are offered for free. Most services which offer to track stuff for you also track your stuff for themselves. Now imagine logging in to every service you use via e.g. your Facebook or Gmail. You do not only give the company a lot of aggregated data. Sign up with your main account to everything and the cloud owns all your data in one neat package for companies to profile you on! And worse, once you get hacked, the hacker controls everything, not just the one service.

But there is an easy solution: Spread out the data! Don’t use your main account for every service you use. Why not sign up for different services with different email accounts? Convenience, you say? Too many passwords and logins to remember?
There as ways to mitigate this: One is the password safe. Aside from being a very helpful tool to not have the same account/password for everything, you can use really weird account/passwords that are difficult to hack. Just make sure your password safe and your smartphone are secure.

If you want to keep the password in your head, make sure you add some specialty for every service so the checksum of the password will be different. MyPassword46 and mYpassword64 produce very different hashes (In the end, the more you spread out your web use, the more difficult it becomes for companies to gather data on you, or for hackers to use your data against you. Of course this is not perfect. If you use all of your accounts on the same smartphone there is always a way to combine your data if one service is registered to myname@gmail.com and one to sunset82@yahoo.com.  

P.S: And with non-standard email apps such as Aquamail for Android or Thunderbird you can easily keep all the different accounts at your fingertips. More on useful apps later.