February 15, 2016 Meeting: Nonnie Markeset, Facilitator
NOTE – We have several options for reviewing notes from this meeting:
- If you’d like to see a video with voice over of the presentation deck, CLICK HERE to view it on YouTube.
- If you would like to view a PDF of the presentation deck with images, CLICK HERE
- If you would like to download a PDF of the printable meeting notes that were published prior to the meeting, CLICK HERE
How to Secure your Mac and iDevices and Avoid Common Vulnerabilities
What are vulnerabilities?
3. Trojan Horses
Vulnerabilities We Create Ourselves
- Weak Passwords
- Sharing too much personal information on public websites, likeFacebook
- Visiting sites that contain your sensitive information on a publiccomputer or on a public website
- Visiting “bad sites”. Ones that offer free movies, music, cheapgoods and services.
- Clicking on links in emails you receive
- Not having your computer/iDevices password or passcodeprotected and/or having a weak password/passcode for your device.
- Having the same password or similar for all sites.
- Not keeping your OS/iOS and apps up to date
- Spilling coffee on your keyboard
- Dropping your device
Of all the vulnerabilities listed above, your greatest vulnerability is your passwords:
Spills and Drops 9%
Trojan Horses 5%
Weak Passwords 85%
Here are some examples of weak passwords:
Here are some examples of strong passwords:
And remember this adage:
If an offer is too good to be true, it is usually too good to be true!
How to create strong passwords
- Make it at least 12 characters
- Have it contain numbers, capitals, small letters, and symbols
- Do not use words found in the dictionary
- Do not use names associated with you, your family or your pets
- Do not use birthday
- Make a unique password for each site
Website to check the strength of your password
http:// http://www.takecontrolbooks.com/ resources/0148/zxcvbn/
How to remember your passwords?
(Hint: You Don’t)
3 ways to manage your passwords:
# 1 and the least desirable:
– with “AutoFill” turned on in Safari
# 2 and “if you really don’t want to go any further”:
– Use Keychain Access on your computer (It’s found in the Utilities Folder in your Applications)
# 3 Use a third party password manager app:
– 2 Trusted and Excellent Apps
Set up 2-step verification for any site that has this feature
This, however, requires you to have a mobile device on which you can receive a generated code to complete the sign in process. This code will be sent to you via a special app on your iDevice or via an SMS message if you are using an iPad.
How It Works
- Go to the site.
- Enter your password.
- Receive a randomly generated code on your phone.
- Enter that as a second password on the site.
I’m signing in to the Apple Site with 2-step verification.
I’ve entered my password for the site.
A verification code has been sent to my iPhone.
I enter that code into the boxes that appear on my computer.
Some sites that offer 2-step verification:
Google/Gmail — https://www.google.com/landing/2step/
Facebook — Go to Settings, Security and select Login Approvals
Apple/iTunes/iCloud — https://support.apple.com/en-us/HT204152
Many banks and investment sites
Steps to take if you think you have been compromised
- Change the password for the compromised site.
- Change the questions and answers to the security questions forthat site.
- Change the passwords for other sites.
- Set up a prioritized list of sites that need to have passwordschanged:
• All your email account passwords • Bank and investment accounts
• Facebook and other social sites
• Amazon, Netflix
I also recommend that you set up a schedule to change passwords every six months, at least for your most important sites.
What to do if you get constant pop-ups in your web browser warning you that your computer has been compromised.
DO NOT CLICK ON THE LINK
DO NOT DOWNLOAD THE SUGGESTED APP THAT CLAIMS IT WILL CLEAN YOUR COMPUTER
DO NOT CALL THE TELEPHONE NUMBER LISTED AND GIVE THEM ANY INFORMATION
Instead do these 2 things
1. In Safari (Firefox and Chrome have similar procedures) “Clear History” in the Safari drop down menu
2. In Safari Preferences, go to “Privacy”
- Cookies & website data – “Remove all website data”
- Website tracking – “Ask websites not to track me”
Malware, Viruses, Trojan Horses, and Hackers
These are vulnerabilities that come from external sources.
A virus is a type of malware that gets installed on a computer without permission and has the ability to create havoc with your computer. This type of malware is at this point “non-existent” on Macs because of the safeguards Apple sets up.
The types of malware that Mac users must be aware of are called Trojan horses. They are pieces of software that can piggyback on other software to get into your computer. Basically you give them permission without knowing it.
Do you need Anti-Virus software to protect yourself from these? Most Mac pundits will say no.
Instead follow these 4 rules
1. Keep your Mac updated
- Make sure you have the latest OS and when incremental updates come through make sure to install them
- Update the apps you use when you are notified of updates.
- Turn on Auto-Update if you want in System Preferences-App Store
2. Download software only from trusted sites. Here are some safe sites
- Mac App Store
3. Stay informed and research an unknown site before you download from it.
2 good sites to check and to keep you informed are:
4. Do not click on links contained in emails you receive
- As frustrating as this is you are safer if you open your web browser and manually put in the address… do not copy it.
- Gmail has two new symbols to inform you if your email is being sent encrypted and if the person you are receiving the email from is the actual person sending the email. The first is represented by a lock and the second by a question mark.
1. In Safari Preferences under General make sure “Open Safe Files” is unchecked
2. In System Preferences under Security and Privacy, chose “Mac App Store and Identified Developers”.
The firewall lets you block incoming traffic to particular programs, meaning it is only useful if there are programs on your computer that you want to restrict in terms of incoming information.
If that’s not the case, and if you use the Internet primarily behind a secure router, you probably don’t need to enable a firewall at all.