Larry has been asked to submit his tax returns electronically, which has a clickable link to electronically sign. He's hesitant, especially since a similar attempt was a phishing scam a few years back. Leo says that Right Signature, Docu Sign, and others give you a secure link to digitally sign. The problem is, how do they verify it's him that clicks on the link and digitally signs? They should be requiring a PIN code, or second factor authentication.
second factor authentication
Every time Charles tries to open Gmail on his Google Nexus, it wants him to sign in. He's suspicious that someone may have hacked his account. Leo says that there's a lot of reasons to be advised of that, but it's always wise to run Google's Security Checkup just to be safe. It'll tell him what devices are connected to his account and also input a second factor authentication warning.
Vernon was told by his insurance company that they would be sending him documents via email, and the first two times, he didn't receive it. The third time they sent it, it arrived. They told him the document was encrypted, but he could put anything in the password field to open it. He's now concerned that his personal information could be out in the wild.
Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.
Laxman likes Leo's new show The New ScreenSavers and wonders if there's a Call for Help segment. Leo says there is and he can email them to make that request. They choose the best calls and then call that person back.
On June 15, 2015, password manager LastPass made an announcement that its password database was hacked and some user account information had been stolen. Since LastPass has uses encryption and many layers of protection to slow down hackers, the damage will be minimal for LastPass users. While the hackers may have obtained the database of master passwords, they still don't have immediate access to everyone's passwords. That information has been encrypted, salted, and hashed, so it would take quite a bit of effort to break into it.
This week, Leo's preferred password manager LastPass got hacked. Leo still recommends them though, because they can generate extremely long custom passwords, so all you have to remember is the one LastPass password. But that's where the achilles heal was.
Jeri isn't getting her text messages through her laptops, and her carrier is AT&T. Leo says that text messages are through the cell phone. Leo says that the first time she logs in, the bank will send her a text. She'll then input the code and the website will know that her browser activity is legit. But she shouldn't have to do it every time if she has the box checked to "trust this computer." Then it'll trust it every time and not worry about it.
Adam has been keeping his bank information and passwords in the notes section of the iPhone, and he's wondering how secure that really is. Leo says that having different passwords for every account is a good thing and using a password manager is the best way to handle them. So take that next step and get LastPass. He should also turn on second factor authentication on every site that supports it.
With the breaking news that several celebrities who had their cloud accounts hacked and nude photos published on the internet, Leo says that this underscores the need for second factor authentication. Companies use secret questions so that you can answer them and get your password or reset it. But Leo says that people make the mistake of answering these questions truthfully. And for a celebrities, that's very easy to discover. Leo uses pneumonics and puts in bogus answers that only he knows and nobody can guess.