second factor authentication

Generate and Store Secure Passwords with LastPass

The 'Heartbleed' bug that has affected most of the internet's popular websites has exposed usernames and passwords along with other secure certificate data. Even after a site has fixed this bug, it's still essential for everyone to change their passwords because the data could have been intercepted before the site was patched. This is a great opportunity to create more secure passwords, and to start using a password vault like LastPass.

Security Bug Found in Encryption Used in Most Websites

Episode 1073

The OpenSSL Library, a security function used in most encrypted websites, has been discovered to have a bug which the NSA has been using to spy on users in 2/3rds of the websites on the internet. It is able to read the memory of the webserver and leaves no trace. It's been there for about two years. Bad guys can use it to co-opt a site's certificate for "man in the middle" attacks.

How can I protect myself when banking online?

Dave from Bellflower, CA

Episode 1070

Dave wants to know the best way to protect himself when banking online. Leo says that it's obvious that banking personally is far more secure than banking online. But coupling the convenience of online banking with very limited liability, it's hard not to take advantage of it.

Leo recommends using two factor authentication to protect his password because it requires an authentication code sent to his phone. He should make sure he is using "https://" when connecting to his bank's site. His bank should be using that automatically.

How can I encrypt my data on Google Drive?

Trevor from Richmond, CA

Episode 1069

Trevor signed up for additional storage on Google Drive and wants to encrypt his data. Leo says that a lot of the value of Google drive is lost if he encrypts it. But many people are concerned with hackers and the NSA seeing everything. Leo says that encryption is a good way to give him peace of mind. TrueCrypt is a free program that allows him to scramble any file and then move it to Google Drive. It will be unreadable to everyone, as long as he uses a good strong password.