Adam has been keeping his bank information and passwords in the notes section of the iPhone, and he's wondering how secure that really is. Leo says that having different passwords for every account is a good thing and using a password manager is the best way to handle them. So take that next step and get LastPass. He should also turn on second factor authentication on every site that supports it.
second factor authentication
With the breaking news that several celebrities who had their cloud accounts hacked and nude photos published on the internet, Leo says that this underscores the need for second factor authentication. Companies use secret questions so that you can answer them and get your password or reset it. But Leo says that people make the mistake of answering these questions truthfully. And for a celebrities, that's very easy to discover. Leo uses pneumonics and puts in bogus answers that only he knows and nobody can guess.
Andy forgot his password to his Yahoo mail account and he's having trouble resetting it. Leo says the process of answering the secret questions by going to the log in and then click "I can't access my account." You'll then be asked your secret questions. This is also a good idea to add second factor authentication so that when you do reset, it'll let you know via your cellphone. Try that as well.
Henry uses Yahoo Mail, and he got a message from Yahoo forcing him to change his password. Leo says that Yahoo gets hacked a lot and they may have noted some activity on Henry's email and prompted him to change it. But now he can't access his account. Leo says that's a good signal that his account had been hacked. He probably won't have much luck contacting Yahoo to fix it, either.
The 'Heartbleed' bug that has affected most of the internet's popular websites has exposed usernames and passwords along with other secure certificate data. Even after a site has fixed this bug, it's still essential for everyone to change their passwords because the data could have been intercepted before the site was patched. This is a great opportunity to create more secure passwords, and to start using a password vault like LastPass.
The OpenSSL Library, a security function used in most encrypted websites, has been discovered to have a bug which the NSA has been using to spy on users in 2/3rds of the websites on the internet. It is able to read the memory of the webserver and leaves no trace. It's been there for about two years. Bad guys can use it to co-opt a site's certificate for "man in the middle" attacks.
Dave wants to know the best way to protect himself when banking online. Leo says that it's obvious that banking personally is far more secure than banking online. But coupling the convenience of online banking with very limited liability, it's hard not to take advantage of it.
Leo recommends using two factor authentication to protect his password because it requires an authentication code sent to his phone. He should make sure he is using "https://" when connecting to his bank's site. His bank should be using that automatically.
Trevor signed up for additional storage on Google Drive and wants to encrypt his data. Leo says that a lot of the value of Google drive is lost if he encrypts it. But many people are concerned with hackers and the NSA seeing everything. Leo says that encryption is a good way to give him peace of mind. TrueCrypt is a free program that allows him to scramble any file and then move it to Google Drive. It will be unreadable to everyone, as long as he uses a good strong password.
Taylor is moving from an iPhone to a Samsung Galaxy S4. He has two factor authentication set up on his current phone, and is wondering if there's an easier way to transfer it all to the new phone.