Yesterday's story about Collection #1 - a package of hacked email passwords, is actually now reported to be a few years old, so the damage is not as great as previously believed. But Leo still says that it's a wise idea to go to HaveIBeenPwned.com/passwords and see if your account has been hacked. And then change your password. In fact, it may be a good idea to change it anyway, and turn on 2 factor authentication while you're at it.
Bruce wants to know why he's being asked for his iCloud password all the time on his iPhone 8. Leo isn't sure why this happens, but it's happened to him as well. It does go away eventually. Leo thinks it's just a bug. Leo suggests going into settings, and re-entering his passwords there.
Greg wants to know if his mesh router can work with a network switch. Leo says that mesh routers prefer to handle all management on the network. He can use a switch as a hub, though, and the dumber they are, the better. TP-Link makes a 24 port switch that works great with the Eero. The key is to get an "unmanaged switch".
Carmine has 2 factor authentication on most of his systems, but some use SMS, and he thinks that's not very secure. Leo says that there will always be a trade-off between security and convenience. But SMS is far easier to crack than independent authentication through an authenticator. Leo says to contact the cellphone company and have them put their additional layer of authentication on her phone.
If you've seen a warning message or a popup online telling you that you've been hacked and that you need to take immediate action, chances are good that it's just a scam. These are nothing more than scare tactics designed to make you fall for something, whether it be giving your information or actually making a payment. But with all of the major security breaches happening, like the one at Marriott, there is some legitimate concern that your accounts could have been compromised. In other words, there is a chance you've been "pwned."
Australia has recently passed a bill that would require companies like Signal and 1Password to provide the government with user messages and data upon request. Many companies that offer encrypted communications, however, don't have access to that information themselves because it uses end-to-end encryption. But now that sort of encryption technology is illegal in Australia without a 'back door' being put in. If there is a back door, then access to that data isn't just available to the government, it could be available to any hacker as well.
Ed thinks the iPhone is more secure than Android because malware always affects Android, not Apple. Leo says that Apple keeps the iPhone more sandboxed and doesn't allow users to install anything but apps approved by Apple. Google, by contrast, allows alternative Android stores, but they do require all apps in the Google Play to be approved. Apple is only marginally more secure. Bottom line, Apple will protect his information, and Google will sell it.
Gary is about to get an Android phone and is concerned about security. Leo says that mobile phones have enhanced security with apps sandboxed from one another, and as such, are extremely secure. Android also has a mobile kill switch for apps, so if a bad app is installed, Google can kill it. So he doesn't really need an antivirus app for his smartphone. He should just make sure to only install apps from reputable sources.
Richard wants to know if apps on his smartphones can track him if it's off. Leo says no. No app can track him if the phone is off. But it's not very useful that way. He can either remove the app, or revoke its permissions. Can the government remotely turn it on? Leo says no. Not yet, anyway.
Doug likes to visit the Aviation Weather Service online, but he's been having trouble with it lately. Leo says that's because it uses Java and the Java browser plugin has probably been disabled. Doug should go into his browser settings and be sure it's installed, updated, and enabled. But it's getting harder to use Java in the browser. If he has Firefox version 52 or higher, or Chrome 42 or higher, or even Safari, the plugin would have been disabled for security reasons. So his only choice may be to use Internet Explorer for that site. He'll have to turn on scripting for Java apps.