Mike wants to know about passwords and how often he should change the ones on his computer. Leo says that local passwords, like for logging into his laptop aren't that big of a deal. Someone would have to have physical access to the computer and a lot of time to crack it. So that's not really the one to worry about. It's the passwords online, and even then, those passwords are encrypted. Those who change passwords a lot are those who have passwords that are shamefully easy to guess.
Carla is overwhelmed by all of the passwords she has to remember. What can she use to help manage that? Leo says a password vault will generate a unique and strong password that's difficult to crack. The best passwords are long and random with a combination of upper and lower case, numbers, letters and punctuation. Leo advises using LastPass. She can download and use it for free on the desktop, or pay $12 for some additional features including mobile use.
With the breaking news that several celebrities who had their cloud accounts hacked and nude photos published on the internet, Leo says that this underscores the need for second factor authentication. Companies use secret questions so that you can answer them and get your password or reset it. But Leo says that people make the mistake of answering these questions truthfully. And for a celebrities, that's very easy to discover. Leo uses pneumonics and puts in bogus answers that only he knows and nobody can guess.
Leo says since most MacBook Pros come with SSDs now, it's important to turn on drive encryption right away. If he doesn't encrypt the drive from day one, some data could end up unencrypted on that drive. Turn on encryption before putting private data on it. The Mac comes with something called File Vault for encryption, which he can access right from the Mac's System Preferences. He just has to turn it on, and he won't even know it's running. The only reason to do this is in the event that his computer was stolen.
Remy is a psychologist and he keeps a lot of patient data on his phone. How can he lock that down without having to lock down all of his phone? Leo says it's wise to lock it down completely. If it's lost or stolen, he'll really want to make it difficult for someone to get to the data. Password protecting the phone with a passcode isn't that big of a disruption, and it's an extra measure to protect that data he's talking about. It encrypts the entire contents of the phone.
The 'Heartbleed' bug that has affected most of the internet's popular websites has exposed usernames and passwords along with other secure certificate data. Even after a site has fixed this bug, it's still essential for everyone to change their passwords because the data could have been intercepted before the site was patched. This is a great opportunity to create more secure passwords, and to start using a password vault like LastPass.
The OpenSSL Library, a security function used in most encrypted websites, has been discovered to have a bug which the NSA has been using to spy on users in 2/3rds of the websites on the internet. It is able to read the memory of the webserver and leaves no trace. It's been there for about two years. Bad guys can use it to co-opt a site's certificate for "man in the middle" attacks.
Scott wants to know why the iPhone doesn't backup all of his Wi-Fi passwords when backing up. Apparently iTunes doesn't keep them. The Chatroom says that LastPass should be able to do it, and Leo agrees. The Premium version is only $12 and it's worth every penny.