Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Jay has discovered that if he unlocks his keychain in macOS, his computer will log in faster. But is that secure? Leo says that macOS should unlock it automatically when you log into your Mac. But this is the reason why a password vault is a safe idea. Leo likes LastPass.
Jon wants to know how to use LastPass. He's having a lot of trouble as a blind man to use it. Leo says that while every company may not have a legal obligation, they certainly have an ethical obligation to make their software accessible. LastPass may have a full-time accessibility person, and if he contacts LastPass, they could help him figure it out.
Don has noticed someone from the Ukraine has tried to log into his Microsoft account on a weekly basis. Should he be concerned? Leo says as long as you don't use the same password, have 2-factor authentication, and have a password manager like Last Pass, there's no way he can get into it. But make sure you have 2 Factor turned on just in case someone manages to guess the password. It will then ask for an authentication code from you through Microsoft Authenticator, which notifies you via text. It's very secure.
Gary has a vintage W530 Thinkpad, and he needs to repair it. Leo says that there's an entire SubReddit on repairing old Thinkpads. Gary also needs to bypass the Windows 7 password. Leo says that in Windows 7, there is a hidden Administrator account. If you can enable that, you can get in and change your password.
Charles got a new Eero mesh router all set up (Eero is a sponsor of the TWiT Network), but now he gets a warning that his router can be seen online. Leo says that the best thing a router can do is be invisible by not responding to any online queries. It's called Stealth Mode. That's what GRC's Shields Up will test. Most routers have PING turn on by default. But you can turn it off in the security settings. Also, turn off universal plug n play and file sharing.
Craig is looking for a password manager and wants to sign up with LastPass (A sponsor of the TWiT Network and Studio). But is there anything special he has to do? Leo says that a password manager will not only store all your passwords, but it will also generate them for you. All you need to remember is the master password. Other options are One Password, Dash Lane and Bit Warden. Once you get LastPass all setup, you want to turn on 2 Factor Authentication so that if someone tries to break into or have your password, there is a second way to authenticate that will protect you.
Tom wants to know how a VPN can be secure or even fast if it has to cross ISPs. Leo says that is a good question. Leo says that a good VPN will have little latency, but the larger question is, who is running your VPN? That's who you're trusting with your privacy and security.
Ding got a notification recently about a Zelle transaction and wants to know if his bank account has been hacked. Leo says that unless they have your bank information, they can't. Signing up with an email account won't really do anything. But if one suspects something has happened, it may have been a keystroke logger or someone that stole information, but it's unlikely. If he is running Windows 10, then he should run Windows Defender, updating it regularly. There's no need for a third party AntiVirus. And he may want to change the bank account, demanding 2-factor authentication.
This week, Senators sent a letter to Facebook telling them to respect user privacy, especially when they request not being tracked. Turns out, even if users opt-out of being tracked, Facebook has been doing it anyway. Leo says that while he chooses to opt-out of having his online activity tracked, he understands that Facebook is a free service and they do have to pay the bills with targeted ads. But shouldn't they respect when someone doesn't want to be included?
Dave has a Windows 10 PC running Windows Defender as his antivirus. Is that a good idea? Leo says yes. Defender does everything you need it to do, as long as you keep it updated. But AVS software can also give you a false sense of security. The last line of defense is your online behavior. That means avoiding clicking on links or opening attachments.