Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Joey wants to know if the new Net Neutrality bill will pass. Leo says probably not. The Senate is controlled by one party that isn't in favour of Net Neutrality and the president wouldn't sign it if it did. Their view is that the government shouldn't regulate the internet. But Leo says that while that's true, it's a good idea to have a check and balance on the internet service providers.
Should you use 2-factor authentication? Leo says yes, but Leo isn't a fan of 2FA over SMS text messaging. It's too easy to spoof, but it's better than nothing.
Nathan wants to know if there's any recourse if a company isn't protecting his passwords. Leo says in Europe they have the GDPR, but in the US the only real protection is through HIPPA in the medical field. Leo recommends talking to Brian Krebbs at Krebbs on Security and asking him how he should write a letter to warn them of their liability.
Tom uses DashLane for his password vault, and wants to know if their new VPN service slows him down. Leo says it can. He's essentially running a computer remotely, and it works with an encrypted tunnel. So, it can cause some latency as it works its way in and out of the tunnel. Not all VPNs are alike either. Some are faster than others, so he should check with DashLane to see how many servers they run. He also wants to be sure they don't log his use. Tom also doesn't like that he doesn't have the option to opt-out after they raised his monthly fee.
Mark wants to know if it's safe to use Kaspersky antivirus software. Leo says that Kaspersky is a great AVS utility, but it has fallen under a cloud of concern because the Russians may have used the software as a spying tool. The US Gov't has banned the use of it as a result. So it's probably best to err on the side of caution and avoid it.
If you need an AVS, Leo recommends using Windows Defender. It's free and comes with Windows 10.
The caller wants to know if backing up data to DropBox is secure? He's worried that backup companies have access to his sensitive data. Leo says he can encrypt the data, and he alone has the keys to that. So if he loses it, he's out of luck. DropBox will accept secure encrypted data. If he's looking for a cloud-based encryption backup option, SpiderOak is an option, though it's a bit clunky. VeraCrypt is another.
Neil bought a Helm email server on Leo's advice. He also bought a domain through Hover to use with it. This is a home email service, and the idea is that you put your email on a server that runs in your own house instead of trusting a service like Google to handle it. Neil is wondering how to back the device up. Leo says one of the things he gets for $99 per year is that Helm backs it up over the internet. What's cool is that the contents of the email on the local server is encrypted with a key that only Neil has access to. Helm even provides a secure USB key to decrypt the backups.
Brian travels a lot and would like to have a travel router to protect him from an open and unsecured internet. Leo says he uses one when he travels and it not only works as a firewall, but it also turns into a wireless hotspot for multiple devices. He uses one from TinyHardwareFirewall.com.
John is finding that when he goes to a website, he gets an additional window open with an advertisement. Leo says that's called a browser hijack and it's usually caused by an extension he doesn't recognize. John should look in his browser settings and extensions, and then see if there's anything in there he doesn't recognize. Chances are, there is.
Laverne made a secondary Yubico key on her network. She wants to know if her Galaxy Note 9 Android phone will unlock via NFC since it has a chip. But she gets an error message. Is it the key, or the phone? Leo suspects the phone isn't seeing the code as it needs to. She could try the YubiKey app that is available through the Google Play store.
Ron does some things online where his wife and he have separate passwords, and some where they share passwords. Is there a password manager for that? Leo says that it's called shared passwords and almost every password manager supports that. Basically, you send an invite and share it over as long as they are using the same password manager. LastPass has a Family Password manager. One Password is also a good one.