Friday, August 15, 2014

iPhone vs Android - Security (Part 7)


We're nearing the end of our iPhone vs Android comparison. In this section we talk about mobile Security. It may be something you haven't really thought about. "Why would anyone want to hack my phone?" you might ask. Well, let's think for a second about the amount of personal data you have on your smartphone.

If someone has access to your phone, they can usually easily access you email (and where are your passwords sent when you click "Forgotten Password')? Then there's your location information, your social networks, your internet searches, the websites you've been visiting, your bookmarks, photos and contacts. See what I mean?

There are two aspects to securing your phone, physical and virtual. Being vigilant to the rising risk of smartphone theft is becoming increasingly important. For example, nearly 2,400 cell phones were stolen in San Francisco alone last year, a 23 percent rise from the year before. According to the  FCC, one in three robberies in the US involve the high-value devices. Not leaving your phone on view or sitting on a coffee or restaurant table are good habits to get into. US lawmakers are in the process of enacting legistration requiring cell phone manufacturer to build a "kill-switch" into their phones (Minnestoa has already passed this law and California isn't far behind).

On the virtual front, there are a number of simple things that you can do to protect yourself.

iPhone

First of all, make sure that you "Lock" your phone with a code. It's in General / Passcode Lock. This can be either a simple 4-digit code or a more complex password. I suggest also enabling "Erase Data" which will delete your phones contents after 10 failed attempts (don't forget your number). You should also enable Find My iPhone which enables you to track your phone, lock it, remotely wipe it and prevent it from being reactivated without your password. Of course, you should regularly backup your phone ... see my earlier article on backup).

Android

The situation on Android is a little more complex. Apple’s iPhone is generally deemed to be secure due to its ‘sandbox’ configuration. This stops applications communicating with the phone and means the platform accounted for only 0.7% of mobile malware in 2012. Google's Android operating system is built on an open model which means that it is much easier to post malicious apps which can hijack your phone, send text messages to super expensive phone numbers, monitor your calls or online shopping. First of all, only download your apps from Google's Play Store. (make sure Settings / Security & Screen Lock / Unknown Sources is unchecked).

Next, always check the permissions that the app is asking for when it installs itself. For example, Angry Birds doesn't need permission to send text messages.

Next, just as on the iPhone, make sure that your phone has a lock. On my Motorola Droid, this can be a pattern, face recognition or a PIN. I've tried the face recognition and its crap. it can take multiple attempts and is slow. I used to use a pattern because I thought it was cool and easy to remember. Then I met a chap who ran the FBI's Cyber-Crime Prevention team. When he saw me swipe my phone to get into it he said "Don't use a pattern, it's way too easy to crack. Just hold your phone up and look at the screen sideways. You'll see the smear pattern left on the screen. Just trace is one way or the other way and bingo, you're in." Now I use a PIN. Interestingly, he also said that at last count they had over 100,000 known malware and virus' on the Android, but none on the iPhone. I couldn't believe it. None is incredible.

Next, make sure your phone automatically locks (Settings / Security & Screen Lock / Automatically Lock) and that Verify apps is checked (Settings / Security & Screen Lock / Verify apps).

Finally, I'd recommend installing at least one security app. There are many to choose from, but I'd recommend either Lookout (my preference), AVG Mobilation Antivirus or Avast Free Mobile Security. These apps will check for malicious apps during installation, premium telephone numbers, find your phone, remotely lock and wipe etc. Having used them on my Droid, they can slow your phone down and cause some hiccups, but in general I believe it's definitely worth any downside.

Remember the saying "An ounce of prevention is worth a pound of cure"? So be sure that you're regularly backing up. On Android that's easy. Just enable your Google+ backup (Settings / Accounts / Google and then make sure everything is checked). You can also see my article on Phone Backup.

So Which Offers the Best Security?

Like everything, it's personal preference. I like the iPhone because it offers excellent security without any need to install third party apps which can cause issues. On the other hand, it doesn't offer app permission or the ability to encrypt the phone and SD card. The real take away is to protect yourself by taking these simple steps:
  • Be vigilant when using your phone, especially when out and about
  • Lock your Device
  • Make sure you've recently backed up
  • Keep your OS and Apps up to Date
  • Be careful what you click on
  • Only download apps from Google or Apple
  • Install a mobile security app if your on Android
  • Be careful with public or unsecured WiFi

Friday, May 16, 2014

App of the Week - LastPass

It seems like every week there's a new "threat" we have to worry about. The latest Heartbleed and Internet Explorer vulnerabilities are just 2 of the latest examples requiring us to be vigilant with our passwords. "Change your password" they tell us, but that's easier said than done. Mozilla did a study of volunteers that saved passwords in Firefox some time ago. From the volunteers, more than 30% used less than 3 different passwords. People are still using common passwords like 123456 and password. But even more complicated passwords involving substitutions such as "dr4mat1c" and phrases like "Iloveyou" are getting easier for hackers to crack as computers get faster and the software they use more sophisticated. According to InstantCheckMate, an expert hacker can crack the average password in under 3 minutes. So what's to be done?

Safest Passwords

The safest passwords to use are those that are completely random, use combinations of numbers, letters and special characters and are 8 characters or more. "d2#-.6hGr,!oP2" would be a good example. Next, you need to use a different one for each website. Plus, you shouldn't write them down, put them in a spreadsheet or word document (even if they are mixed with bogus ones or translated in some way), and definitely don't write them on the front of your laptop with a sharpie like a friend of mine! This is where you need help in the form of a Password Manager.

Password Manager

A password manager is a small app or program which helps you remember all your passwords, and more importantly, which password goes with which site. There are many different password managers and since you're trusting it with your most sensitive information, it's important to pick a trustworthy one.

One that we used to recommend is RoboForms which has been around for years, but technology changes so rapidly we have changed our recommendation now to LastPass.

LastPass

TechnoRV loves LastPass. Here's why:

  • It is secure, used by millions of people, and is FREE!
  • It will automatically generate a REALLY complicated password for you
  • It will remember which website a particular password belongs to. When you next visit that site it will fill in both the username and password for you
  • It will "learn" your passwords as you visit your websites and enter your information
  • You can store all your important information such as safe combinations, medical and financial information as encrypted "Secure Notes"
  • You Can enter your credit card information, shipping and billing addresses and save them as a profile which it will then automatically fill in the correct fields for you when you're internet shopping.
  • There's a paid version which runs on your Smartphone and gives you access to your LastPass vault
  • You can access your LastPass vault from any computer connected to the internet

When you use LastPass, you only have to enter your master password once to "unlock" your digital safe. Just make sure your master password is a good one. Phrases of random words with substitutions is a good idea, for example Beer*W1ne-Cider!.

Is LastPass Safe?

First of all, nothing in life is guaranteed, except death and taxes. Having said that, I'm comfortable with their level of security (a hacker is welcome to my overdraft!). It's up to you what level of security you deem acceptable.

Here's some of its security features:

  • AES 256-bit encryption with routinely-increased PBKDF2 iterations (techno-speak for pretty awesome)
  • All sensitive data is encrypted and decrypted locally before syncing with LastPass which means that if someone hacks the LastPass servers, they will only be able to see your heavily encrypted (scrambled) data.
Just a couple of safety tips. In LastPass settings, be sure to tell it to log you out when your browser closes and after a set period of inactivity. You can also disable logins to your account from everywhere except the United States.

How To I get LastPass

Simply visit www.LastPass.com and sign up. You'll then download a file which will load a plug-in into your browser (we recommend using Google Chrome). You'll then have to sign-in with your LastPass username and password and start browsing.

Summary

We use LastPass all the time and think it's great. Both Tracey and I share the same LastPass account so we can always get to each other's information. This is important because if something happened to me I want Tracey to be able to access all our financial sites. More importantly, it's dynamic, so when we have to change passwords, LastPass always has the latest version. I can truly say it has made at least one aspect of our life a lot easier.




Thursday, May 8, 2014

Take Control of your Email with Gmail

Love it or hate it, email is a fact of modern life. Since the first email was sent by Raymond Tomlinson back in 1971, email has grown to over 140 billion of them sent every day! If you ignore your email, you'll end up missing the important one from your bank to say that a check has bounced, or that someone's being trying to hack into one of your accounts. It's the same in business. A report earlier this year indicated that workers spend 28% of their time in their inbox, yet only 14% of these emails are deemed "important."

There are some simple things that you can do to make life a little easier for yourself:

  • Have 2 personal emails, one for important stuff like banks, family and friends and TechnoRV newsletters, and the other throw-away one for shopping, rewards cards etc.
  • Re-train yourself. There's no need to delete messages to "clear your inbox". GMail offers 15Gb and Yahoo has just announced 1TB (yes, one terabyte) of storage for their email (if the average email is about 50KB, you could store about 200 billion emails. To put that into perspective, if you got 100 a day and never deleted a single message, it would take over half a million years to fill up your inbox! Bottom line ... there's no need to delete. 
  • Unsubscribe from email you don't want. Studies have found this can reduce your email by up to 30% making it easier to find what you do want.
  • Don't bother filing your email into neat folders, a good search facility will mean you can always find it again later (assuming you can remember what to search on!).

This can only take you so far. I get on average 150 emails a day. Not all of those are important, maybe only 20%. But it was taking me an inordinate amount of time sorting through them all. But then I discovered Google's Gmail. Even though I'm a self confessed Mac fan, I LOVE Gmail. Okay, there's some things about it I don't like, but on the whole, I think it's given me back at last an hour to an hour and a half each day. That's worth a lot to me.

In the rest of this article I going to tell you why I love Gmail and why you should think about using it if you don't already. In my follow up article I'll cover how to get the most out of Gmail.

Top Benefits of Using Gmail

You Don't have Ditch Your Old Email

Most people think that to use Gmail you have to give up your old email address. Not so. Gmail lets you "pull" your email from other email accounts. Even though I log into Gmail every day, I receive email from my Google address, from my TechnoRV email, and from another email account I have. Simply go to Settings and then Check Mail from other accounts.


It's in the Cloud

Let me explain. The Cloud is where your stuff gets stored, securely. I can check my Gmail on any computer, and all my email, settings, folders and sent mail will be there. Better still, the same applies if I check my Gmail from my smartphone.

To do this you'll probably need to download the Gmail app. Even if you have an Android based device, you may still need to do this as the basic Android email client is pretty hopeless (there's a Gmail app for the iPhone).



Let's say you start an email on your computer and then get distracted and don't send it. If you go into Gmail from your smartphone, you can see the draft email, finish it and send it. That's pretty cool in my book.

It Integrates with Other Google Features



My experience on the Motorola Droid, whilst painful, has got me closer to Google. One of the things I do like is the "openness" of it's architecture (unlike Apple) and so I've standardized on Google Contacts, Google Calendar and Gmail. Since these are in the Cloud, they are always backed up, and more importantly, available from any computer or device (unlike Apple's more closed architecture). I've found that Gmail integrates very well with calendar and contacts. For example, in Gmail, if someone sends you a date and time, you can easily add it to you calander with 1-click. When you get email from someone it's easy to add them to your contacts, plus it connects with Google+ to show you a picture of them if they have one (a useful feature as you get older!).

How Do I Get Gmail

If you don't have Gmail it's a simple signup process, and it's free. Simply visit Google's Gmail signup page. You'll need to enter your current email address to prove you're a real person. If you need help, Google has an excellent help page.

I couple of additional points as your signing up. Make sure you select a good password (10+ characters with a mix of letters and numbers - better still use LastPass). I'd also recommend using the 2-step verification process. It might seem like overkill, but your email password is very important. Think about it, if you forget the login details to your bank account, where do they send them?

One other point. We'd recommend keeping your old email account open for a while. Just keep using your new Gmail and be sure to set it as the defualt to respond with. Over time people will naturally "learn" your new email address. It also helps to import your contacts and send out a notification email. Also be sure to change over all your online accounts to your new email as once you shut down your old email, that becomes much harder to do.

Summary

Hopefully we've given you some insight into Google's Gmail. If you're already using a different email and are happy with it, no need to change. BUT, if you find yourself fighting it and spending too long on the basic stuff, now you know what to do. In our next newsletter article I'll cover how to use some of Gmail's cool features to save you time and tame your email!