.jpg)
Tech 'n Savvy
Tech 'n Savvy
7' Cybersafety Tips 'n Myths
April and Emily discuss what is cyber safety, their personal tips, news, and some myths. Emily gets her math on debunking random character vs passphrase passwords and April talks about how the pandemic impacted cyber safety.
Resources
CSNP Cyber Safety: https://www.csnp.org/cybersafety
HaveIBeenPwned: https://haveibeenpwned.com/
Random Word Generator: https://randomwordgenerator.com/
Cyber Safety News: https://www.cybersafe.news/
Duck Duck Go: https://duckduckgo.com/
00:00:00 Emily
Hi everyone, welcome to Tech 'n savvy.
00:00:02 Emily
I'm Emily a
00:00:03 Emily
Quantum computing consultant.
00:00:05 April
And I'm April
00:00:06 April
A software engineer. We're best friends passionate about tech and how it impacts the world today.
00:00:12 Emily
Join us as we bring a little tech and savvy into your day.
00:00:21 April
Hey everyone, welcome to season 2 of tech 'n savvy.
00:00:24 April
Today we're discussing cyber safety and giving you tips to stay safe online.
00:00:30 April
Welcome back, Emily.
00:00:32 April
Yeah, it's good to be back, isn't it?
00:00:35 April
Yeah, we have a lot of exciting things planned for season 2 of tech 'n savvy and we've made a couple of changes during our little hiatus that we took.
00:00:48 Emily
Yes, I'd say the main one is for
00:00:52 Emily
Right now we're just going to be doing audio.
00:00:53 Emily
We're going to try that out because, you know, we don't like looking at ourselves.
00:00:59 April
And the video editing.
00:00:59
And it's easy.
00:01:00 April
Is so stressful, it's very stressful for me so.
00:01:05 Emily
So we're going to keep it simple.
00:01:08 Emily
And we're also going to try to release biweekly, so have more of a standard release.
00:01:14 Emily
Instead of we were doing monthly, right, April?
00:01:17 April
Yeah, it was monthly.
00:01:19 April
Sometimes it was every six weeks.
00:01:21 April
Uhm, but yes, we're definitely trying to be more consistent this season, which will be helped by the fact we're not doing, you know, video, so just editing audio is much less stressful because people don't have to.
00:01:35 April
Look at you.
00:01:37 Emily
And I guess the last change is we want to have more episodes like this that are just the two of us without a guest so that we can, you know, talk about topics just between us that we're familiar with and also hopefully you can get to know us better.
00:01:53 Emily
Possibly. So April,
00:01:56 Emily
What has been
00:01:57 Emily
Up with you in the last month or so since we recorded?
00:02:02 April
So yeah, I mean last time we posted was early in June and around that time I started a new job as a technical consultant.
00:02:10 April
So I've been spending a lot of time, you know, kind of learning the ropes at my new job.
00:02:17 April
Also got the chance to go on vacation, so that was
00:02:21 April
great. Getting some..
00:02:23 Emily
Swim with some sharks.
00:02:25 April
And yes, I swam with sharks, not in a cage like actually in water with the sharks it was traumatizing but also really fun.
00:02:34 April
Uhm like.
00:02:37 April
I would not recommend it if you like get panicked very easily 'cause they were very close but it was fun.
00:02:47 April
So once in a lifetime opportunity meaning literally once, I will never do it again.
00:02:55 April
It was, it was crazy, but it was fun.
00:02:57 Emily
It was glad you survived me too.
00:03:02 April
Me too. And then yeah, so vacation and then, beyond that, uh, right now I'm just working on getting my associate cloud engineer certification for
00:03:14 April
Google cloud platform.
00:03:16 April
Uh, that's my big goal for
00:03:19 April
the end of the year.
00:03:22 April
What about you, Emily?
00:03:23 April
What have you been up to?
00:03:25 Emily
Well, nothing as exciting as you.
00:03:29 Emily
The last few months have definitely been different for me.
00:03:33 Emily
I've spent a lot of time focusing on my health, which is something that I don't put first usually, but is very important and I also.
00:03:43 Emily
As you know April, have carpal tunnel.
00:03:46 Emily
I developed carpal tunnel in both hands.
00:03:49 Emily
And it's because it's mostly because of coding typing and I was doing everything in the worst way possible, like not even just, not ergonomically correct, but really, just like sitting in these weird positions as I'm coding or typing.
00:04:05 Emily
And yeah it got so bad I I couldn't use either of my hands for anything.
00:04:08 Emily
It was pretty painful and I've been going to physical therapy, so that's kind of my exciting.
00:04:14 Emily
It's very exciting news and I have a much better set up, so I'm hoping this doesn't happen again, but.
00:04:22 Emily
Yeah, that's I guess a warning for anyone who's.
00:04:26 Emily
A coder and not in a good set up.
00:04:28 Emily
Definitely get yourself a nice set up.
00:04:31 Emily
Other than that, I've I've been trying to make new friends too.
00:04:36 Emily
We're both in Chicago and obviously we have each other, but.
00:04:40 April
So that's it.
00:04:41 April
It's not enough like you
00:04:43 April
Can hear the "but" it's there.
00:04:43 Emily
It's definitely well if you lived in the city instead of the suburbs, and I could just have you come over in 5 minutes, you know.
00:04:51 April
You can see.
00:04:54 Emily
Yes, uhm.
00:04:56 Emily
Uh, work wise I I did get to present at Business School last week.
00:05:02 Emily
That was very exciting.
00:05:03 Emily
I talked about some quantum machine learning algorithms that I've implemented and it was very exciting.
00:05:10 Emily
That was my first Business School talk.
00:05:12 Emily
Hopefully not my last.
00:05:13 Emily
So yeah, that's about.
00:05:16 Emily
Sums it up.
00:05:18 April
Yeah, that sounds like we've both had a very interesting summer so far, but we're definitely ready to get back to tech 'n savvy and, you know, keep learning together about different areas within tech and you know that kind of brings us into today's topic.
00:05:38 April
Which is cyber safety.
00:05:40 April
So Emily, when you hear the word cyber safety, what's like the first thing that comes into your mind?
00:05:48 Emily
Yes, so when I hear the term cyber safety, I think of personal cybersecurity as opposed to like enterprise security.
00:05:57 Emily
And I would say my first
00:06:01 Emily
encounter that I could remember is actually my dad.
00:06:05 Emily
Uhm, talking about viruses, I don't know how old I was.
00:06:09 Emily
Maybe in elementary school.
00:06:10 Emily
and he had just,
00:06:13 Emily
He just described like what a virus was and how he had a windows computer.
00:06:17 Emily
Of course it was very susceptible to viruses and I think I would use the computer for random things and that was always a
00:06:24 Emily
He was always like getting upset with me, if I wasn't doing things correctly because you know.
00:06:32 Emily
I didn't really take it seriously, but he kind of emphasized the importance of antivirus things like that, so I think that was my first encounter.
00:06:40 Emily
But I have to say I really didn't take it seriously,
00:06:46 Emily
overall like cyber safety, I didn't think about it that much until I got my first job.
00:06:52 Emily
This was out of college.
00:06:54 Emily
I was a cryptography engineer and that's actually where April and I met so.
00:07:00 Emily
TBT that job. It was a great job and I learned so much but just being immersed in the cyber security world.
00:07:09 Emily
Suddenly I realized all these things I was doing wrong and some of the tips that we'll talk about are things that I was not doing.
00:07:17 Emily
Some things like reusing passwords, and I don't even know just things that I should have been doing and I was not so.
00:07:26 Emily
I can't really, I I know once I came home like the winter after starting that job, I was telling all my friends like Oh my God, you need to use two factor.
00:07:33 Emily
You need to use a password manager like.
00:07:35 Emily
I was suddenly and I was explaining all these like random attacks that could happen.
00:07:39 Emily
I was.
00:07:40 Emily
I was so excited about it but I think I was like.
00:07:43 Emily
Overwhelming to my friends of how like interested I was, but.
00:07:48 April
Well, obviously you learned a lot during that time.
00:07:52 April
What would you say are some of your top tips for people to stay safe online?
00:07:58 Emily
Yes, so my first tip that I tell everyone this is something I always emphasize is to have a good backup strategy.
00:08:08 Emily
So if you get hit with ransomware, which basically what ransomware is, it's type of malware.
00:08:14 Emily
So it goes on your computer, it encrypts
00:08:17 Emily
all of your files, and then the hacker has the decryption key, and they're basically holding your data for ransom.
00:08:25 Emily
And they might charge thousands of dollars to get your data back.
00:08:29 Emily
And even if you pay, they might not give it back.
00:08:31 Emily
There's not necessarily, well
00:08:33 Emily
There's no guarantee, right?
00:08:34 Emily
It's a hacker.
00:08:36 Emily
Uhm, so when that happens, there's a whole Reddit of people asking like what can I do and
00:08:43 Emily
really, the main thing you can do is restore from backup.
00:08:47 Emily
And the problem is, if you don't have a backup, then there's really not much you can do.
00:08:52 Emily
You can't break that encryption, they're usually using AES or advanced Encryption standard, which is
00:09:00 Emily
unbreakable to everyone and
00:09:02 Emily
So the best thing to do is have
00:09:06 Emily
Three different I think
00:09:08 Emily
3 different versions of everything.
00:09:10 Emily
I like to have
00:09:11 Emily
One backup that I backup recently and then another backup that I have that I backup maybe every six months and I keep them in different physical locations as well.
00:09:24 Emily
The importance is just having a strategy.
00:09:27 Emily
The second one I'll say is to check websites.
00:09:31 Emily
So you want to make sure that the URL has HTTPS, not HTTP, and for I think most browsers they'll put a little lock in the corner to show you your connection is secure.
00:09:45 Emily
Here you can click on the lock and then go to the certificate and it'll show the certificate is valid and you can dig through and look at all
00:09:55 Emily
These details actually of the cryptography that's securing
00:09:59 Emily
Your communication with this website and this is incredibly important because otherwise your data that's being passed back and forth is not encrypted, so
00:10:09 Emily
Someone could eavesdrop on that information.
00:10:12 Emily
Also you might not be going to the website that you think you are, there's just there's a lot of risk.
00:10:17 Emily
So definitely using HTTPS where the S stands for secure, not HTTP.
00:10:24 Emily
And the last one, I'll say the one that I have talked about talked to all my friends about was the two factor authentication.
00:10:32 Emily
Two factor authentication is where you have,
00:10:36 Emily
You need two different things to log into an account.
00:10:39 Emily
So for instance you put your password in and then you also put a code from your phone.
00:10:45 Emily
And that code can be texted to you.
00:10:48 Emily
It could be a code that was emailed to you.
00:10:51 Emily
I think the best way to do it is to use an authenticator app.
00:10:56 Emily
There's a lot of authenticator apps, and they're more secure than having it texted to you, so it just shows the code on the app, and, uh.
00:11:05 Emily
A lot of two factor authentication,
00:11:08 Emily
websites that use two factor authentication, will give you that as an option too.
00:11:12 Emily
If your username and password gets leaked, which happens a lot, a hacker will try to get into your different accounts.
00:11:22 Emily
But if you're using two factor authentication, then likely they cannot do this.
00:11:27 Emily
There are certain ways to bypass it, but for the most part it only adds security.
00:11:36 Emily
Two factor authentication can definitely be annoying to use, and so I try to think about is this a account that I would be really upset or even devastated if it got,
00:11:48 Emily
If somebody got into it, so maybe it has financial data.
00:11:52 Emily
Or maybe it's your LinkedIn or your Instagram and you don't want people to have access to that or your Facebook.
00:11:58 Emily
Maybe you have a lot of Facebook messages that you do not want anyone to be able to get into and see.
00:12:04 Emily
For things that are that essential, I would say use two factor authentication.
00:12:10 Emily
Those are my three top tips. April,
00:12:12 Emily
What are your tips?
00:12:15 April
Yeah, and then just before we go into mine, I do want to say definitely look into HTTP versus HTTPS.
00:12:22 April
You know, like I've gotten to the point that if I go on like a shop site, or even just any general business website and they don't have like have the lock to show that you know like it's secure.
00:12:35 April
Or there's like that message that says the site isn't secure like I immediately like get off and.
00:12:43 April
You know, like just try to find some other website or something because yeah, like you're, you're not.
00:12:50 April
You don't even have an updated certificate, but you want me to send you money?
00:12:54 April
No, definitely not.
00:12:59 April
And I guess for for my 3 tips the first one, which is one of my favorite ones to tell people all the time, is to use a password manager because it's not really secure to use the same username and password for every website.
00:13:15 April
However, it's also very inconvenient
00:13:18 April
to have to create a new password for every single website and this is where password managers really come in handy, because number one you can store your credentials securely in them, so you'll you know you always have your password manager, so you know you'll never forget your password and then also,
00:13:38 April
If you're having trouble like coming up with passwords, some password managers will generate a password for you, so I find password managers to be a really nice way of keeping track of your special credentials.
00:13:54 April
I would say they're relatively easy to use and a lot of them are free or very low cost.
00:13:59 April
For my second one, kind of off, the Internet is to sign up for identity theft protection.
00:14:07 April
If your credit card offers it.
00:14:10 April
I know my credit card company, they offer identity theft protection for free with my account.
00:14:17 April
So not saying it's foolproof, but
00:14:20 April
It is a relatively easy and free way for you to, you know, be constantly checking to make sure your personal information isn't online, which if your personal information is online, like your Social Security number, that.
00:14:37 April
Could really impact you, so just signing up for something simple like that can really keep you in the know.
00:14:44 April
And my third tip is to use a VPN to protect your personal data while you're surfing the Internet.
00:14:53 April
VPN stands for Virtual Private Network and the way a VPN works is that it creates a secure private connection on top of your Internet connection and masks your IP address so that your online activities your browsing.
00:15:12 April
All of that is virtually untraceable.
00:15:16 April
Now one one of the popular ways people know about using VPN's is that you know if you're using Netflix US and you switch to a different VPN location, you can get the Netflix in a different country so.
00:15:32 Emily
You've never done that right?
00:15:32 April
That's one way..
00:15:34 April
Obviously not Emily, what do you think?
00:15:37 April
Who do you think I am?
00:15:43 April
But it's not just good for you know, being able to catch all your shows in all the area codes.
00:15:50 April
It's also good for protecting your personal data while you're while you're surfing the Internet.
00:15:57 April
You know these websites track everything from your location to your cookies.
00:16:02 April
And a VPN is a good way of like protecting your footprint.
00:16:07 April
So all these companies don't have access to you and are able to track you and what other websites you're going to.
00:16:14 April
So if you're really trying to protect your browser history, I would say using a VPN is a good option.
00:16:22 Emily
Those are great tips.
00:16:23 Emily
I I totally agree.
00:16:25 Emily
I use VPN password manager, I didn't know about the identity theft protection
00:16:30 Emily
that credit card companies offer.
00:16:33 Emily
I'll have to look into that.
00:16:35 April
Definitely something to look into because it's nice that when I get that a notification every month, like your Social Security number didn't show up on any
00:16:44 April
You know black listed websites. Or you know they even tell you,
00:16:50 April
Tell me like if I opened up a new account under my name, they'll tell you like 0.
00:16:55 April
New accounts opened under your Social Security number this month.
00:17:00 Emily
And did you have to specifically enroll in it?
00:17:04 April
Uh, yeah, it was like it was just like the, you know.
00:17:07 April
It's basically one of those things you tap in it and then you just click the button to enroll and then you're enrolled in it.
00:17:13 April
But yeah, it's not something, UM, automatic.
00:17:18 Emily
Yeah, that's that's very interesting.
00:17:19 Emily
I'll have to look into.
00:17:21 Emily
The credit card and I know that password managers also can offer a lot of other services like dark web monitoring.
00:17:31 Emily
Well, I don't know, but I was just looking at my password manager a minute ago so.
00:17:40 Emily
Yeah, thanks for those tips, April.
00:17:43 Emily
Now let's transition into talking about cyber safety in the news.
00:17:47 Emily
So where have you seen cyber safety in the news recently?
00:17:53 April
So there are actually two instances recently that I saw some articles online that I thought were really interesting.
00:18:01 April
And the first one was that Instagram was launching and has launched a security checkup to help users recover their hacked accounts, which is very prevalent across Instagram.
00:18:17 April
And then also Facebook users are always their accounts are always getting, you know.
00:18:22 April
Hacked and it's important to be able to get control back if someone hacks your account.
00:18:26 April
And so Instagram has implemented a new security feature called Security Checkup where it will help users keep track of
00:18:37 April
Who signed into their account recently so they can see was that them?
00:18:41 April
Where was the account signed into?
00:18:43 April
And they're also really starting to push for their users to enable two factor authentication, which is one of the tips that Emily had mentioned earlier.
00:18:54 April
Because you know that extra layer of security will really protect you against those hackers who only have your username and password, and it will also help you
00:19:06 April
Recover your account.
00:19:09 Emily
That's great, and that's good that they're pushing for two factor.
00:19:13 April
Yeah, definitely.
00:19:14 April
I think that it.
00:19:15 April
It really makes a lot of sense, especially because you know, in this day and age, so many people livelihoods are attached to their social media accounts.
00:19:25 April
Like you know, their work and their opportunities they get for work is tide directly to their social media like Instagram.
00:19:33 April
So being able to have access to accounts like that at all times is something that's really important.
00:19:40 April
You know your Instagram?
00:19:42 April
You know Facebook, Instagram, they collect so much data on you and you don't want to lose that to someone who you know just guessed your username and password and now they have access to your whole life, really.
00:19:56 Emily
That'll also help too.
00:19:57 Emily
There's a lot of young users on these social media.
00:20:00 Emily
Sites and they don't always.
00:20:04 Emily
I mean, everyone of all ages doesn't necessarily know all of these security best practices, but I would say especially young users just aren't thinking of that and speaking as someone who was not thinking about things like that, that's really great that they're implementing it.
00:20:21 April
Yeah, and like you said, young kids, I remember my passwords when I was like in elementary school. I love elephants 123.
00:20:30 April
Right?
00:20:33 Emily
Or it's actually not even that bad.
00:20:37 Emily
I think the most common passwords are things like I love you like that's a really one of the top 10.
00:20:42 April
Yeah, or people you know they or like even elephants is better than that.
00:20:47 April
Elephants is better or people who put like.
00:20:48 Emily
It's not good though.
00:20:50 April
You know they put like the current year and then like their grandchild name, Michael 2019.
00:20:57 April
Ah, it is true.
00:20:59 April
OK Emily, it's cute.
00:21:00 April
But it's also like.
00:21:02 Emily
It's cute, but it's not secure exactly.
00:21:05 Emily
Yeah, we'll talk about secure passwords in a little bit very, very soon.
00:21:14 April
That was just the one of the first instances and then the other instance I saw of you know, cyber safety in the news is that recently 1,000,000 stolen credit cards were leaked onto the dark web so.
00:21:30 April
These were credit cards that were stolen between 2018 and 2019 and they were released.
00:21:36 April
Uh, earlier this year and it was just they were up for sale and that's just one of those things, uhm, kind of tying back to the advice I gave earlier, which was to, you know, sign up for your credit card companies.
00:21:52 April
Identity Theft protection program because you know?
00:21:56 April
Those programs are free and they'll be able to detect better than you if someone got ahold of your personal information and is opening more credit card accounts in your name.
00:22:08 Emily
That's crazy that's so many.
00:22:10 Emily
Stolen credit cards, and that's also good.
00:22:13 Emily
A lot of companies you know they'll if you're going out of town or something.
00:22:18 Emily
They do it by location, so you can say if you're going out of town or not and that way.
00:22:23 Emily
They know where your credit card is being used, so they can kind of track that and determine if it's fraudulent or not.
00:22:30 Emily
But that is that is crazy.
00:22:30 April
Yeah, and even like you said like they're, you know, being able to tell them whether you're you know out of town and them using machine learning to determine whether or not it's you know, unusual activity.
00:22:43 April
Because recently when I went on vacation, I was going.
00:22:47 April
I went to put in like I'm going on vacation.
00:22:50 April
To my credit card company and they were like you don't need to do that anymore.
00:22:55 April
We use our algorithms to, you know, determine whether or not you know it's like a purchase.
00:23:00 April
I would make basically.
00:23:03 Emily
Oh, scary.
00:23:05 April
Yeah kinda.
00:23:06 April
It's like OK, she's not in her usual spot.
00:23:10 April
This is new.
00:23:11 April
Is this a store that we think she would shop at?
00:23:15 April
Should we approve it?
00:23:18 Emily
There's so many funny jokes I I feel like in TV shows they make fun of that a lot.
00:23:23 Emily
It's like the person gets.
00:23:25 Emily
Buy something.
00:23:26 Emily
It's very healthy or nice and they're like, uhm, is this this you?
00:23:29 Emily
You know if the person is like trying to change their lifestyle?
00:23:34 Emily
There's always out or there's all these outrageous purchases.
00:23:37 Emily
I think in Parks and Recreation, I forget, do you watch that?
00:23:41 April
No, and you ask me this like every other month and answer
00:23:44 Emily
Well, it's a great show.
00:23:45 April
Is always no.
00:23:49 Emily
Oh, I don't know.
00:23:50 Emily
The the credit card company calls because they think someone has their card, 'cause it's all these ridiculous purchases and they just start listing it.
00:23:58 Emily
But it's on speakerphone and everyone can hear all the ridiculous purchases that she's made and then eventually she's just like, Oh yeah, somebody definitely stole it.
00:24:05 Emily
Just cancel all of it.
00:24:08 Emily
Just because it's so embarrassing anyway.
00:24:12 Emily
Those are great and honestly I think about getting hacked all the time.
00:24:16 Emily
Is that just me?
00:24:17 Emily
I'm constantly afraid and I take all these precautions and I'm like despite all of that, it's going to be me.
00:24:24 Emily
I'm going to be attacked like what haven't I covered.
00:24:28 Emily
So it's not just me you're you're shaking your head trying to think.
00:24:33 April
And yeah, I definitely like.
00:24:35 April
I mean me in general like I play out a lot of situations in my head all the time.
00:24:40 April
Like I pre plot.
00:24:41 April
how other situations are going to go but uhm.
00:24:45 April
No, I definitely also always have that feeling where I'm like, huh?
00:24:49 April
I know I did the right thing, but somehow I feel like it's still not going to turn out the way I want it to.
00:24:56 April
So yeah, I definitely relate.
00:24:57
There's still,
00:25:00 Emily
There's still always a chance you know you.
00:25:03 Emily
You try to minimize the risk of.
00:25:05 Emily
Getting attacked and you can really greatly, but there's always that small chance and I think I was even more worried about it when I worked in cyber security.
00:25:15 Emily
Because how embarrassing. I was
00:25:17 Emily
Just like how embarrassing would that be?
00:25:19 Emily
You know, I don't know.
00:25:21 Emily
Does your company have those automated?
00:25:23 Emily
I'm sure they do the phishing.
00:25:26 Emily
Links they send you phishing emails.
00:25:26 April
Oh yeah, yeah.
00:25:29 Emily
Oh, it's called a phishing campaign and basically the company is.
00:25:35 Emily
Sending you fake phishing emails that look real, but.
00:25:41 Emily
You can clearly if you read through it, tell that it's like supposedly phishing and you have to report it.
00:25:46 Emily
And and if you click on the link, it's like.
00:25:49 Emily
This was a fake phishing, but you've been phished.
00:25:51 Emily
You know, kind of scares you like if this was a real.
00:25:55 Emily
If this was a real phishing email, you would have fallen for it, and sometimes you're just like scrolling and you accidentally click without even looking and.
00:26:02 Emily
It happens to everyone, but I do.
00:26:05 Emily
I always feel like, oh, with that would always be embarrassing.
00:26:08 Emily
I would be the one person to get to get hacked even with everything.
00:26:12 Emily
But I mean I think also when you do software when you do coding anything tech related.
00:26:19 Emily
I think it does increase your chance.
00:26:21 Emily
Would you say of,
00:26:23 Emily
Getting hacked? because you have to download a lot of random software.
00:26:28 Emily
If you're using your personal computer like I am.
00:26:33 April
Yeah, definitely you know.
00:26:34 April
Especially, you know tech is evolving so quickly nowadays there's always a new library to do something and you know, like a lot of people in tech.
00:26:45 April
We're all really into, you know, getting into the latest and greatest things and a lot of times there's bugs in the latest and greatest things.
00:26:53 April
Because of the keyword latest.
00:26:59 April
Having more access in, being closer to potentially vulnerable tech puts you at risk.
00:27:06 Emily
All right, let's bring it back now and we're going to get into our next segment, which we titled Mythbuster and Hard truths because we couldn't decide between doing a Mythbusters segment or hard truths, which in our case are essentially the same.
00:27:24 Emily
So April can you get us started?
00:27:28 April
Yeah, so one hard truth that I have is that since since the beginning of covid the FBI has reported a 300% increase in reported cyber crimes and that is a dramatic leap compared to years before.
00:27:47 April
300% more of anything is incredible, but also very scary because now so many of us are online.
00:27:57 April
And so many of us don't, you know, practice basic cyber safety so so much of our data and our personal information is at risk now and that's why it's even more important to follow some of the tips we gave in this video and to do your own research on.
00:28:17 April
Cyber safety.
00:28:20 Emily
300% though that is crazy. That is so high. I do remember the beginning of COVID seeing that there was an increase of cyber attacks, which surprised me at first, but it it does, it makes sense that there's more like you said, more people are vulnerable and and so this includes all cyber crime?
00:28:41 Emily
Personal, business, organizations?
00:28:46 April
Yeah, I think it's just a general, you know 300% increase in reported cyber crimes, but I would not be surprised if the majority of that 300% increase are individuals.
00:29:03 Emily
Yeah, I'm curious now.
00:29:06 Emily
'cause I do think too.
00:29:07 Emily
It's been very difficult for a lot of companies to get.
00:29:10 Emily
To start having everybody work virtually, most companies were not entirely virtual, so that does seem.
00:29:20 Emily
Like being able to do it at all is hard, and then let alone being able to do it securely.
00:29:25 Emily
That's just a whole another layer. So yeah, when you think about it like that, the 300% does not surprise me, but it's still insane amount. Yeah it is. It's really something to keep an eye out on and just.
00:29:39 April
Remember to keep protecting yourself.
00:29:43 April
So that's my first hard truth, Emily, do you have a myth or a hard truth for us?
00:29:50 Emily
So I didn't do any hard truths.
00:29:52 Emily
I do have a myth I would like to bust.
00:29:55 April
All right.
00:29:58 Emily
So the myth I want to bust is that you need passwords to have lots of complicated random characters.
00:30:09 Emily
We are going to compare a short password of random characters, specifically 8 random characters with the passphrase containing multiple words, specifically four words and show that the passphrase is more secure.
00:30:24 Emily
To determine which is more secure, we'll look at how many tries it would take a hacker to guess the password by brute force.
00:30:32 Emily
That is to try all the possibilities and we'll show that there are more possibilities to try for the passphrase than the short password.
00:30:41 Emily
So it's much better to use a passphrase which could be 4 words, four random words like I'm looking at this word generator and four words are cancelled, neutral, exiled, domination.
00:30:58 Emily
Oh, that's weird.
00:30:59 Emily
OK, let's try again.
00:31:00 Emily
World aisle intense franchise.
00:31:03 Emily
OK world aisle intense franchise, so that is much more secure.
00:31:10 Emily
Then using a bunch of random numbers and characters, even using 8 numbers and characters, for example, J $ 6F H, 2 G.
00:31:24 Emily
That seems like it's more secure, but the passphrase is actually much more secure.
00:31:31 Emily
And every time I I make this point, I I get pushback from people.
00:31:37 Emily
They just think that no, like using the random characters is more secure, whereas passphrases is actually more secure and easier to remember.
00:31:45 Emily
So I wanted to actually do out the math April.
00:31:48 Emily
Do you mind if I do out the math?
00:31:51 April
No Emily, I love when you get your math on so enlighten us.
00:31:56 Emily
Get the math on!
00:31:57 April
Have fun.
00:31:59 Emily
Awesome, alright, so I'm going to do the math out.
00:32:03 Emily
So we're going to look at how many possibilities there are for a different password of a different passphrase of different lengths.
00:32:13 Emily
So first for the password, we're going to think about, you're doing some really truly random truly in quotes.
00:32:25 Emily
Password of different letters, numbers. So there's 10 digits. 26 lowercase, 26 uppercase, and 33 special characters. So assuming you can make a password, that's random.
00:32:39 Emily
And uses any of those characters that comes to 95 characters.
00:32:44 Emily
So 95 to the 8th power.
00:32:48 Emily
Is on the order of magnitude of 10 to the 15th.
00:32:52 Emily
That means there's 10 to the 15th possibilities.
00:32:55 Emily
So if a hacker wanted to brute force it, they'd have to try 10 to the 15th.
00:33:01 Emily
Now let's instead think about using 4 words, and so there's a lot of different ways that you could actually measure how many possibilities there are.
00:33:13 Emily
So this is where it gets a little bit tricky. So you could say, well there's 170,000 English words.
00:33:23 Emily
A lot of those words people don't use. I looked into it. It seems like 20 to 35,000 words is how many words people know.
00:33:33 Emily
So let's choose the low end of that and assume 20,000.
00:33:38 Emily
So there's 20,000 words, so 20,000 to the 4th power means on the order of magnitude of 10 to the 17th. So that means there's more possibilities of using four random words then.
00:33:53 Emily
Using eight random characters.
00:33:57 Emily
And also it's just easier to remember what do you think, April?
00:34:02 April
So it definitely, definitely.
00:34:04 April
It's definitely interesting seeing how the math plays out so.
00:34:09 April
You, like you were saying, even if you, you know, had a completely truly quote unquote, truly random, you know.
00:34:19 April
Password generator and you took the maximum amount of digits.
00:34:22 April
The maximum you know upper or lower case letters.
00:34:26 April
The maximum amount of special characters.
00:34:29 April
And you know you get to a certain number and your order of magnitude is 10 to the 15 and just by the nature of the human language, there is more words than there are combinations of the random characters.
00:34:47 Emily
Now, what's really important to keep in mind is that the most secure passwords are the long passwords of random characters, meaning 20 plus random characters.
00:34:58 Emily
However, this is not something that most people can remember, especially when you have multiple passwords.
00:35:05 Emily
So if you're using a password manager.
00:35:07 Emily
Then yes, use long passwords of 20 plus random characters.
00:35:12 Emily
So then why did we do all this math?
00:35:15 Emily
That's because there will be some passwords that you have to remember that you can't keep in a password manager.
00:35:22 Emily
For example, you need a master password for your password manager, and you want this to be super secure and something that you will never forget, so.
00:35:32 Emily
I would recommend an obscure phrase or lyric of 6 words even.
00:35:38 Emily
Also, you may need a password to log into your personal laptop or a different one for your school or work laptop and other accounts that it's maybe not convenient to check with your password manager every time because you can't directly copy and paste, so therefore it's very important to know how to make.
00:35:57 Emily
A strong password you'll remember, which is a passphrase.
00:36:03 April
I hope everyone listened through.
00:36:08 Emily
So anyway, I get this all the time, even from you know tech professionals.
00:36:14 Emily
They ask me, they question that you should be really using passphrases, but the math speaks.
00:36:23 Emily
So anyway, so that is my myth that I wanted to bust.
00:36:29 April
Yeah, that was really interesting.
00:36:31 April
I really felt like I learned more about you, know the math and the data behind why you should use passphrases.
00:36:40 April
I knew they they were telling us to use them, but it was just kind of like it's better, but why?
00:36:46 Emily
Is it?
00:36:49 Emily
Show me the numbers.
00:36:51 April
Listen and so.
00:36:53 April
My last uhm.
00:36:56 April
My last topic is I guess it's a myth, but it's also a hard truth, kind of.
00:37:02 April
At the same time, and it's, uh, you know that myth that you know I'm safe as long as I only visit legitimate websites, you know that means.
00:37:13 April
The websites that have you know up-to-date certificates and you know they're verified and reputable.
00:37:24 April
That's a myth, because the hard truth is that they collect your data, and even if it's a secure, legitimate website, if you created an account with them and you have your credit card information with them.
00:37:39 April
A legitimate website can get hacked and your data.
00:37:44 April
Can can be taken and you'll become compromised even if it's one of you know, even if it's a site that has up-to-date security.
00:37:52 April
So it's just a reminder to keep always keep your wits about you when it comes to cyber safety.
00:37:58 April
Don't think you're safe just because you're on a common and popular website.
00:38:05 Emily
So true, and this is also something Abdel mentioned in the dev spec OPS episode is that websites will have ads and the ads aren't necessarily run by that company, so you can click on that ad.
00:38:21 Emily
It might not be secure, so just another reason.
00:38:25 Emily
That that's definitely true.
00:38:27 Emily
If you visit a legitimate website, you're not necessarily safe.
00:38:31 Emily
There's also more tips too for security on that episode, so definitely go back and watch it.
00:38:37 Emily
It was our third episode ever, very fun episode.
00:38:41 Emily
Our first guest Abdel Sy Fane talked a lot about cyber security and gave us some.
00:38:45 Emily
Tips, that's actually why we decided to do this episode.
00:38:50 Emily
We were all going to give our cyber security tips not just Abdel, but all three of us and then it ended up taking so much time that we were like, OK, you know what, we'll just save this.
00:39:00 Emily
For a separate episode and give our tips then.
00:39:05 Emily
All right, so we're almost at the end.
00:39:07 Emily
We're going to share a few more resources for cyber safety, but first, let's recap what we went over.
00:39:16 Emily
So we talked about our different tips, so my 3 tips were to have a backup strategy.
00:39:24 Emily
So always backup your data to visit HTTPS websites, not HTTP where the S stands for secure and to use two factor authentication in any accounts.
00:39:36 Emily
That you would be really devastated if they got hacked.
00:39:40 Emily
And then April talked about how you should use a password manager.
00:39:45 Emily
Sign up for identity theft protection if your credit card offers it, and use a VPN to protect your personal data.
00:39:55 April
And then we also talked about major cyber safety news.
00:39:59 April
We discussed how Instagram has launched a security checkup so users are more easily able to recover their hacked.
00:40:08 April
Routes we talked about the 1,000,000 stolen credit cards that were leaked on the dark web. We talked about the advancement of ransomware attacks in enterprises.
00:40:23 April
And then we went into a little bit of a true and false myth, Buster.
00:40:30 April
This area and we learned that cyber attacks have increased 300% since COVID and they won't. They're most likely not going to go down as more people continue to work from home and choose to work from home.
00:40:48 April
And Emily, you know finally got her day and was able to prove why.
00:40:56 April
For you know, four word passphrases are more secure than quote unquote, truly random.
00:41:05 April
Character passwords.
00:41:08 April
And then I also gave you the tip to just always be aware that even if you're on a legitimate website with, you know, up-to-date certs, that doesn't mean that your information isn't at risk.
00:41:24 Emily
And to now just give some resources if you want to find out if your email has been leaked, you can go to haveibeenpwned, that's have I been and then PWN Ed. haveibeenpwned.com and find that out.
00:41:42 Emily
You can find some resources on cybersafety from.
00:41:47 Emily
csnp.org/cybersafety.
00:41:53 April
Yeah, that's that's good to know for the future.
00:41:58 April
Thanks Emily, Uhm yeah I had.
00:42:02 April
I had a lot of fun today.
00:42:04 April
You know there could always be another episode on Cybersafety.
00:42:07 April
This is such a large topic.
00:42:10 Emily
Yeah, this was really great.
00:42:11 Emily
I love talking about this topic.
00:42:14 Emily
It really feels it makes me feel like I'm still in the security world.
00:42:17 Emily
We hope you all enjoyed listening and you can find all the links to our social media as well as contact us at tech the letter N savvy.com so.
00:42:30 Emily
technsavvy.com. Our Twitter is @technsavvy and our Instagram is @technsavvypodcast. Our intro outro music is gone by 414 so thank you all and we'll see you in the next episode.