Ten Ways to Protect Your Accounts with Strong Passwords

Recently, many of us have been receiving messages that some of our passwords have been compromised. I have written about passwords before but I want to give you another dose of rules, tools, and suggestions to keep you as digitally safe as possible. I have been sitting down with friends and relatives recently and asking them to evaluate both their passwords and how they store and create them. 

Here are some suggestions, rules, and tools:

1. Don’t use the same password for more than one login. If one of those sites has a breach, someone now has your email (or user name) and password. You can be sure they will try it on other sites! 

2. Make passwords long and complex. Use numbers, capital and small letters, and symbols (if the site allows). 

3. Do not, do not, do not, do not keep a list of your passwords on a post-it note on your computer. While a piece of paper in a file might have some degree of security and practicality there are better ways to do this. On Apple products, you can create a password protected note, which is better than having a slip in your wallet – but there are better methods. 

4. I recommend everyone use a password manager. I use 1Password, but there are many others. Apple offers Keychain built into the Apple ecosystem. The main benefit of a password manager is that it stores all your passwords securely and you don’t have to remember all of them. All you have to remember is how to get into the manager (thus the one I use is called 1Password because I only have to remember the password that lets me into my password manager). I STRONGLY suggest looking at a dedicated password manager that is not a locked note, Keychain, or the password saver built into your web browser. 

5. Another benefit of a password manager is that it can autofill your usernames and passwords when you go to a website. It will also remember your password when you use it on a new website (and even offer to create a strong and complex password for you). 

6. A side benefit of this is that, if my password manager does NOT offer me my password on a website that LOOKS LIKE it is my bank, for instances, it is a warning that I might be on a fake website and about to give away my username and password to a hacker! If my password manager doesn’t recognize the website, I need to find out why. 

7. Consider trying passkeys instead of passwords. Passkeys are when you use another device instead of a password. You might use your fingerprint or other biometrics. A website might ping your phone, watch, or other device. You can even purchase an actual digital key that plugs into your computer and lets websites know that it is really you! 

8. Many websites now use one-time password codes instead of passwords. You log in with your email and they send you a code. This is great – as long as you have control over the means of getting that code. If a hacker gets control of your email or phone number, you will be unable to receive these one-time password codes.

9. For this reason (and others), it is critical that you use secure passwords with your high-priority assets: your email account, financial institutions, any website where you have stored a credit card (Amazon), social media accounts (Facebook, Instagram, TikTok, etc), and of course, work-related websites. All of these should be protected with long, complex, and unique passwords – so long and complex that you could never ever remember them. Thus, storing them using a secure password manager would be a good idea (there is a theme here – get it?). 

10. Always, always, always take advantage of two-part authentication when it is available. This is when you get a code sent via text or email or through an authenticator app when you log on to a site for the first time on a new device or browser. This is not foolproof. If someone has your phone, they might be able to use this to reset a password. However, if you receive a message with a code when you haven’t logged in to that website, you know someone else is trying to. 

The scammers are getting more and more clever and devious, as I have written about before. We have to help each other stay safe and protected! While a warning that you have a compromised password may or may not be true, we all could improve our password security. Be safe out there! 

UPDATED: Strategies to Avoid Getting Scammed

The scammers are devious. They are increasingly harnessing both technological and psychological weapons to trick people out of their money – especially vulnerable people like the elderly. 

I have written about scams before, and while the articles and advice in those posts are still relevant, the scammers are escalating their tactics and we need to add some more precautions to our anti-scammer protection system. 

For those who don’t want to read much, here are my anti-scamming suggestions (this is an extenion on the list I wrote here): 

Trust your gut: If you even have a slight inkling that the phone call, email, website, text, or other form of communication is a scam: STOP! We frequently have a little voice in the back of our minds that raises the issue, but we don’t pay attention: PAY ATTENTION! 

Just because they have some information about you, even something as private as your social security number, bank account number, credit or debit card number, address, or date of birth, don’t trust them! Scammers can get this information. Bad actors can access private and personal data. Don’t rationalize that, “this can’t be a scam because they have my…”

If the message is urgent, it is likely a scam. If the message is highly sensitive, it is probably a scam. If the message is emotional, it is likely a scam. If the message is shocking, it is likely a scam. Your grandchild is most likely not in danger. No government agency is coming after you. No one has hacked into your bank account. “You can’t tell anyone,” is a huge red flag! When the person on the phone or the email screams that the house is on fire and you must trust them to put it out, hang up and do the thing next on this list. 

Contact the agency or person in question the way you normally do! If the email or caller says they are from your bank, hang up and call your bank. If they say that there has been a car accident and your relative needs help, call that relative (and if you can’t reach them, call someone close to them whom you trust). As the photo shows, links can look like they are correct and lead you to the wrong website. If you have a browser bookmark for your brokerage account, use that link– never click on links in texts or emails! 

Don’t give ANYONE your private information. Period. Don’t confirm your private information. Period. Of course, if you call your doctor, banker, broker, or other trusted source, you can do that. However, if someone contacts you and claims to be from their office – or even sounds like them – nope! 

Fakes are easy to create! Scammers can spoof phone numbers, so don’t trust the caller ID. Spammers can fake people’s voices, so just because it sounds like that person doesn’t mean it is that person. Spammers make website addresses, links, emails, and phone numbers look like the real thing. That is why you must always use the contact information that you have used in the past and know 100% is, in fact, the real thing – not the link, email address, phone number, or other method that they are feeding you. 

If there is even a tiny chance you are on the phone with a scammer: hang up! Then contact the organization using your regular contact method. Pro tip: if you are on a cell phone call and turn it to airplane mode, the person on the other end will see a “call failed” message. To really sell it, do this in the middle of a sentence or word. 

Don’t use passwords, passcodes, PIN numbers, or other private unlocking strategies in public - EVER. Don’t unlock your phone at the bar. Go inside the bank and cover your PIN number with your hand at the ATM – or better yet, use a teller. Never use passwords on public wifi networks. Learn to use passcodes like your face, fingerprint, watch, or USB keys. 

Don’t do strangers favors: Lots of scammers take advantage of your good nature. They ask to use your credit card at the gas pump because they only have cash. They ask you to loan them money. They ask all sorts of things. The answer is no! While sometimes, they really are people in need: more often, they are scammers. Give to charities and social service agencies and call them when people are in need - if people approach you directly, be suspicious. 

If you have other strategies, send them to me and I will add them here (and credit you, if you are okay with that – I can also credit you with just a first name or initials). 

Here are a few articles to give you the flavor of what scammers are doing: 

“Lake Co. Resident Nearly Loses $20K In PayPal Scam”

“AARP sounding alarm on fraud, offering helpful resources to victims”

“10 Security Settings That Protect Your iPhone From Thieves”

“How to Avoid Pump Switching Scams at the Gas Station” 

“How to Protect Your Parents From Elder Fraud and Scams”

“How to Protect Your Finances From Identity Theft”

“This 'IRS Letter' Is a Scam”

“These Financial ‘Experts’ Got Scammed, so You Can Too (Really)”

UPDATE: 

Some dear friends replied and added the following:

Beware when the person texting you says they can’t or won’t answer a phone call from you because they are “driving”… it’s really because you would instantly recognize that they are not who you think you are texting. If you think about it, people who are driving would really prefer talking over texting as that would be safer!

Many scammers are from foreign countries and English is not their native language. Therefore, be aware that even the SLIGHTEST English grammar or syntax error should alert you that the person is a foreign scammer who has a high level but not perfect proficiency in speaking English.  Even a SINGLE WORD misused that would not be said that way by a native English speaker should be a huge red flag to you.

If a person asks you to pay for an item via Zelle be aware that, unlike a credit card payment, money sent by Zelle cannot be retracted or credited even if you later can verify it was sent to a scammer. Never use a phone number or email link sent by the person to make a Zelle payment, as your money is probably not going to the person you think it is.

If you are purchasing an item and the main message to you focuses on receiving the payment rather than the details of the item itself that should clue you into the fact that all they want is to get your money from you.

If you are communicating with someone via Facebook messenger and then switch to texting but they won’t talk out loud by phone call that’s a clue that they are trying to hide their true identity.

If the party refuses to take a check as payment and insists on using electronic payment via Zelle, Venmo, or PayPal that’s a clue that it’s a scammer, as the scammer wouldn’t be able to cash your check, especially if located in a foreign country,

If the person selling an item says you need to pay them because other people are also trying to buy the same item, be aware that it’s probably a lie and trick to make you pay sooner rather than later.

Try to buy items from established online retailers like Amazon, Wal-Mart, etc, and not from Facebook marketplace or unknown retailers.

If someone asks you to text back a Google phone code and you do they might create a Google Voice phone number that links to your phone, thus compromising your phone! 

Beware of scammers who say that they are checking that you are not the scammer! How ironic! 

Thank you to my friends for these strategies! 

Privacy Protections Not TikTok Bans

When I was in the classroom (I’m retired), I wanted to keep up with my students’ technology trends. I wanted to know what interested and engaged my students. I was aware of social media when My Space, Friendster, and eventually, Facebook came out. However, it wasn’t until I signed up for an account on Facebook that I really understood what all the fuss was about. Reading about teen culture is one thing, diving in is very different. 

When TikTok came out, I didn’t hear kids talking about it. I had an account on Instagram and I found the “stories” slow and often duplicates of images and ideas from other posts. My students seemed more involved in other platforms like Snapchat.

Two years ago, on vacation, my twenty-something daughter (our family trailblazer) showed me the TikTok videos she was watching. We spent an hour or more laughing together. It was delightful. 

She showed me that TikTok was more than comedy videos. She was learning about smart homes, cooking, and other do-it-yourself skills. So, I signed up. I found TikTok the most entertaining of my social media sources. I like Facebook for personal connections, but TikTok was way more engaging and thus time-consuming. 

There, I said it. Despite the controversy, the fear of foreign manipulation, or the theft of my personal data, I like TikTok because it is the most entertaining, edifying, and enjoyable social media site I have found - and I have tried almost all of them. 

I like TikTok’s variety of content. I am following folks reviewing and talking about books, science fiction, Star Trek, theatre, education, religion, health, social issues – and, of course, politics. I hear about people’s perspectives and experiences. I learn about music, linguistics, science, education, and technology. 

While our lawmakers are worried about espionage, misinformation, and unethical use of my information, my concern is more about the way kids may be using social media (on any of its platforms). I am told that kids are using TikTok instead of search engines and it has become a mediator of the internet for them. Yet, this is a problem with many social media platforms, not just TikTok. Kids must be taught both critical thinking skills and how to seek and evaluate information they find online. 

And yes, I have Marshall McLuhan in my head at times asking something like, does viewing short, clever, and easy to digest videos about such important topics as race, religion, and the culture wars minimize and trivialize these complex issues? Is it also possible that this medium has made messages both more available and powerful to a new audience? 

Yet, when some legislators seem to want people to go to sleep rather than confront anything that might kick their complacency, worrying about quick videos seems the least of our troubles. The issue is not the form or the ownership. The issue is that social media can foment hate and violence. The issue is that kids can learn wonderful and wholesome lessons as well as destructive and dangerous ones. But that is a problem with all social media platforms, not just TikTok. In fact, that is an issue on and off the internet. 

Should we be concerned about privacy? Of course. At this point, it is more than a cliché statement that if you don’t pay for a service, you are the product. TikTok is getting my attention. But that, too, happens with every social media platform. 

Do I make purchasing decisions based on TikTok, Facebook or other online ads: not consciously. Will I? Perhaps. I am thinking about buying some of the products that the home automation guy on TikTok has been demonstrating (but I haven’t done it yet). I do go to some of the websites that I learn about from the people who demonstrate “useful websites I’ll bet you didn’t know about.” 

I know I am leaving digital footprints. They are far deeper than my use of TikTok. I find Facebook’s targeted ads creepy. But the use of my data is the price I am paying for this service. Should the government make sure that Facebook, TikTok, and others use my data ethically? Absolutely!  

Burying our heads in analog sand (or staying asleep) is not going to help either. Our world is now, at least in part, online. We must be informed and connected. TikTok has, on several occasions, informed me about important issues long before they appeared in my news feeds. Snapchat doesn’t work for me. I find Instagram slow and self-indulgent. Facebook is a way to stay connected to distant folks. I don’t go to social media to be angry or argue. I don’t go to feel good about myself or look down at others. I go to learn, connect, explore, and laugh. I hear authentic voices that I might not hear in real life (IRL). 

Banning TikTok doesn’t make us personally or communally safer. Creating legislation that protects users against inappropriate and unethical use of their data might. Like other industries, social media, and perhaps the internet in general, could use some consumer protections – in order to do this, lawmakers need to become much more knowledgeable about today’s technology! 

Reading for Treasure: Protecting Your Information and Privacy

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction.

Once again, here are some articles to keep you safe as you use your technology. Specifically, how to thwart being tracked or scammed by devices, websites, advertisers, and others. 

This video from CNN includes a password tip that is genius and I have never heard of before. I am not going to list it here, but listen for the word “salt” in the video: "Here's how to keep your passwords safe, according to a hacker.” 

Wired provided a simple and common sense list of “6 Things You Need to Do to Prevent Getting Hacked.” Read the article, but I’ll list them here: Use multifactor authentication, get a password manager, learn how to spot a phishing attack, update everything, encrypt everything, and wipe your digital footprint. If any of those terms are foreign to you, take it as a sign you need this article. 

A great compliment to the above article, Propublica’s article, “A Former Hacker’s Guide to Boosting Your Online Security.” provides a straight forward and simple list of ten things to preventing stolen data, identity theft, and other online hazards. Again, I’ll list them here, but read the article for more: stop reusing passwords, delete unused accounts, use multifactor authentication, manage your privacy settings, think before you click, keep your software up to date, limit what you’re sharing online, security your SIM, freeze your credit reports, and back up your data! 

Lifehacker is also a great source for digital safety. Here a short and simple article that lets you know “How to Tell Which Apps Can See Your Private iPhone Data.” It is an older article, but still worth reading. 

This somewhat scary article from The Conversation via Inverse is a good overview of how your use of technology may put your privacy at risk: “Here’s exactly how tech companies and apps conspire to track you 24/7.”

Yes, emails can snitch on you. Many emails report back to their senders if you opened them, when you opened them, and even for how long you engaged with them. Want to stop this? Read this article from Wired: “How to Tell Which Emails Quietly Track You.” If you use Apple devices, this Lifehacker article, “How to Stop Email Trackers on Your iPhone, iPad, and Mac” will help you with this issue and more. 

A new form of hacking is to use free USB charging stations. Apple Insider discusses, “What juicejacking and trustjacking are, and how to protect yourself.” The basic piece of advice here is, if your phone asks you “Do you trust this computer?” or “Allow this device to access.. and you are not connected to your home computer, say, NO! 

How many of us have lost our phones or have had our phones stolen?  We may feel safe because our phone is locked with a passcode, fingerprint, or our face. Lifehacker says, “Your iPhone Is Still Vulnerable When It Is Locked” and then helps you secure it! 

And it is worse than that: Lifehacker provides instructions on how to use screen time on the iPhone to prevent a stolen phone from becoming a stolen Apple account or worse: "How Screen Time Can Save You When Your iPhone is Stolen." 

I am currently reading The Paper Menagerie and Other Stories by Ken Liu

Reading for Treasure: Consider These Articles and VOTE!

Reading for Treasure is my list of articles that are worth your attention. Click here for an introduction!

Your vote is critically important. The polls are probably wrong. Here are some articles to think about as we move toward the November elections. I present them without introduction or commentary: 

Mother Jones (Video): “If Republicans Retake Congress in November, Here's What Their Agenda Will Look Like” 

NewsOne: “2022 Midterm Elections: Filibuster, Senate Control And The Importance Of Black Voters” 

Reuters: “Pro-Trump conspiracy theorists hound election officials out of office”

Financial Times: “Ukrainian officials ‘shocked’ as Republicans threaten tougher line on aid” 

The Guardian: “Republicans aim to pass national ‘don’t say gay’ law”

The Bulwark: “Attack Ads Are Darkening the Skin Tone of Black Candidates”

Atlantic:  “We need to take away children” 

New York Times: “Voters See Democracy at Risk, but Saving It Isn’t Priority” 

Wired: “The US Needs to Recognize Intimate Privacy as a Civil Right” 

The Washington Post: “Trump charged Secret Service ‘exorbitant’ rates at his hotels, records show”

CNN: “What could happen if an election denier is running elections” 

NBC: “Johnson's campaign is paying the law firm of a Trump attorney allegedly connected to Jan. 6 fake elector plot”

NPR: “Borrowers who were cut out of student loan relief describe 'a gut punch'”

CNN: “'I'm my own man': Colorado Republican Senate nominee fires back at Trump” 

Scientific American: “U.S. Lost 26 Years Worth of Progress on Life Expectancy” 

I am currently reading Gods, Monsters, and the Lucky Peach by Kelly Robson

Reading for Treasure: Scamdemic!

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction!

I have written about scams before and my most recent post deals with some thinking strategies to help us sift through the overwhelming mounds of information (and disinformation) in order to evaluate them well. However, the evil fraudsters are taking advantage of the current crisis to trick people into giving away their money, information, or more; thus here are some articles to help you protect yourself and your loved ones from the evildoers who would trick you. 

CNN’s article, “6 coronavirus vaccine scams that target your money and personal information - and what to do about them” is a short and very clear listing of possible scenarios. It is worth sharing with family-  especially elders! 

Wired has a good review of “How to Avoid Phishing Emails and Scams.” I have also written about this issue, but the fraudsters are getting more and more sophisticated. I also want to note that this article recommends the use of a password manager – and so do I (see below). 

Scamming can pop up in all sorts of places. Lifehacker’s article “Beware of These Creative Online Dating Scams” reminds us that people are trying to trick you even when love is what you are searching for! 

Another way to foil scammers is to improve your security. You must have a password manager if you are going to use complex effective passwords. Since LassPass changed its options, Bitwarden is a good choice if you want a free option. Lifehacker’s article about Bitwarden is worth a read if you want to taste test a password manager: “Bitwarden is Now the Best Free Alternative to LassPass.”

One more Lifehacker article reminds us, “Don't Trust Phone Calls From 'Venmo' or Any Other Service.” When your bank, utility, or other service calls, hang up and call back using the number you would regularly use to reach them – not the number from which the possible fraudster called you! 

Google has created a new feature to help you figure out if the sources that appears in your search are credible and trustworthy. Engadget lays out how to use this feature so you can evaluate sources and be sure you are getting the best information possible: “Google search results can tell you more about a site before you visit it.”

Currently, I am rereading Foundation by Isaac Asimov

Reading For Treasure: An End of the Year Digital Grab Bag!

Reading for Treasure is my list of articles (and other readings) that are worth your attention. Click here for an introduction!

Since we are all sending so much time on our digital devices, here is a grab bag of articles to make both your online and offline life safer, healthier, and better.

If you use an iPhone, it is time to retire those old “in case of emergency” designations in favor of the phone’s built-in emergency contacts. You can make any contact an emergency contact by editing it and selecting “emergency contact.” In addition, this article from Apple World goes one step further and explains “How to Send Your Medical ID to First Responders in an iPhone Emergency Call.” During a pandemic, this seems like a feature to activate. 

Many of us are spending hours and hours on our devices. If these devices break or lose our data, we may have significant problems. That is why it is critical to back up everything – and I mean everything. Wired Magazine has a good overview of this: “How to Back Up Your Digital Life.” If your answer to “what would happen if your computer crashed?” Is that you would be up the creek, consider reading this and backing up everything! Remember, you probably want to back up your phone, too! 

Often the weakest link in your digital armor is your password. Some of us use the same password all the time. Some of our passwords are easy to guess, even if you don’t know us well. Some of us have answered quizzes or done those Facebook questionnaires and shared the answers to every possible security question with the world. The key to good passwords is making them long and complex, but that means they are difficult to remember (and to crack). The key to making long passwords usable is a good password manager. I use 1Password, but there are many to choose from. Here is an Engadget article to get help you start using one: “It’s time to start using a password manager: Here’s how”

Finally, two good pieces from one of my favorites, Lifehacker. First and most important, “Never Email Your Social Security Number, I Am Begging You.” The title says it all, but I will add this: please think of any unencrypted email (which is probably all of our emails) as a postcard, not a letter. There is no envelope and anyone on all the systems it passes through (and there are many) could look at it. 

Finally, since we are sitting in front of screens all the time, we need to protect our necks, backs, wrists, eyes, and the rest of our bodies. Lifehacker also provided a good guide to make sure that you are not making yourself sick by the way you are using your computer: “How to Ergonomically Optimize Your Workspace”

I am currently reading The Peripheral by William Gibson

Little Camera is Watching

Recently, I purchase a dash-cam. I bought it because I had several near accidents with vehicles running red lights and stop signs, and because I was curious – and because it was on sale. It was easy to install and I have only twice looked at any of the videos that it has recorded. For the most part, I forget about it while I am driving. I remember it, however, when I see poor driving.

I think about how my driving is being captured on other people’s dash-cams. While this has changed my driving and, for the most part, I consider myself a conservative and safe driver, I wonder if people would drive differently if they thought that recordings of their driving might turn up online, at the police department, or in other ways. Would some of us slow down?  Would some of us put on a show?

Google introduced Google Glass in 2013 and more recently Google Clip. Both are, for lack of a better term, person cams. They serve the same basic function as my dash-cam, but for human beings. They are a civilian version of the body cams that some police wear.

As you move through your day, people with whom you interact might be recording everything you do and say. The ubiquity of cell phones has that potential as well. Does that change anything?

Let’s try a thought experiment: what if people at your work were recording you? What if, as you dealt with co-workers, clients, customers, and others, someone was secretly recording? How would that affect you? Would it change your behavior?

There are two questions here: one is obvious: how would the chance of being recorded affect one’s behavior? The second is what happens to that recording?

We act differently when there is a camera watching us. Our awareness that our actions will be seen by others, be more “permanent, ” and perhaps be critiqued makes us self-conscious. Our audience changes from known to unknown.

In the world of George Orwell’s 1984, Big Brother looked into the lives of his citizens through a kind of television set. Privacy was almost impossible. The state watched, judged, and punished. While we have no centralized eye in the sky, the idea that an audience is viewing what you are doing in your car, job, or anywhere is unnerving and increasingly likely.

The obvious retort is that, if you have nothing to hide, what is the big deal? Who cares if my actions go viral on Twitter? While there is value in this debate, it is moot. Video of people from cameras meant for security and all manner of personal cams are now out there. It doesn’t matter if you are behaving well or not. The world may see you and that, by itself may be a punishment.

Because the audience may not have context for your actions. The world may not know what your co-worker said to you just a few minutes before you lost your temper. The world may not see the crying person just off the screen. The world may only see the bad lane change, but may not the sick child in the backseat.

Pulling out your cell phone to record an incident is a way to both deescalate and intensify a situation. If you are going to cut in line, I am going to record you doing it and post it. You parked badly; I am going to shame you online. Just like in 1984, fear and shaming do not make a caring community. They do keep people in line.

So how do we deal with the proliferation of cameras and the recordings they produce? First, we increase our civility in public. There is nothing wrong with that. Beating people is wrong regardless of context. Second, we increase our awareness of the presence of cameras. We point them out and notice them wherever we are. If we are being watched, we should be aware of it. Third, we ask questions. Why are cameras here? Who sees the recordings? What is done with those recordings? Who has access to them and for what purposes? We add context wherever possible. If a camera appears, I may need to explain what is going on in more detail. I may need to directly address the camera. I need to think about my new audiences.

I never want to be on a reality TV show, but now we all may have our fifteen minutes of shame and blame. The camera genie is not going back into the bottle. But we must remember that the view into the bottle is often incomplete.