Author Archives: Scott

Presenting Internet Safety to Families

Recently, I was asked for an Internet Safety presentation for a scout troop.  It occurred to me that the approach for an Internet Safety Presentation for children can be a bit daunting in a world where it’s possible, if not probable, that the audience is more tech savvy than the presenters.  The Internet today is different even for younger families who must be aware that “online” is much more than spending time on the computer and traditional PC controls and monitors are not sufficient; online can be game machines, phones, or even an alarm clock (anyone else remember the Chumby?)  A check on my own home router showed over 2 dozen internet connected devices!  Much like a large metropolitan city, the Internet is an amazing place with some of the finest examples of our culture, available at the click of a button or swipe of a few gestures.  It is also home to a plethora of material that is not appropriate for all ages, creeds, or cultures.  One would likely never drop their child off in a big city and expect them to explore it unprotected and remain safe.

Bilateral education and communication is key; continual conversations about what is appropriate, what is not appropriate, and what dangers to look out for should be mixed with a genuine understanding of the technology and applications that are being used.  Just like the real world, educate children on how there are bad people in the world while taking the time to understand from them what the real world influences are that are impacting their safety.  Ensure they are comfortable talking to you about risks and that you are comfortable asking them to explain to you about the technologies they are using.  There are many resources available for Internet Safety, some are better than others.  Here is a short list of some useful resources that are particularly helpful:

  1. Protect your home. It’s not enough to simply protect the home computer anymore, protecting your network at the router helps protect all of the devices in your home.  Open DNS (http://www.opendns.com) is a great free service that is simple to set up and use; it is excellent for filtering and protecting against malicious interweb (website) activity and other internet services.  Secure The Human (http://securethehuman.org) has a great infographic with a lot of helpful tips for securing the home:STH
  2. Educate each other. McAfee (yes, the anti-virus guys) has a service, InternetSafety.com (http://www.internetsafety.com/internet-safety-presentations.php) with a good Internet Safety presentation that is age-appropriate for teens and tweens.  Use this to present to a group of children or young adults and couple it with this presentation from (ISC^2), an organization focused on educating security professionals,  for their parents:https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/top-ten-tips.pdf
  3. Get professional help. Safe and Secure Online (https://www.isc2cares.org/safe-and-secure/) is a partnership with Childnet International and is a valuable collection of resources that can be tapped to bring certified, accredited, and screened information security experts into classrooms or groups.  It’s a volunteer program where professional security volunteers visit school classrooms or community organizations as guest speakers, teaching children ages 7-14 about online safety and responsibility.   You can get an information security expert by signing up at their website who will spend about an hour at no charge to teach students and their parents how to be “educated, responsible digital citizens.” The (ISC)² Safe and Secure Online (SSO) program can gear their instruction to groups of children ages 7-10, 11-14, or even their parents.

Protect Your Online Life with Multifactor Authentication

Although a lot has not been made clear yet about the recent announcement that a Russian crime ring had amassed 1.2 billion user identities (a combination of user names and passwords), one thing that should be clear is that protecting your online identity with simply a password is not good enough.  This type of identity theft activity has been going on for years and is why major social and email Internet sites offer multi-factor authentication to their users.  Even computer social gaming sites like Steam and Blizzard offer multi-factor authentication to their players.

Multi-factor authentication is the use of two of the three established ways to identify a person’s identity, what you know (like a password), what you have (physical token or even your cell phone), and what you are (DNA or fingerprints).  Using multi-factor authentication is the best way currently available to ensure your accounts don’t get abused.  Multifactor authentication increases security by adding another barrier to entry; it requires something you’ve committed to memory (like your password) and something you have in your pocket (your phone or FOB).  By adding this additional authentication to access an account, you are requiring yourself, and also the bad guys, to have two forms of identification.

Enabling multi-factor authentication is an extra step initially; however, most service providers will make this easier for users by allowing users to trust certain mobile devices or computers, essentially establishing a registered personal device as ‘something you have.’  Wherever possible, it is a good idea to leverage any multi-factor authentication that your favorite service offers; if it’s not obvious how to do it or if its offered, contact their support service.  Here is a list of some popular Internet sites and how you can set up multi factor authentication to protect yourself:

  • Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine.
  • Bank of America: They use a feature called “SafePass.”  It lets a user authorize transactions using one-time, 6-digit passcodes.
  • Chase.com:  To activate, their users need to request an “Identification Code,” which gets delivered by email or text message. Users can then enter their secure mobile site, https://m.chase.com.
  • Dropbox: Dropbox’s two-factor authentication sends you a 6-digit text message code; it also will let you set up Google Authenticator. Dropbox will also allow a user to trust a device.
  • EBay:  EBay’s Secure KeyFob supports a hardware FOB with a tumbling key on a keychain.
  • Evernote: Evernote users can use the Google authenticator app Google Authenticator, premium users can also receive a code via text message.  Evernote will also allow a user to trust a device.
  • Facebook: Facebook uses a feature embedded into their mobile app called “Code Generator.”  Facebook will also allow a user to trust a device.
  • Google/Gmail/YouTube: Google uses a smartphone app to enable two-factor authentication which sends you a 6-digit code called Google Authenticator and is for Android, iOS, and BlackBerry.  Google will also allow a user to trust a device.
  • LinkedIn: LinkedIn’s two-factor authentication sends a 6-digit code via SMS.  LinkedIn will also allow a user to trust a device.
  • Microsoft Accounts (including Office 365): Microsoft’s two-factor authentication sends you a code via text message or email; they also support other authenticator apps like their own authenticator app or Google Authenticator.  Microsoft will also allow a user to trust a device.
  • PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message.  Paypal will also allow a user to trust a device and also support their secure Key FOB.
  • Twitter: Twitter will enable two-factor authentication by sending a 6-digit text message.  Twitter will also allow a user to trust a device.
  • Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message.  They will also allow a user to trust a device. NOTE: As of this writing, AT&T’s version of Yahoo mail did not seem to support the multi factor authentication.