At minimum, you should have copies of mission-critical data in different locations.
Western Digital experienced a hack of its systems, prompting the company to pull its services offline—including its My Cloud backup and file access service. First disclosed on April 3, the outage began on April 2, as reported on the WD My Cloud status page.
If you’ve been hit by this service disruption, you’re likely riding it out in one of two ways: frustratingly cut off from your files, or temporarily inconvenienced because your data isn’t readily available in the cloud. The difference? In the first scenario, My Cloud’s your only location for your data. In the second, you were following the rule of three.
Your data needs backups—and when you make them, more than one copy should exist. Enter the rule of three: Your data isn’t safe unless there are three copies. Disaster can hit at unexpected and inopportune times, a local out of your hands disaster (e.g., fire, flood, theft, cloud service outage) or man-made (hard drive death, drop, accidental data deletion, data corruption).
The full version of this guideline is “3-2-1”: You have three copies of the data, with two available on-site (and on two different devices) and one available off-site (a spare hard drive saved at a trusted person’s home, or the cloud). The unfortunate reality is that your data can become unavailable at any moment, and as this situation with WD My Cloud shows, through no fault of your own. At minimum, you should follow this rule for your mission critical data. It’s important protect yourself, even when you’re short on time or money.
Don’t get me wrong, this situation is rough. I feel for everyone who’s lost their data wondering if they ever get the data back as data recovery is an expensive and not always possible. The question is not if it will happen, but when. You need to be ready.
Google plans to wipe Gmail accounts and other Google service logins that have gone unused for too long.
Remember that old Gmail account you set up to collect spam long ago? It could get caught in a Google security purge of epic proportions.
Google noted that their users crave safety and security and that accounts unused for long periods are more likely to be compromised.
Google analyzed user accounts, showing that dormant accounts are 10 times less likely to have two-factor authentication than active ones.
Once an intruder takes control of a Google account, they can use it to send spam to the account's contacts and other random internet users. The unwanted user could even perpetrate identity theft on the unaware account owner. Google previously let accounts stay dormant for many years with no activity. Starting later this year, Google may delete your Gmail account and other Google properties, including Docs, Drive, Meet, Calendar, and Google Photos, if your Google Account has not been used or signed into for at least 2 years.
So think long and hard - how long has it been since you've checked on that spam-eater Gmail account? Or looked at your Google Photos? Chances are those old accounts are perilously close to getting the ax. Google clarifies that their new account retention policy only applies to personal Google Accounts and will not affect business or school accounts. The company claims it is bowing to industry standards on account retention and deletion and reducing the amount of time it keeps users' private data on file.
Timeline for the Google purge Google has laid out a series of phased steps, during which users should get plenty of notice before their accounts are wiped clean. The policy officially took effect on May 16, but the first accounts will be deleted in December 2023. Between those times, Google will send warnings to the accounts themselves and their associated recovery email address. If these notices go unheeded, Google will delete the account on the promised date. The first accounts to go will be those created and never actually used, followed by accounts with more regular usage patterns.
How to keep your Google accounts active Users have a few simple options to keep their accounts active and exempt from Google's deactivation sweeps. Log into your dormant Google account and try any of the following steps: Search for anything via Google Search Use the Google Play Store to download a new app Use Google Drive to store or access files Watch a video on YouTube while logged into your account Send or read an email in your Gmail inbox Sign into a third-party service using Sign in with Google
Are Password Managers Safe to Use?
Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use.
Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own. More and more people are now using password managers to make it easier to keep track of passwords without putting their personal accounts at risk.
How Do Password Managers Work?
Every application is different, but password managers generally work in similar ways. They make it easy for users to save their passwords in a private vault. While some password managers support offline storage, most platforms keep information saved in the cloud so that users can access it seamlessly on different devices.
Password managers usually rely on a master password that secures all of the passwords for different accounts. As long as you remember your master password, you’ll be able to log in on any device and use passwords as needed.
Some password managers also offer additional features, such as cloud storage and the ability to save text and other kinds of files. You may also be able to securely share passwords with other users without having to send the password through an unsecured channel like email or SMS.
What Are the Features of Password Managers that Keep You Safe?
If you aren’t using a dedicated password manager, you might have your passwords saved somewhere else. For example, many people keep their passwords stored on a local device, in a cloud-based account (such as iCloud), or in their web browser.
With that in mind, you may be hesitant to store your information somewhere else. After all, putting them in a new location could give hackers even more opportunities to crack your passwords and gain unauthorized access to your accounts.
However, the truth is that a reliable password manager is one of the best places to store passwords, credit card numbers, and other personal information. Let’s take a look at some of the key security features of the top password managers available.
Encryption for Important Data
Keeping your passwords safe starts with encryption. Encryption is the process of encoding sensitive data so that it can’t be accessed by anyone other than the rightful owner. Today, most password managers rely on industry-standard AES 256-bit encryption.
In fact, secure password managers generally can’t access your passwords at all. Zero-knowledge security policies are used to reduce the risk that someone will gain unauthorized access to your account.
If your password manager could see your passwords, that would result in another point that hackers could use to pull your information. Combined with zero-knowledge policies, AES 256-bit encryption makes your passwords extremely secure — even against sophisticated techniques.
Offline Storage for Added Security
Encryption is the best way to keep sensitive information secured when it’s being transmitted over the internet. Still, it’s even more effective to simply avoid putting that data online in the first place.
Some password managers are limited to cloud storage. While that kind of storage offers a decent level of security, offline storage is a solid alternative for those who want to minimize their potential weaknesses.
NordPass, for example, provides an offline mode that gives users access to all the contents of their vault. The main drawback of offline storage is that it prevents you from keeping data consistent. You will need to use cloud storage if you want to sync passwords across different devices.
Two-factor authentication (2FA) is another critical security feature that’s available with most modern password managers. After enabling 2FA, you’ll have to authorize logins in order to allow access. This typically goes through an authenticator app, which uses push notifications to authenticate new access attempts.
The name “two-factor authentication” is based on the fact that authentication acts as a second “factor” for login. The first factor is generally the password itself. Instead of being secured by just one thing, 2FA ensures that accounts are secured by a second element or factor.
Without 2FA, someone could access one of your accounts as long as they have the username/email address and password. Since most platforms don’t offer any kind of login monitoring, there won’t even be a way to tell that a hacker is using the account.
On the other hand, 2FA allows you to block unauthorized access, even when the person has already compromised your login credentials. If you ever get an unexpected authentication request, make sure to change the password for the corresponding account as soon as possible.
Secure Password Sharing
Sharing passwords with other users give hackers another way to get into your accounts. When you send a password or other sensitive data through a channel like SMS or email, you’re making it easier for people to access that information.
Password managers mitigate this risk by giving users a safer way to share their passwords. Instead of sending the password through plain text, you’ll be able to share it in a secure form. Password managers generally encrypt shared passwords so that they aren’t vulnerable in transit.
Additionally, password managers come with extra sharing features and settings that aren’t available with most other sharing methods. For example, you might be able to set a sharing expiration date, limit the number of access attempts, or even require a passcode before the recipient can use the password. Keep in mind that these features will depend on the specific password manager you use.
Password Generators and Analyzers
Along with storing your existing passwords, most password managers offer a tool to produce new passwords. You may be able to set specific parameters so that the generated passwords work with the requirements of each website. Some generators are also capable of generating unique passphrases along with conventional passwords.
Your password manager should also come with a password analyzer that can tell you if your passwords are too weak. After signing up for a new password manager, one of your first steps should be to evaluate your existing passwords and identify the ones you need to update.
To know more: please visit: https://www.passwordmanager.com/are-password-managers-safe-to-use/
Thank you Casey Brown from Password Manager
Learn how to recognize the most common scams and protect your personal data on Facebook and Instagram.
I stopped sharing details about my life with strangers and locked down my privacy settings on social media apps, I blocked access for potential scammers. And I encourage you to do the same.
Facebook still has the largest user base, with 2.9 billion monthly active users. Instagram has 1.4 billion. That's a very large and diverse pool of victims for a potential scammer. I’ve added a short description of the warning signs for each scam and what you can do to protect yourself from them.
Your social media posts are a treasure trove of valuable information. Your public contact list alone can help a criminal. The list of names connected to your public social media accounts is enough for a scammer to impersonate a family member or a friend with a spear phishing email. In the email, the scammer may convince you to reveal private information such as industry secrets, login credentials, credit/debit card numbers, or embarrassing personal information.
You don't have to stop posting on your favorite social platform, but it is wise to stop posting personal information on your public feed. You don't know who is reading your words or viewing your photos. Give strangers less access to your personal life by trying these seven steps for locking down your social media activity:
Evaluate your privacy settings.
Your Instagram account is public by default so that anyone can see your posts. Set your account to “private” so only approved followers can see your posts, comment, and send direct messages. You can't hide your profile pictures or cover photos on Facebook, but you can hide almost everything else from people not on your friends list by tweaking the elaborate privacy settings.
Use a password manager and enable multi-factor authentication on your accounts. One of the easiest ways to prevent unwanted logins on your accounts is to keep your login credentials in a password manager and enable multi-factor authentication for your accounts. Facebook and Instagram offer a few kinds of authentication, but I recommend using a mobile authenticator app.
Keep track of third-party apps.
You may have many third-party applications connected to your social media accounts. For example, on Instagram, you can see which apps and websites are connected to your social media accounts by visiting the Settings section of your account profile and navigating to a section labeled “Apps and Websites.” If you see one you do not recognize, it could be a malicious app spying on your online activity. Review the list of third-party applications connected to your account. Delete any that you do not use frequently or do not remember installing.
Only buy from verified profiles and brand accounts.
Before purchasing anything via a social media platform, verify the seller's account. Legitimate brands on Instagram and Facebook are verified by the platform and have a blue circle checkmark next to their name.
Perform quarterly name searches.
Impersonation can happen to anyone. To avoid the damage of someone using your name, photos, or other personal information against you or your social network, make a habit of searching Facebook and Instagram for your name. It only takes a minute, and it is an easy way to identify and report impostor accounts.
Decline friend requests from strangers.
Not everyone wants to be your friend. Don't accept friend requests from anyone you don’t know. The more strangers in your friends list, the higher the risk you will be approached with a scam.
Never click on suspicious links sent to you or respond to unsolicited messages.
Whether it is an email or a private message, avoid clicking on unsolicited videos or links, even if you recognize the sender's name. If you think a friend sent you something, double-check with them via phone or text before clicking the link. Be especially wary of messages containing phrases such as, “OMG! Is this you?” or “Have you seen this yet?!”