Facebook Introduces Physical Keys (FIDO U2F) as Security

Standard

Today, January 26, Facebook announced that they have introduced ‘physical keys’ (i.e. usb keys) as an option of the two-factor authentication. Google has already introduced this two years earlier.

A few years ago two-factor authentication was introduced by Google and Facebook among many other companies which allowed the user to set an extra security measure to avoid loosing their account in case their password was stolen. This extra layer required the user, if using a new computer or IP, to enter an authentication code generated (regularly) through an app (e.g. Google’s authenticator for Google accounts).

Continue reading

Check if you’ve had a security breach

Aside

Many of the popular websites and services have been or at some point or will be targetted and exploited. As a result, it is most likely that at least one of your online accounts has been pwned at some point. This doesn’t mean your account has been cracked but it could mean that some of your private information has been leaked (e.g. email, password, personal info like date of birth, etc…). Recently Gmail has been exploited by attachement phishing.

There’s no guaranteed way to check if your account has been hacked but one way is to check if you’ve been pwned. Just enter your username or email to check if you’ve been pwned.

Hack Academy – French Awareness Project on Online Security

Video

Below are 4 interesting videos for the “Hack Academy”┬áraising people’s awareness on the basic techniques “crackers”, rather than “hackers”, use to exploit you.

Continue reading

Glenn Greenwald: Why privacy matters [TED talk]

Standard
Some important quotes

Now, there’s all kinds of things to say about that mentality, the first of which is that the people who say that, who say that privacy isn’t really important, they don’t actually believe it, and the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions, they take all kinds of steps to safeguard their privacy. [eg; Eric Schmidt, the CEO of Google and CEO of Facebook, Mark Zuckerberg]

Now, there’s a reason why privacy is so craved universally and instinctively. It isn’t just a reflexive movement like breathing air or drinking water. The reason is that when we’re in a state where we can be monitored, where we can be watched, our behavior changes dramatically. The range of behavioral options that we consider when we think we’re being watched severely reduce. This is just a fact of human nature that has been recognized in social science and in literature and in religion and in virtually every field of discipline.

society in which people can be monitored at all times is a society that breeds conformity and obedience and submission

What all of these seemingly disparate works recognize, the conclusion that they all reach, is that a society in which people can be monitored at all times is a society that breeds conformity and obedience and submission, which is why every tyrant, the most overt to the most subtle, craves that system. Conversely, even more importantly, it is a realm of privacy, the ability to go somewhere where we can think and reason and interact and speak without the judgemental eyes of others being cast upon us, in which creativity and exploration and dissent exclusively reside, and that is the reason why, when we allow a society to exist in which we’re subject to constant monitoring, we allow the essence of human freedom to be severely crippled.

Update: In early July 2015 it was announced that AshleyMadison, a cheating site, was hacked and data of users has been leaked or is being threatened of being leaked. In 2014, Gmail passwords were also leaked. And in 2013 data of 6 million users were leaked from Facebook. These are just a few examples.

Remember: NOTHING you put online is ever safe, No matter how secure systems are or how smart those are who built it. There will always be smarter people, smarter way, and new tools to de-cripple security systems. EVERYTHING you put online is there to stay.

Recommendations: If you care about the security of your accounts, and want to make them more secure, I sugges you use a password generator and manager software like KeePass and KeePassX or others (choose one that is local; I don’t trust online services like LastPass since they are equally hackable as other services). This way all you have to remember is one password.

For your convenience, use a browser with a password manager and master password like Firefox.

Also make sure to make most of your passwords at least 35-40 characters long (anything less is computationally crackable through brute-force attacks; also see Rainbow table).