What is the Facebook or Google or LinkedIn convenience login called? In the tech industry we call this the "you as" login or officially OpenID. We'll log you in as.....your xxxxx account.
How does it work? How do it know? When you click the button for the app to log in as, that website goes out and queries the app (Facebook, Linkedin, Google, whoever) and asks for a token. The website then stores that token forever for when you come back and login. That token contains your password from the app.
What does the Facebook security breach have to do with that token? If your account info and/or password was stolen from Facebook then the bad guys have access to any site you used the "You as" login on. That means you've spread your vulnerability across multiple entities.
Do you believe that the Facebook breach only affected 50,000,000 users? Of course not silly! Facebook has 2.23 billion user accounts.
What are the best practices i should follow?
- Never use the "You as" feature for new sign ups to 3rd party apps
- If you’re using an easy to see pattern for customizing your passwords for each site or service, then change that pattern (and all of those passwords)
- always a good idea to have different passwords for accounts involving money, those passwords should be complex. Pet + a number is NOT complex. A password CAN be complex but easy to remember. Here's an example -- a sentence -- Dawn is the best person I know and funny too. Take that sentence and convert it --- DitbpIk&f2 That's a complex password but easy to remember for you. It's the first letter of each word and convert things like and to a symbol and the too to a 2. Complex passwords should have lower case, upper case, special symbols/characters, and number(s)
- Implement 2 factor authentication on your important accounts, like brokerage, banks, credit cards, etc. Also called MFA or 2FA (Multi Factor authentication) - basically, it texts you a code that you put in after your password. Here is an excellent short video explaining 2FA
- Change your birth year on Facebook. If you put all your personal information on Facebook and someone hacks your Facebook could they use that to get in to other accounts? Your pet is Fido. You were born in 1980, your dog was born in 2016, the hacker knows that because you put his birthday party on Facebook. So chances are really good that some of your passwords are Fido1980 or Fido2016. Change them!
- Personally, I go as far as putting an incorrect day, month and year as my birthday on Facebook. My friends know it's my birthday when it's my real birthday. I don't care about anyone else....
Trouble remembering all your passwords? There are many alternatives. One is the free version of lastpass.com which I use, to store and populate passwords online. It's free for personal version, costs $$ for companies. There are other password
Low tech? This works great! https://www.amazon.com/ Password-Keeper-Galison/dp/ 0735344620/ref=sr_1_13?ie= UTF8&qid=1514996876&sr=8-13& keywords=password+book
That book is small enough to hide. Has tabs with alphabet to quickly find things. oh and let me state the obvious, if you write them down, don't take the book with you, ANYWHERE
Want more information? Here are some links
What is this "You as" feature? here
These opinions are my own. You are responsible for your own account security.
These opinions are my own. You are responsible for your own account security.
No comments:
Post a Comment