A virtual private network (VPN) may confuse some people. At it's core, a VPN is a private network that is made available to authorized users from the internet. Examples of a private network would be the network at your work, at college, or government locations.
Those networks have internet access, but the internet does not have access to them, hence the term private network. The private network becomes virtual when you are able to access it from the internet. The internet still does not have access to the private network, but your computer does. As far as the private network is concerned, your computer connection is at work or school.
When you connect to a VPN, you are connecting to a set of servers over the internet. This process is known as tunneling. Anything you do on the internet will go through these servers. All of this data is encrypted, which provides great privacy for you.
As far as your internet service provider knows, you're connecting to some IP address. They cannot see what the data is or anything.
The most important, and obvious, reason is security. As we stated above, all of your internet data is encrypted once you have created that tunnel. Hackers, for example, would not be able to intercept your internet browsing activity. Hackers will often attempt to do this when you use public WiFi in places like coffee shops and airports. If you make a purchase with your credit card on public WiFi, hackers could get a hold of your credit card number. This is why you should use a VPN.
A secondary benefit, which ties into security, is privacy. Because all traffic is encrypted, all data secure and private. What you search for, watch, read, or listen to is your own business. You ISP and hackers will not know what you are doing online.
VPNs will not, however, protect you from tracking by various website trackers, such as cookies.
VPN provides encryption to network traffic. It ensures the communication cannot be easily eavesdropped/tampered with by adversaries. It does not impact application features like cookies. So yes cookies can still be set on your browser if you are tunneled through VPN.Ximning Ou from the University of Southern Florida
In order to prevent these tracking efforts, you can surf the web with your browser's incognito/private mode. Another option would be to install an extension that prevents this, like ghostery.
Another reason for using a VPN? Virtual locations. Many providers will have servers in multiple locations. This was an option many Netflix users chose to access content that was not available in their region. Just because content has a block in your country, does not mean it is in another country. All you need to do is tunnel into a VPN server in a country that does not have the block, and you will have access.
The same works in reverse too. For example, you're traveling out of the country but your bank blocks access to users outside of your homeland. You can use your VPN to tunnel to a server located back home to gain access.
On a side note, just because using VPN allows your to potentially bypass restrictions, do not forget you are still operating under your countries laws. VPNs will make you anonymous online, not invisible. If you start doing anything illegal or suspicious. Given enough time and resources, government agencies could, in theory, still find you.
Today, there are tons of VPN providers to choose from. Some providers are great, some are not. Below are some things to consider when choosing a VPN provider:
One of the biggest drawbacks is internet speed. Depending on the provider, you will see reduced internet speeds. Sometimes, the reduction is small, other times its large. It all depends on the number of users connected to the same server as you, the location of the server, and the providers setup. Longer distances between you and your VPN server means longer distances for data to travel in order to reach to the internet.
A secondary, and minor, issue is that when you use a VPN as a virtual location, you can see some issues while shopping. Say you live in the US, but have a connection through a tunnel in the UK. While shopping online, your pricing may show in pounds instead of US dollars. The simple solution is to use a server in your country while shopping online.
Using a VPN is becoming more of a necessity each day. The krack attack has proven that access to home WiFi traffic can occur. Connecting to a VPN service protects you from this vulnerability. Ensuring you have a good VPN provider will help ensure you are better protected.
SplashData compiles over 5 million passwords, that have leaked online, from 2018. From that data, they are able to build a list of the top 25 most used passwords of 2018. The sad part? The top two passwords have been the same top two passwords for five years now. No one should ever use "123456" or "password" and yet millions of people do.
We will note that several of the top 25 passwords are repeats from previous years, though their use has varied from year to year. One upside to all this data? There are a few new passwords on the list.
Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision. Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations. Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” Slain said. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.
- Morgan Slain, CEO of SplashData
This list is to help raise awareness for internet users on adapting better security measure, like stronger passwords. Strong passwords do not guarantee better online safety, but they do increase it. If you use a password that is on this list, you are just asking to be hacked.
1. 123456 - Unchanged 2. password - Unchanged 3. 123456789 - Up 3 from 2017 4. 12345678 - Down 1 from 2017 5. 12345 - Unchanged 6. 111111 - New for 2018 7. 1234567 - Up 1 from 2017 8. sunshine - New for 2018 9. qwerty - Down 5 from 2017 10. iloveyou - Unchanged 11. princess - New for 2018 12. admin - Down 1 from 2017 13. welcome - Down 1 from 2017 14. 666666 - New for 2018 15. abc123 - Unchanged 16. football - Down 7 from 2017 17. 123123 - Unchanged 18. monkey - Down 5 from 2017 19. 654321 - New for 2018 20. !@#$%^&* - New for 2018 21. charlie - New for 2018 22. aa123456 - New for 2018 23. donald - New for 2018 24. password1 - New for 2018 25. qwerty123 - New for 2018
Password managers are great for everyone. They can help generate stronger passwords and keep track of them for you. But, many password managers do more than that. 1Password is our prefered password manager, but Lastpass work great too! Both of these programs can also double as a digital safe box too.
First off, you should already be using one. If not, then you need to get one. You should be storing all of your usernames and passwords for all of your online accounts in a password manager. No two passwords should be the same. Additionally, you should be storing all of your "truthful" security question answers as well.
Your online passwords and answers are not the only thing you can and need to keep secure. You can store Wi-Fi passwords in your password manager too. Here some additional items, not a complete list, you can store in your password manager:
This list is not all encompassing. But, they can give you an idea of all the ways you can use your password manager to store important information.
Undoubtedly, some of the passwords for you accounts will be for accounts others in your household will need to use. Router credentials, the account for utilities, maybe even Netflix login information. Sharing this information is important, especially when you use long complex passwords. Here are the basics of sharing information in Lasspass and 1Password:
Connected devices in our home is common place, and the number of those connected devices in our home is growing. This means there are a growing number of opportunities for someone to access your home network and your devices on that network. Because of this we want to take a moment to go over some steps you can take to help make your home's smart devices safer and more secure.
Please keep in mind there is an ever growing array of smart home devices, we cannot go over specifics for each gadget. One general rule of thumb is to go through the device's documentation for initial security precautions. If your device does not have a guide, double check the manufacture's website.
Windows and macOS do a great job and downloading and installing updates. Most smart home gadgets do not. There are many reason why this could be or by default the devices does not need internet access, just access to devices on your home network.
This, ultimately, means it is on you to keep track of devices updates. This can be a pain when you have a lot of devices to deal with, but it is worth it in the end in order to safe guard your home network and the devices connected to it. Checking for updates for your smart devices can happen through the smartphone app for the device, if there is one, or by checking the manufacturer's website.
For a lot of smart home devices, updates will not release on a regular basis, unless a security exploit crops up. So, setup a schedule to sit down and run through checking for updates on all your devices. Doing this, at least, once a month is a good starting point.
If your smart home device does have an update, it could take a few steps to install. Some devices require you to connect it to your computer, which are usually for devices that do not have access to the internet. Other devices will allow you to update them via Bluetooth with an application on your phone.
An update routine extends to all of your electronics in your home, not just smart devices. Check for updates for you computers, phones, TVs, sound bars, and especially routers. Routers these days are doing better at alerting you an update is available, provided you log into their admin page. Most manufacture websites will tell you if there are updates and how you can update your devices.
Technology today is very much set it and forget. It is very nice to get up and running with new devices and then never have to worry about them. But, often some of the default settings can be too relaxed on security. We recommend that if your device has a settings menu, that you go through each option. If there are settings you are not familiar with, then check the manufactures websites for a better explanation on what the setting does.
Some key settings to look out for:
Once again, this routine should extend to all of your household devices. If the device or account to access your device offers two-step verification, enabled it. Also, if your device sends you notifications, like a security camera, to an email account, make sure you have a strong password for that email account. If a hacker gains access to your email, they could potentially see security snapshots and be able to determine when you are home or not.
Sticking with bigger name companies for your smart home gear does have it's benefits, even though they cost more. Samsung and LG can still be hacked just as the next company, but they at least have the resources to fix flaws in their devices if one is found. Newer or smaller companies, though having cheaper devices, may not ever fix found flaws or support could hard to work with when you run into issues. Devices that do not have a clear way of getting a hold of support is usually a sign that they probably will not fix security flaws in their devices.
In this day and age, we see many innovating smart devices, thanks to sites like Kickstarter and Indiegogo. Always do your research when buying into these products. Look into the company and see what security measures they have in place for the device you are thinking of purchasing.
Keep in mind many new companies have a habit of starting out with a bang but then disappearing just as fast as they exploded onto the market. The last thing you want is a smart lock or voice-activated device, that does not function anymore.
Because of the reasons stated above, it is best to get devices that all fall under the same umbrella. By limiting the number of smart home platforms you install in your home, you limit your exposure to attacks. Some smart home umbrellas include:
Once you have picked a system, we recommend you find products that work within that system. Some systems, like Samsung SmartThings and Google Home, will work with each other. But, that is not always the case.
Now, if you already have a miss mash of smart home devices, trying to get your setup under one or two umbrella's could prove difficult. Luckily, BullGuard’s Internet of Things Scanner is handy at helping to determine if any of your smart home devices are on the Shodan site. Shodan is a search site that scans the internet for any network device that is publicly accessible. Basically, if you find one of your devices is listed on that site, then someone could hack into it, so disconnect that device from the internet immediately. Then, check for updates and your security setting for that device.
The router in your home is the gate keeper to everything connected to the internet in your home. Smart devices, computers, mobile phones, game systems. Keeping it secure is the key to improving your home network security. The big three things you need to do are:
For example, you have a Roku plugged into your TV. The TV may have smart features as well, but they will not be as useful as the Roku is. Because of this, your TV does not need to be connected to the internet, at least not all of the TV. Remember today's TVs will get firmware updates that might fix issues, so it's good to have it connect to the internet every now and then to check for updates.
One special note about all devices that need internet access, be cautious about devices that prompt you to automatically configure your router for you. They do not need access to do that, so do not give that device the username and password to your router's settings menu. Additionally, most router's these days have a list of devices that are connected to your router, which you can control internet access too or block from your network.
Router's are getting better at keeping themselves up-to-date, but you still have to do some manual work. But, if you find that your router is not getting updates or the last update is already years old, it might be time upgrade. Today, many routers are built with smart home security in mind. Many will monitor your device's network traffic and will block common routes used by hackers and malware. Some will even go as far as blocking devices that appear to have poor security settings. Two routers we recommend, that have these features, are the Asus Blue Cave ($170) or the Luma Whole Home WiFi (3-Pack) ($135). If you rent a router from your Internet Service Provider, make sure to ask them for an upgraded router. But really, you're better off using your own router.
There are also devices you can purchase that are dedicated to just monitoring your smart home for vulnerabilities. These are nice options if you do not want to upgrade your router. Some of these devices are:
We will note that a lot of these devices have not ample third party testing. So, the claims made by the manufacture are just that, with no solid user proof to back them up. You are more then welcome to try them out, bu do so with caution. If you are using a device listed above, then leave some comments below on your experiences.
In the end, the best protection of your devices is to keep them up to date. Check for software/firmware updates, password protect them, if available, and make sure they are hard passwords.
When signing up for online bank accounts, new email addresses, or health insurance accounts, they all ask you or force you into using security questions to add an extra layer of protection to your account. The problem is that most these security questions are not very secure. The most common question is "Your mother's maiden name" and one that is easy to guess or research. In fact, if someone gains the correct access to your personal information, it can affect you credit score.
With that, we urge everyone to take matters into your own hands and make security questions more secure. How do you do that? Well, security questions often ask you questions about your life. This is information anyone can potentially figure out from your social media accounts or data breaches, like the Equifax hack. With all of that data online, figuring out the first car you bought, street you lived on when you were a kid, or favorite hobby can be easy. Basically, answering truthfully is a bad idea. Below is the best suggestion to make security questions more secure for you.
Seriously, just flat our lie on the answers. First car? List your favorite plane, boat, or motorcycle. First grade teacher? Use the name of your favorite pet or the most disagreeable phrase to describe your first grade teacher, like garbage dump. The point is, as long as the data is not common knowledge, something not searchable online or via your social media, it's a good answer. Incorrect answers are inherently more secure than truthful answers.
Here's the problem with using incorrect answers, it can be hard to keep track of all of those answers. We use 1Password to store all our passwords and security answers here in our daily lives. A password manager is an essential tool in today's world, assisting you in storing all of you passwords securely and helping you to create more secure passwords. Honestly, if you have a password manager, have it generate your "incorrect" security question answers. #$Adke@A is a much harder answer to guess than Jennifer, even though neither are the actual name of your high school prom date.
But what about security questions that have canned answers? Well, you still lie! Just note those answers in your password manager. If they give you an option to create a custom answer in addition to canned answers, then choose that option and create your random answer.
Stay safe out there!
Being safe in an online world is never 100%. There will always be hackers, viruses, and other nasty things you might run into online unless you cut yourself complete off. But, if you can avoid some simple, yet dumb, mistakes a lot of people make, life online will be better for you.
You have probably read it somewhere before, but we cannot stress this enough: Do not use the same password for multiple account! Also, make sure to change your passwords regularly. If you have trouble remembering 100s of passwords, there are some apps that can help you out with that.
If you use the same password for everything, it's the same as having a key that works for your home, your safe, your car. If someone found that key, they have access to everything.
Changing passwords, meanwhile, protects you against the now-regular data leakshappening from companies large and small. If your login credentials appear on the web, it doesn’t matter so much if you’ve since changed them.
Changing passwords helps to protect you against regular data leaks, which happen more often than you think. If your password and login ID gets leaked online, it will not matter as much if you make it a habit of changing your passwords every couple of months.
If you do not have the lock of your phone protected with a PIN, Pattern, face or fingerprint scan, then your phone becomes the ultimate key to your private internet world in the hands of someone else. Up to 15% of users do not protect their phone.
Considering all of the options you have, PIN, fingerprint and face scanning, passwords, patterns, there is no excuse to use one of them to protect your private information.
One particular phone protection you should avoid is the pattern unlock method. According to a recent study from the US Naval Academy and the University of Maryland Baltimore County, it's the easiest method to crack. Research has shown that two-thirds of users can figure out the pattern to unlock your phone after only seeing you do the pattern once. If you use six-digit PIN code, only 1 in 10 users have a possible chance of figuring out your code if they catch you entering it.
Two-step authentication, also know as multi-factor authentication, is a one time use randomly generated code you use in-conjunction with your username and password.
These codes can be sent to your phone via SMS, your email, or a dedicated app on your phone. More importantly, a lot of websites, that you probably use daily, support this feature. The method for setting this up is fairly straightforward and usually found under your account settings or security settings.
“If you are just browsing online or watching an item on an online auction, you won’t need multi-factor authentication,” Raj Samani, Chief Scientist at McAfee, stated. “However, if you are buying that item, it’s a whole different story because you are now sharing financial data. You need the right level of security based on the value of the account. Hackers find it much less appealing to try to hack a personal account that’s been safeguarded with multi-factor authentication, because it won’t be simple.”
Anything you post online, that is publicly available, can be used to steal your identity, guess your passwords, or answer the security questions protecting your account. An Instagram photo in front of your house, a tweet about your cat's name and something crazy the cat did, post to parents, birthday announcements, all that data can be used to figure out passwords and security question answers.
The problem is that sharing is the normal thing to do now. Not many people remember how strange and potentially dangerous it felt to share photos on Facebook when the feature first rolled out. But, before you post something, you should think about how it could be used against you.
“It is imperative to understand how you can restrict what someone else can find out about you online,” David Emm stated, who is a principal security researcher at Kaspersky Lab. “Kaspersky Lab research shows that almost a third of people using social networks share their posts, check-ins and other personal information, not just with their friends, but with everybody who is online. dIf you wouldn’t publish something on the front page of a daily newspaper, don’t post it online.”
Public WiFi is great for those who have a spotty cell connection or data limits. Because of that, it makes sense to connect to whatever public WiFi networks you can find to stay up to date with Snapchat, Twitter, and Facebook.
The problem with public WiFi is that everyone else can connect to it as well as you. This will make that connection inherently less secure than your home network. If you must use public WiFi, you should invest in a quality VPN package and create your own encrypted route to the web. Most VPN services have an app for your phone/tablet/laptop that will handle the setup for you. Some of best VPN services are NordVPN and Private Internet Access.
If you don’t want to use a VPN, then there are some safety measures you can still take:
“Public WiFi is an especially convenient choice for being always on, and is a great alternative to using up our phone data,” said Marty P. Kamden, CMO at NordVPN. “However, public free WiFi is not safe. Hackers and other malicious organizations are always on the lookout for gaps in security they can exploit: Public WiFi for them is a goldmine if you’re not using the right protective measures to keep your data safe.”
As many smartphone users are becoming aware, their phone number and location is not private when they use their phone to surf the internet. All of their data is mined and can be sold thanks to their mobile advertising id (MAID). It only costs $1,000 to track someone online, according to Wired’s Andy Greenberg. In a nutshell, when you visit a website via your smartphone, both the website and the advertisers on the site have access to your phone's IP address and advertising ID. Your telecom assigns your phone an IP address, since they needs to bill you for data use. Because of this, that IP address is also tired to your billing information. And now your telecom sells your information to third party companies. Those companies allow websites and applications to take your phone's IP address and lookup all of your information on those third party resources. So, a website or application can figure out your phone number, home address, email, and phone location.
The short a simple solution... change your phone's IP address with a VPN with a services, such as Private Internet Access.
Some people may remember that Verizon was stopped by the FCC from using super cookie's. Super Cookie's allowed websites similar tracking features the mobile advertising id. Even though the FCC stopped what Verizon was doing, most telecoms figured out that they already were tracking their users with the IP addresses the assign. And since telecoms have the ability to sell your billing information to advertisers, there is no need for a super cookie. Just dump customer data to a data base, and let advertisers run a search on that data for all the data that matches your IP address. And this is not just something that Americans have to worry about, all customers globally have to worry about this.
Many people are finally starting to understand the sacrifices we make and privacy we give up when we use smartphones. The FCC is supposed to have our back, but we know that's not really the case anymore. But, like I said, many people are starting to connect the dots on their own, about why we get more spam phone calls. One Redditor commented:
“Sprint does it too. Source: I started getting random phone calls from random ass places once I got with sprint.”
Another Redditor had the same issue on another telecom’s service:
“I was with T-Mobile for years and would get 1-2 calls a month from scammers. I switched to Verizon and got them daily. Sometimes multiple times a day. I called Verizon only to have them try and sell me a call blocker service for $4.99/Mo. I downloaded a free can blocker app and have blocked 100+ numbers in 8 months…”
Like I have said before, the easy solution is to change your IP address and browse the web securely to protect your privacy. VPN's allow you to do that. But, it comes at the cost of slower speeds. Until there is legislation that fixes all of these privacy issues, like making everything opt-in, and fines perpetrators, your data and privacy are always at risk. An no, using WIFI is not a good alternative anymore, especially since there is the WPA2 KRACK.