Skyward IT Services Network Infrastructure and Security Specialists Tweet Technology Tips: November 2018 Edition USB security keys Phishing? Nosy kids? Thermal residue? The risks of typing in passwords continue to add up. One option to curb password phishing is the USB security key, designed for two-factor authentication (2FA). It’s a compact, secure device which plugs into a USB port and adds a layer of authentication to your digital accounts, replacing 2FA techniques like SMS codes. SMS codes still require users to visit a site and type them in, giving hackers twice the opportunity to intercept them—via mobile phone malware and fake phishing sites. Instead, using the security key to replace the 2FA codes works something like this: When logging in to sites which support this form of 2FA—Google, Facebook, Windows, MacOS, and Dropbox, to name a few—plug in the registered security key and press its touch sensor. The key will generate a pair of codes, public and private. The public code will be sent to the site’s server, where a corresponding code will be returned which matches the private code stored temporarily in the key. The private code references the domain of the site being accessed, in order to avoid phishing attacks from intercepting the code. The security key will not save credentials outside of the session, so in the event it’s lost or stolen, there’s no way to trace it back to the user’s identity. The touch sensor on the security key helps prevent bot attacks—an actual human user must initiate the security key’s 2FA session. Incorporating security keys to avoid less secure 2FA methods has helped employees at Google avoid succumbing to phishing attacks since 2017. Shut down spam mining How many of us have an old email account we keep around for one reason only: funneling junk email to a digital holding tank separate from our day-to-day inboxes? Did you know companies may be mining your spam emails for valuable data to sell to marketers? The process uses automatic and manual (a.k.a. people reading the emails) means to identify information about users’ interests based on subscriptions and unsolicited spam. Most digital citizens understand retailers will use their data to tailor advertising, but mining for information from an email inbox may cross the line. Plus, some email providers have been acquired by giant telecommunication companies, making the reach of information quite vast. Here’s where to change the personalized ad settings in a Yahoo account and in a Google account, if you’d rather opt out of this process. Skype call recording Whether it’s a work meeting, an interview for a job in a new city, or sharing good news, services like Skype let us stay connected with colleagues in other locations. Now, enjoy the capability to record Skype calls for later viewing or sharing. Skype will notify everyone in the group call they’re being recorded and save the recording in the chat history for up to 30 days. During that time, anyone in the chat can view the recording, save an .mp4 file locally, or send the recording to other contacts. Malware of the month We all know to watch out for suspicious file types, but fileless malware is on the rise, and it’s a lot less easy to spot. This sneaky form of malware is embedded in innocent-looking documents and contains process elements designed to take over existing components of a Windows machine and corrupt them. Since many antivirus solutions are designed to scan for malicious files, they may miss these fileless options. Be extra vigilant about opening attachments—even a harmless Word document can contain commands to hijack your operating system. “Tech gives the quietest students a voice.” —Jerry Blumengarten Follow-Up Resource: IT Services Need help securing and optimizing your network? Check out the many IT Services we have available and contact us today.