NYC Digital Safety

Using Strong Passwords

We’ve been discussing threats to privacy that exist in the greater system of the internet. Now let’s talk about something that’s very personal: your phone. Keeping our data safe extends to the world around us as well. One of the most universal good habits we and our customers can adopt is to password-protect our devices. On smartphones, use a passcode to lock your device, to protect your data if the device is lost or stolen. On personal computers, set up password access on start-up and wake from sleep mode. It’s a good idea to lock your personal or work computer when you step away from it.

And on any public computers, always log out of all personal accounts and sessions when they’re finished. At the library, logging out will delete user data.

There are a number of methods for generating secure passwords or passphrases. Unfortunately, the qualities that make a password secure often make them very difficult to remember. A piece of software called a password manager, which generates and stores secure passwords for you, can help. You’ll need just one password or phrase to log in to the manager, so be sure that password is strong and secure.

When selecting a password manager for yourself or when advising others to do the same, it’s important to do some research. You can find this information in product reviews, doing a web search on the company and its history, and looking at the number of versions and frequency of updates on download pages for the software.

Another layer of protection is available via 2-Factor Authentication. 2FA, as its also known, secures online accounts by adding an additional step in the login process. When used in combination with your password, 2FA makes use of two types of information: 1.) something you know (your password), and 2.) something you have (your device). In this step, you verify an account login via a biometric key, such as a fingerprint scanner, or a different device, like a smartphone, that you control. A hacker who has guessed a password won’t be able to access your account unless they also have access to this second device or key. When assisting patrons with setting up access to applications like email, you may recommend setting up 2FA as well.

Securing Your Mobile Devices

If you have a smartphone, it’s likely that you take it with you everywhere, in your purse or pocket, and use in public all the time. These small devices contain a wealth of private data, and are easily lost or stolen. Always password protect, and advise your patrons to do the same. Features like “Find my phone” allow you to locate and, if need be, remotely erase or “wipe” your lost or stolen phone before someone can have access to the data. Consider logging out of critical apps and disabling auto-login so bad actors will not have automatic free entry to bank and email accounts if they do access your device.

If you or your patrons use a mobile device, you may have more than a few apps installed on your device. Some of these apps collect metadata about you, such as GPS coordinates pinpointing your location, where you are and when. They may be listening via your device’s microphone or controlling your camera, simply by default. They might display private info like text or email content to your locked home screen as notifications, where anyone can glimpse them. You can use your Settings menu to edit permissions for each application, and turn permissions on or off as needed. Keep in mind how much control each application requests, and what the benefit is to you. Is it a fair exchange?

Remember to update your mobile phone’s operating system and its apps regularly, to ensure app security is up to date. Security flaws in apps can be used to penetrate your phone or tablet, so if you’re not using an app, just delete it, if you can! It’s one less risk factor for your phone.

While it seems like a hassle to take the time to run software updates, the new versions you download can provide important security updates, fixing potentially dangerous vulnerabilities. Update your devices regularly, and remind your patrons to do the same.