May 24 2023

LastPass Hack: Are Your Passwords Safe?

Steven SklarPhone, Web BitWarden, Hack, LastPass

In late-Summer 2022, security researchers rumbled about news of a breach at GoTo’s LastPass. At first, very little was shared, leaving us to wonder the severity of the faux pas. Just ahead of the new year, the company comprehensively updated the public on what occurred. Many were not pleased. Even more recently, in early-March 2023, the company shared another update to (so it seems) close the loop on this security blunder.

If I use LastPass, is my data safe?

Ultimately, LastPass insists that if your master password was at least 12 characters, then the ability of a hacker to brute force guess your password is diminished. According to Hive Systems, a 12-character password with a combination of upper and lowercase characters would take 300 years to crack, and if you add in numbers and symbols, it would take thousands.

On the flip side, CNet pointed out that hackers got access to “LastPass username, email address, phone number, name, […] billing address, IP addresses used when accessing LastPass [… and] users’ stored website URLs,” which is frustrating from a privacy perspective, but also opens victims up to phishing attacks.

Do I need to do anything?

LastPass has published two security bulletins – and since this blog focuses on small business and household tech, we’re going to explore the advice for the LastPass Free, Premium and Families plans. If you’re confident that malicious actors won’t crack your master password (and as long as it’s a 12-character combo featuring more than just numbers, lowercase, or uppercase numbers) then your risk is likely lower. My take: as a (former) LastPass user and a somewhat paranoid technology consumer I changed as many passwords in my vault as I could. However, if that is too much work, you could change your social media, financial, and email passwords, and likely feel a bit more at ease.

If you plan to continue using LastPass, you should consider enabling their free dark web monitoring, which at the time of publishing, LastPass says will be rolled out soon to all account types, not just Premium and Families. Additionally, they recommend enabling multi-factor authentication for your vault, for which they have a guide available.

Are there safer alternatives?

The short answer: yes. I recently switched to Bitwarden and haven’t looked back. The free version, at the time of publishing, allows you to sync passwords across multiple devices (e.g., your phone and your laptop), while many other password managers charge for this feature. (This used to be included in LastPass’s free version, which they later changed.)

Looking for further assistance to secure your passwords? Please don’t hesitate to contact me to set up a remote session.

August 25 2021

Over 54M T-Mobile Records Hacked: 5 Steps To Take Now

Steven SklarPhone, Web Dark Web, Hack, Identity Theft, Phone, t-mobile

You may have seen recent reports of a huge data breach of T-Mobile customer lists and information. Who does this impact and what should you do to protect yourself?

How This All Began

Earlier this month, a person on the Dark Web claimed to have 30 million T-Mobile customer records along with personal information including names, date of births, drivers license details, and social security numbers. The seller later spoke with Vice’s Motherboard informing them the breach included 100 million records.

How To Know If This Impacts You

If you ever applied for a T-Mobile account – whether or not you ended up using their services, your data may be at risk. According to T-Mobile the breach impacts multiple groups:

1) 13.1 million postpaid plan customers (you receive a bill, and then pay it)

2) 40.6+ million prospective customers (who filled out an application for any phone plan)

3) 902k prepaid plan customers (you pay for services ahead of each plan cycle)

What To Do If This Affects You

1) Change Your T-Mobile PIN

Creating a new PIN will help prevent unauthorized access. If you have a prepaid plan then your PIN has already been reset, but not for postpaid plans. Once you reset your PIN, I would recommend saving it in a password manager like LastPass as previously written about. By not resetting your PIN may be vulnerable to SIM card hijacking, also called a SIM swapping attack.

How does a SIM hack work exactly? A hacker uses your personal details to convince your mobile carrier that you have a different SIM card/phone. The carrier then transfers over your phone number to the hacker’s phone. Once this occurs, they may attempt to hack into various accounts (e.g., banking and emails) to steal your identity and possibly drain your finances. Alternatively, they may hold your account for ransom or use it for other nefarious and illegal purposes.

2) T-Mobile’s Complimentary 2-Year Partnership With McAfee ID Theft Protection Service

Utilizing this will help by monitoring your credit, scanning the dark web for your compromised information, $1M identity insurance (except for NY and PR residents, due to local laws), among other 24/7 ID services. You will have the opportunity to extend this coverage after the free period ends.

3) T-Mobile Account Takeover Protection

If you have a T-Mobile for Business, T-Mobile Postpaid, or Sprint plan you are eligible for this next step. (Sorry Boost by T-Mobile and T-Mobile Prepaid customers!) Secure your Account Takeover Protection capabilities in your T-Mobile settings. While it may be a pain, as it needs to be done for each phone number on your account, this is 100% worthwhile. First, you need to be the main account holder or have full access to the account. Second, follow this link if you have one of the eligible T-Mobile accounts and use this if you have a Sprint account

4) Lock Your Credit On The 3 Major Credit Bureaus

Taking this action will prevent institutions from requesting your credit report, and thus making it more difficult for someone to open a fraudulent account in your name. Below are links to do so on each credit bureau:

Equifax

Experian

TransUnion

5) Consider Subscribing To Credit Monitoring

Given the vast nature of this data breach, you may want to keep an eye out for new accounts and lines of credit opened in your name. While T-Mobile is providing a free two years of monitoring, most hackers are patient and will wait for your free monitoring to expire. Before expiry, I recommend continuing to pay for credit monitoring or if you have a Mastercard, you can sign up for free identity protection.

These steps may seem a bit daunting, so if you’re in need of assistance, please don’t hesitate to contact me to set up a remote session.

June 4 2021

Google Photos Kills Free Plan — How Much Will It Cost You?

Steven SklarWeb Cloud, Google Drive, Google Photos, Pictures

As of June 1, 2021 Google will no longer offer a free plan for their coveted Google Photos — part of the seemingly infinite googolplex (a real number meaning 1 followed by 10¹⁰⁰ zeroes) that Alphabet, Google’s parent company, offers. With the demise of this complimentary photo backup software what do you need to know right now?

1) What is Google Photos?

Simply put, it is cloud storage for all your photos and videos. With apps on both Apple and Android, it’s an easy-win for anyone with a Google account (read: Gmail email address). After a quick setup, the app will automatically upload and save your photos to the cloud, organize them by details like people and location, and even sort through and archive non-personal photos (like receipts, screenshots, and more).

2) Don’t Panic — Your Photos Aren’t Going Anywhere

Google offers a free plan to anyone with a Gmail address that includes 15GB of space on Google Drive and Google One (Google’s cloud). If you’ve uploaded photos before June 1, your media is safely backed up and won’t be counted against the allotment. After this date any uploaded photos and videos will be counted against your total Google Drive capacity.

3) You Likely Don’t Need To Do Anything

Google and experts estimate that it will take roughly 3 years for the average user to fill up their Google Drive. However, if you use Google Drive to store other files, as I do, you may run out a lot sooner. (Google’s tool estimates I have 1 year until I will likely hit my storage limit.)

4) You Can Always Purchase A Storage Plan

Google One does offer flexible storage extension plans that allow you to upgrade and get more space. As of publishing this, expanding to 100GB (roughly 25,000 photos) is only $1.99/month (fairly comparable to what Apple’s iCloud charges for their storage option).

5) Or Clean-up Your Google Account

Simply use the Google One account storage management tool. You’ll see which items are taking up the most space and you can delete photos in bulk.

Need help with backing up photos on your phone or something else? Contact me to set up a remote session.

April 4 2021

Why And How To Update Your Smartphone Software

Steven SklarSoftware Phone, Software, Update

Summary: Keep your smartphone core software up-to-date and learn how to do so with this step-by-step guide.

Apple just released the latest version of its smartphone software (iOS 14.4.2) and many are scratching their heads as to whether or not to update.

Android users are also on the hook to update to the latest software for their phones.

What is the purpose of phone software updates?

Security. As phones become more sophisticated, so do the attempts to infiltrate them. Software patches address this critical issue — keeping you, your data, and your privacy online safer. The latest Apple software updates solve problems that you may not even be aware of. Before these latest patches, hackers could maliciously target apps like iMessage to gain access to your phone — without you even clicking a link.
Bug fixes. Sometimes apps crash for no apparent reason. Other times, you might be trying to tap a button but the app appears to freeze or not register the action. Updates are crucial to help resolve these issues.
Features. Developers are constantly working harder to help our technology do the same. This could be in the form of an enhancement, like making a photo app take better pictures. Or the coder could release an update to turn on a previously unknown feature. For example, in March it was reported that the Apple HomePod Mini contain a temperature and humidity reader but the software has yet to be activated on the device.

What if you can’t update?

The latest iOS update only applies to those who can run iOS 13 or later — those with an iPhone 6S or more recent. Similarly, those with more aged phones running Android software may not be eligible for regular updates either.

The answer: Consider getting a new phone because you leave yourself open to vulnerabilities that have since been patched. Plus, you may be able to get trade-in credit when you purchase a new phone if your device is less than a few years old and is in decent condition.

How do you update?

First, no matter what kind of phone you have, plug it in to a power source such as an outlet or power strip. Second, make sure your phone is connected to a Wi-Fi network.

For Apple users: Navigate to the Settings app (gear icon), then tap General, then Software Update. If you have any available updates you will either see Download and Install or if your updates are already downloaded to your phone you will see the button say Install. You may need to enter your passcode.

For Android users: Open the Settings app (gear icon), then depending on your phone it will say System Updates or About Phone. If it says System Update you will tap that then Check For Updates. If not, tap About Phone then depending on your device tap either Software Update or System Firmware Update, and then Check For Updates. If updates are available, a box will appear and tap Download Now Yes or Install Now.

No matter what kind of phone you have, the update will run and your phone will reboot. Simply run through these steps again and make sure it says something along the lines of “no updates available” or “already up to date”.

Need help with updating your phone software or something else? Contact me to set up a remote session.

February 24 2021

One Huge Change Coming To LastPass In March

Steven SklarSoftware, Web LastPass, Password Manager, Web

This post may contain affiliate links at no cost to you. It helps support the blog’s mission of providing helpful tips, tricks, and advice for your tech-enabled life.

Summary: LastPass is limiting features and support in their free version as of March 16th, 2021. You can upgrade your account to continue using the password manager across multiple devices and for added features. For further details, keep reading.

Humble Beginnings

Over the years, the struggle to successfully juggle passwords across a multitude of websites grew to outright unmanageable. Like most people, I’ve tried everything from keeping a written list in a notebook to letting my browser like Google Chrome keep track of passwords (I’ll explain why that’s bad in a moment). Ultimately, I needed something more reliable so I didn’t get locked out of websites when I couldn’t find my passwords notebook (yes — a real thing I kept in a desk drawer growing up).

Do You Want Google Chrome To Save Your Password For This Website?

The short answer: no. For years however, I used to always click “Save” when prompted by Google Chrome to remember my password. You may have come across this in Safari, Internet Explorer, Firefox, or any other number of browsers. If like me, you clicked that tempting “save my password” button, you may have put those passwords at risk of exposure if your computer was compromised by a hacker or malware. As TechRepublic explained, it is possible for unauthorized users to view saved passwords, thus putting your accounts at risk.

But what about Safari and Apple’s Keychain? I used to fully trust the built-in Keychain app for password management until it was shown to be vulnerable.

Can I Just Write Down Passwords In A Book?

Sure – but what if you misplace or forget to bring that book with you? No one wants to carry around a clunky list of passwords and if you are leaving the house or office with this password repository you risk it being stolen and ending up in the wrong hands.

Insecure Passwords

Let’s face it, thinking up a password is challenging. Two key problems stem from this:

You are tempted to use the simplest password that meets the requirements of the website. When “MyDogRalph” isn’t sufficient we add a number, and then a symbol. The issue with this? Passwords can easily be guessed using dictionary attacks, social engineering, and simple research on your life (think public information from social media accounts, personal and professional websites, and leaked data online).
You may use the same password across multiple sites. This means if a website is compromised and passwords are stolen, your accounts across other websites may be at risk of a breach too if you use the same password for everything.

While some websites require complex passwords to create your account, who wants to actually think of a way to incorporate an upper- and lower-case letter, number, and symbol into an 8-character or longer password?

Enter: The Password Manager

I have been a prominent supporter of secure password managers since they gained popularity and widespread support in internet browsers. Previously I endorsed LastPass and 1Password interchangeably as both accomplished the same task. However, when it comes to simplicity to set up and use on a daily basis, LastPass has won me over. Plus, certain versions of LastPass tell you when your password may be unsecure, weak, or found on the dark web. The app is also excellent at generating complex strings of passwords so you don’t have to (one of my favorite features).

So What Changed?

Starting March 16, 2021, LastPass Free customers will only be able to log in on either mobile/tablet or desktop/laptop devices. This is problematic as I recommend using LastPass across all your devices for seamless password management.

The Solution

Simply upgrade to the paid individual account or family account. Learn more about how you can seamlessly upgrade your account here.

Need help with LastPass or something else? Contact me to set up a remote session.

January 27 2021

Flash Player No Longer Supported — Now What?

Steven SklarSoftware

As of the end of 2020, Adobe ended support for one of its most iconic products from the early days of the internet — Flash Player. While this was announced two years prior, the time has finally come for Adobe to pull the plug and now consumers are puzzled how it will impact them. Here’s a quick reference of questions I’ve received from clients and what you need to know.

What purpose did Flash Player serve?
Why was Flash Player discontinued?
1. Security: Flash Player opens up computers to vulnerabilities which can lead to malware, viruses, and unwanted access to your system. Most web browsers have since removed Flash to maintain their high security standards.
2. Better alternatives: The widespread adaptation of HTML 5,WebGL and WebAssembly in most modern web browsers (read: Google Chrome, Microsoft Edge, Mozilla Firefox, etc.) has allowed web developers to fill in the gaps that the elimination of Flash Player leaves behind. Faster wifi speeds and cellular networks allows us to stream higher quality and clearer content without sacrificing performance.
3. Too costly to upkeep: Adobe, which acquired Flash Player from Macromedia years back, found the maintenance too expensive in the long-run. Ending support allowed them to focus on the future of design, the web, and computing.
What do I need to do now?
1. Run system updates: Whether you have a Mac or PC, you need to always make sure you have the latest updates on your computer. The updates from both Microsoft and Apple are a must to ensure your web browsers (Edge, Internet Explorer, and Safari) remove Flash Player.
2. Remove Flash Player: In Mac’s Applications, and PC’s Add/Remove Programs, uninstall Adobe Flash Player.

Not sure if Adobe Flash Player is still installed or have other questions? Contact me for help to set up a remote session.