Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

steve2470

(37,468 posts)
Sun Oct 22, 2017, 11:45 AM Oct 2017

The Motherboard Guide to Not Getting Hacked

https://motherboard.vice.com/en_us/article/bmv5a4/the-motherboard-guide-to-not-getting-hacked



TWO-FACTOR AUTHENTICATION

Having unique, strong passwords is a great first step, but even those can be stolen. So for your most important accounts (think your main email, your Facebook and Twitter accounts) you might want to add an extra layer of protection known as two-factor (or two-step or 2FA) authentication.

By enabling two-factor you'll need something more than just your password to log into those accounts. Usually, it's a numerical code sent to your cellphone, or it can be a code created by an ad-hoc app (which is great if your cellphone doesn't have coverage at the time you're logging in).

There's been a lot of attention recently around how mobile phones may not be suitable as 2FA devices. Activist Deray McKesson's phone number was hijacked, meaning hackers could then have the extra security codes protecting accounts sent straight to them. And the National Institute of Standards and Technology (NIST), a part of the US government that writes guidelines on rules and measurements, including security, recently discouraged the use of SMS-based 2FA.

The attack on Deray was low tech: It essentially involved getting his phone company to issue a new SIM card to the attackers. It's hard to defend against that, and there are other ways to get those codes sent via SMS, as text messages can, in theory, be intercepted by someone leveraging vulnerabilities in the backbone that carries our conversations. There is also the possibility of using an IMSI-catcher, otherwise known as a Stingray, to sweep up your communications, and verification texts too.


a lot more at the above link. I'm not in IT, so I'll leave it to others to evaluate the article.
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
The Motherboard Guide to Not Getting Hacked (Original Post) steve2470 Oct 2017 OP
everything is hackable, people are clever & can hack anything. Sunlei Oct 2017 #1
Message auto-removed Name removed Nov 2017 #2
The best second line of defense, IMO, is the Yubikey! RKP5637 Nov 2017 #3
+1 nt steve2470 Nov 2017 #4
The key point: The target in the article was a "known" person. Thor_MN Nov 2017 #5

Sunlei

(22,651 posts)
1. everything is hackable, people are clever & can hack anything.
Mon Oct 23, 2017, 08:56 AM
Oct 2017

IMO, one shouldn't use the same cell phone or computer to use social media, surf around on that you use for things that have your credit cards stored on or do banking on. Like UBER, Door dash, online banking and your work computer.

IMO social media sites and NON- web based email are where majority of hacks are installed.

Response to steve2470 (Original post)

RKP5637

(67,112 posts)
3. The best second line of defense, IMO, is the Yubikey!
Sat Nov 11, 2017, 03:24 PM
Nov 2017
https://www.yubico.com/

Usernames and passwords are not enough to keep online accounts safe. Two-factor authentication is now recommended to secure login to Internet services and protect against phishing attacks and credential theft. The YubiKey is supported by hundreds of the most popular online services including Google, Dropbox, Facebook and many more.

One touch, two factor
The YubiKey offers strong authentication with one touch or tap. Unlike two-factor authentication using SMS, the YubiKey does not require network connectivity or access to a mobile device. Just touch or tap the YubiKey to authenticate.
 

Thor_MN

(11,843 posts)
5. The key point: The target in the article was a "known" person.
Tue Nov 21, 2017, 11:09 AM
Nov 2017

Joe or Jane Nebody would not be the target of getting their cellphone SIM card replicated. The article inflates the danger to the average person. Unless you are for some reason noteworthy, the effort to hack your cell phone isn't worth it. If someone temporarily snags you with a stingray, what are the odds that they will be able to discover your internet accounts (that also require a password) from cellphone traffic.

IMO, this article trends towards the sensationalistic.

Latest Discussions»Help & Search»Computer Help and Support»The Motherboard Guide to ...