Privacy and Security News from October 2019 – Episode 4

Watch the Episode

Listen to the Episode

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Read the Transcript

Hello and welcome to the Your Secure Life podcast, a podcast about privacy and cybersecurity for individuals and small businesses. 

This is Garrett, your host, and I just want to remind you that you can listen to all of the past episodes at YourSecure.Life

This episode is a little bit different than the past episodes.

I wanted the episodes that are guide style and less news to be standalone, and I wanted the news episodes to stand alone as well. 

So what we’re going to do is every other week we’ll have a guide episode. And then on the weeks in between, we will have a news episode and hopefully that will be enough. 

News in cyberspace moves pretty quickly. A lot is happening. 

There are breaches, it seems like, almost every day. Social media sites always have something going on. 

There’s just a lot to take in if you are building a life online, whether that’s individually, as a small business, as an influencer, as a blogger, a YouTuber, Twitch streamer, whatever it is that you are.

This week we’re going to be talking about a couple of things that are kind of old. That’s because I think they’re important to discuss and maybe they have not been discussed enough.

Adobe Breach 

There was an unsecured Adobe server that exposed data for 7.5 million Creative Cloud users. 

I know a lot of people in the online space use Adobe Creative Cloud.

There is Photoshop and Illustrator for editing images. There’s Premier Pro. That one’s for video. 

I personally don’t use Adobe anymore, but it is not because of any data breaches or security problems. It was actually just because I got tired of paying for it. 

There are plenty of great pieces of software that do the same things that are not on the subscription model, and I just have subscription fatigue.

Anyway, that’s not the point of this episode, so let’s get back to it. 

There was a security breach and basically what they got was, according to hackernews.com, thehackernews.com, they got email addresses and account creation date, the Adobe products that the users subscribe to, subscription status, payment status, member IBS, country time since last login, and whether or not the users and Adobe employee.

This is a great reason to make sure all of your passwords are different, but nothing in here is particularly scary.

However, some of this information can be used to prove your account, which means someone could call Adobe support and get access to your account based on some of this information.

Assuming that the person on the other end of the phone has not been trained properly and preventing against those sorts of things. 

My recommendation is if you use any Adobe stuff, go through and change all your information, including email addresses, if you can. 

But especially your password, even though they didn’t get that you just really want that stuff to be covered.

US Senators seeking NatSec Review of TikTok

Next, we’ve got senators, US senators, are seeking national security review of TikTok and that’s because TikTok is a Chinese company. 

They’ve been known to delete anything critical of the Hong Kong protests or critical of China involving the Hong Kong protests. 

Really anything involving Hong Kong protests, actually. I think they’re just, they’re deleting anything like that, blocking it. 

It seems like they may be under China’s thumb, but also they may just be covering their butts. Hard to tell. 

They said that they are not under Chinese government influence, but I mean, how can we really be sure if they were under Chinese government influence?

Of course they would say, “no, we’re not.” 

So it’s kind of hard to tell, especially considering China has more control over the internet in their country than any other country. And I mean that in a bad way. 

I mean the government is in control of the internet in a way that censorship is worse in China than any other country in the world.

If you’re using TikTok, I don’t know. Just make sure that you don’t have anything real bad on there. 

I guess don’t give away too much personal information, but that should be part of your social media policy anyway. 

You should not be sharing anything really personal on any public social media. 

I actually just got a TikTok myself and I’m checking it out and I will report back later on how I feel about it.

CEOs Responsible for Data

Finally, we are taking CEOs into account for the things that their businesses do. 

This is something that I think a lot of us have wanted for a long time, particularly me. I’m not a huge fan of how CEOs can get away with anything when their companies are the ones that suffer. Or employees or whatever.

The truth is, is that everything should trickle up, not down, as far as responsibility goes. 

The employee is the responsibility of their superior, and that trickles all the way up to the CEO. 

So anything that any employee is doing is the CEO’s responsibility. And I feel that way about big companies and small companies.

The fact of the matter is, is that as a CEO, you are in charge of setting the precedents in your company. 

So now we’ve got the Mind Your Own Business Act, which was put together by Senator Ron Wyden and would send CEOs a jail for 20 years if their companies are found lying about misusing the information of their customers.

This is cool. 

It’s related to the consumer data protection act. This bill requires companies to submit annual data protection reports, confirming that they have complied with all of the regulations and also pointing out anywhere where they failed. 

This is any company that holds data for more than 50 million people, which is kind of a lot, or over a million people if they make more than $1 billion in revenue.

This is great, but it’s really only affecting major corporations.

This kind of thing needs to affect all CEOs. Anybody who has somebody else’s data needs to be held accountable for what their business is doing with that data.

Regarding the Nord VPN Breach

This is a little bit of old news now, but it’s something that people still seem to be complaining about and that is that Nord VPN was breached. 

I want to cover what actually happened here with the Nord VPN breach. 

It was one server and it exposed some of the traffic that was going on on that server at that point in time. 

It did not expose passwords or IP address or even really very much information. 

It was one specific server out of however many Nord VPN has, and the likelihood of that being you at that point in time is extremely unlikely. 

I don’t use Nord VPN personally, I don’t have an opinion on it. I’ve actually never used it. 

I think it’s pretty cool that when I’m sitting at a bar and they have sports channels on NordVPN has commercials and I liked that because I want everybody to be using VPNs. 

Personally, I use Proton.

As far as Nord VPN, they’re not a sponsor. They’re not anybody that I’ve tried. I have no recommendation nor disdain for them at all. 

The truth is this stuff happens. 

It wasn’t that bad of a breach, but it just goes to show that everything is hackable and that’s, that’s the fact. 

You should always protect your stuff, have different passwords for everything. We talk about password managers in episode one. 

You should be using VPNs regardless, and if you have Nord VPN, I wouldn’t worry about it.

If Nord VPN works for you, then stick with it. If you want something different than go ahead and change if you’re not comfortable with this. 

It’s important to note that the content of the websites likely would have hidden due to encryption, which is one of the company advisers said.

This wasn’t the worst breach I’ve ever seen. In fact, that’s probably one of the least bad breaches I’ve seen of late, and people are still freaking out about it, and it’s just not worth freaking out about. 

This isn’t a huge deal. 

Just practice proper security, personal security. That’s what this podcast is all about, and you’ll be fine.

And again, you can keep using Nord VPN if that’s what you use. I would not worry about it. 

Also, side note, you should probably be aware of that pretty much everything is going to get hacked at some point in time. In fact, a lot of things have been hacked and you don’t even know it yet. Some things have been hacked and the companies don’t even know it yet.

It happens and that’s why we have this podcast. That’s why we protect ourselves ahead of time. Instead of being reactive, we are proactive. 

Is Gradient Storing Your Photos?

There’s a new app going around that everybody seems to like . it’s called Gradient and people are using it to see what celebrities they look like.

It’s a celebrity matching app. You post a picture of yourself and it matches you with a celebrity in like this gradient form where there’s four pictures from left to right and there’s your picture and then a celebrity and then it gradients you to that celebrity space. 

Kinda like the Animorphs books, if you remember that.

Overall, it’s a pretty cool looking app, but I don’t trust any apps where you upload pictures. Or really anything else to it.  Especially pictures. 

I don’t like putting my pictures on the internet unless I have approved it. I don’t want people that I don’t know having copies of my pictures, especially in companies.

I know that if a picture of me is on the internet, someone can just right click and save it. That’s just the nature of the internet. 

But I don’t want companies to be storing pictures of myself. I don’t like Facebook storing pictures of myself. I don’t really want this one that I don’t know, storing pictures of myself. 

It just seems weird to me. 

Like I said, I just don’t trust it. It seems like a lot of people don’t trust it either.

I recommend not using this until we know more about it. That’s really my recommendation. 

Closing Remarks

All right. That’s all I got this week for you. Thanks for listening. Again, this is the Your Secure Life podcast. My name is Garrett. 

You can check out all of our past episodes at YourSecure.Life. 

We don’t have any sponsors and that is by design. I don’t like having commercials. I don’t like listening to commercials. 

So the best way you can support us is you can go to YourSecure.Life, you can share it with your friends. 

You can go to iTunes and subscribe and leave a review. 

In fact, I encourage reviews, especially because I would love some constructive feedback.

If you left a bad review previously and we’ve improved, I would encourage you to please go and update your review. 

Another way you can support us is by going to YourSecure.Life/guide where there is a five step guide for you to clear off your digital footprint. 

That’s all your junk that the internet has collected from you over the years. You can clean it all up in five days or less. 

In fact, you can actually clean it all up in one day if you just took a Saturday.

There’s this guide that talks you through the whole process. It’s got links to everywhere you need to go. It’s everything you need in one handy little guide. 

Go pick that up at YourSecure.Life/guide.

Your Secure Life podcast is a project from Approaching Utopia, and you can check out more about Approaching Utopia at ApproachingUtopia.com.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

“I Have Nothing to Hide” Fallacy – Episode 3

Watch the Episode

Listen to the Episode

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Read the Transcript

Hey, welcome to the Your Secure Life podcast. This is episode 3. 

Today, we’re going to be talking about something that I hear a lot. 

Last week, we talked about something else that I hear a lot, which is “no one’s going to come after me. No one wants to hack me. Why should I worry?” 

And so this week we’re actually talking about something else I hear a lot, which is “I don’t need privacy because I have nothing to hide.” 

So if you have nothing to hide, that’s cool. I get it. 

Why don’t you just go ahead you can go to YourSecure.Life/contact. There’s a form you can fill out. Go ahead and send me your Social Security number, first, middle, last name, your address, the log in to your bank account, and you know, you got nothing to hide so you don’t need that privacy. 

You can just send it to me, right?

That’s what I thought. 

Anyway podcast over. That’s really that that seals the deal right? 

I’m just kidding. Of course I have more to say. 

If you’re one of those people who thinks that you don’t need privacy because you have nothing to hide, then I want you to listen extra close to this episode

And if you’re one of those people who knows how important privacy is then please forward this on to everybody that you hear that tells you that they don’t need privacy because they have nothing to hide. 

I know that anybody who’s listening to this knows someone who said that to them before. We’ve all heard it and it’s such crap.

The Government is Not Your Friend

First things first. The government is not your friend. 

This isn’t any sort of political stance. I’m not going to get into Politics on this podcast, but the fact is the government is not your friend. 

The government has a job to do and they’re going to do the job. 

Whether they do it well or not is up for debate. And again, we’re not talking about politics on this podcast. So, go find another podcast if that’s what you want to talk about. 

It’s okay to like your government and your government might even like you too.

That’s totally fine. But they’re not your friend. They’re here to do a job. 

The government has goals. It has procedures. It has things that it wants to do and you probably have nothing to do with any of that and they will do what they need to do to achieve those goals and to complete those tasks.

Your government does not care about your privacy. They don’t care about your feeling comfortable. They don’t care about your feelings. They don’t care, as long as they’re doing what they think is best.

Whether you like your government or not, you have to prepare for the future. Just like car insurance or renters insurance or signing a prenup before you get married.

You don’t want to have to use these things. But if you do, they’re there.

And that’s the importance of getting started on privacy now. 

There is a possible future where your government is no longer on your side and you need to be prepared for that. 

Hopefully that never happens and your best interest is always the government’s best interest, but you have to prepare in case something bad happens and that’s why you need privacy right now.

If you feel like your government is on your side right now, be thankful. Because right now, at the recording of this podcast, and probably any other time in history, there are people who do not feel that their government is on their side. And that could change at any moment for any of us.

We can’t leave our privacy and our security up to the possibility of an evil government taking advantage of that and taking advantage of us.

Corporations are Not Your Friend

Another institution that’s not your friend is corporations. 

Just like  governments, they have goals. They have tasks. They may keep you in their best interest. They may not. 

What really bothers me, and what should really bother you, right now about corporations and our data is that you’re not getting a piece of the pie. 

They’re collecting and selling your data. You are the product but you’re not getting a piece of that pie. 

You’re underestimating the value of your own data.

And you might say, “well, you know Facebook provides me a good service and I’m satisfied with the service that they provide so I’m okay with trading my data to get that service and not have to pay for it.”

And I understand that. 

But you need to realize that the value you’re getting is not equal

If you were to take the idea of Facebook and say “how much would they charge for me to still use it?” 

What is the cutoff? 

What if they charged a dollar a month. Would you still use it? 

How about $5, $15, $20 a month. Would you still use it? 

If not, then that’s how much you’re valuing your data at. And they’re making way more than that off of your data. 

You deserve a piece of that pie. 

Right now, data is the number one most valuable commodity in the world. 

Because they’re not giving us our share of the value in the data, we need to be using privacy software, privacy techniques, to keep that data away from them so that they can’t profit off of us. 

And we need to tell them, “hey, look, if you if you want this data, you need to give me the fair value for it.” 

When they want to start talking about it, then sure, let’s talk about it again.

Until then we need to keep our data out of their hands

All right, so moving on from corporations. Let’s talk about something else. 

Minimize the surfaces upon which you can be attacked.

There’s this saying that I’ve heard before and it’s “a door is a door unless it’s a jar.” 

If you don’t get it, I don’t really know how to explain it to you. Just think about it for a little bit. 

But we are going to talk about doors.

So let’s do some visualizations. 

Imagine everything that you love, all the people, all of your physical items, everything that you love is surrounded by a wall. 

I picture a red brick wall. You can picture whatever kind of wall you want. 

Actually now, I’m picturing a cement wall with barbed wire, kind of like a prison.

So maybe I should talk to my psychologist about that. 

Anyway, just picture a wall, four walls actually, surrounding everything you love. 

This is very safe. It’s surrounded by walls. But it’s not very practical. 

You can’t get to your stuff, or if you’re in the room, you can’t get out. So this isn’t very practical.

We need to put a door, so we put a door in. 

Now, we can get to everything we love but there’s now a hole in the wall that can be breached.

Of course, we can put locks on it and we can get a really sturdy door and we can do all sorts of things to protect that one door. But it’s still a door and it’s still able to be breached. 

That’s a reality and that’s a cost of life. We can’t not have the door. 

But then the government comes by and they say, “hey, we need our own door to get access and only we’re going to have the key. We’re not going to let anybody else through. It’s just for us and it’s to keep you safe.”

So you say all right. 

I mean that’s fair, you know, that makes sense and nobody else is going to have the key anyway, so, you know, how big of a deal could it be? 

But here’s the thing. It’s a second door. If robbers find it, maybe they can pick the lock or maybe they can get a copy of the key.

There’s lots of things they can do to get through that door. 

And now you have two doors and that means there’s two attack vectors for robbers or anybody else to come in and get all of the things that you love and take them away from you. 

This is why we can’t have special back doors for governments or corporations or whoever. 

Every time there’s a back door, it’s vulnerable, and it’s not going to be 100% safe. 

So we can’t allow there to be any sort of backdoors. 

If there’s any sort of backdoor, even if it’s for someone we trust, that back door can be exploited by someone we don’t trust. And it can be used or hurt us later. 

There are five things you need to protect first.

So let’s talk about the minimum amount of privacy you should have. 

There’s basically five steps: 

1. Hide your email address.

First, you should be able to obscure your email address. 

2. Hide your phone number.

Then you should be able to obscure your phone number. 

3. Hide your physical address.

You also need to obscure your physical address for a lot of situations.

4. Hide your passwords.

Due to all the data breaches out there, we hear about them like every day now, some big company has a new data breach and all of our passwords and emails and phone numbers are out there.

We need to have a different password for every website and we talked about that in episode 1

That talks about password managers and why you need those and why you should have a different password for every website. So I’m not going to get into it here. 

5. Clean up what’s already out there.

But also all four of those things plus how to clean up what’s already out there is all in a guide.

It’s free. It’s at YourSecure.Life/guide

You can take it as a 5-day email course, where each day it tells you one thing to do. 

Or you can download a PDF that gives you everything and you can pretty much knock the whole thing out on like a Saturday. 

Aside from that while, you’re at YourSecure.Life, you should check out our other episodes. 

We’ve got an introduction episode. That’s at YourSecure.Life/0

Then the first episode’s about password managers. I already mentioned that. 

And the second episode is about why you would be targeted even if you’re nobody. Especially if you’re somebody. 

This episode is episode number three, we’re talking about why you need privacy whether you think you do or don’t. 

By the way, I don’t remember who said this, some people say Edward Snowden said this, I don’t know who said this but it rang true with me and that’s “saying that you don’t need a right to privacy because you have nothing to hide is like saying you don’t need a right to free speech because you have nothing to say.”

It just doesn’t it doesn’t work out that way. That’s not how freedoms work. That’s not how rights work. 

So think about that while you’re showering tonight or you know, whatever driving to work wherever you’re listening to this, you know think just think about how important privacy actually is to you and your life even if you think it’s not.

Closing remarks: 

So this is going to wrap it up.

I already told you where to go: YourSecure.Life

This podcast has no sponsors and that’s on purpose, that is intentional. 

I don’t want sponsors because I hate commercials.

So the best thing you can do is look us up on Apple podcasts and give us a subscribe, a nice comment, maybe a good rating or if you hate us give us a bad rating.  Whatever. 

Leave us some feedback so that we can provide a better podcast for you. 

Another thing you can do to help us out is tell anybody you know that could use this information

This whole podcast, the point of this podcast isn’t to make money. 

It’s to spread awareness and to spread the knowledge because security is herd immunity. The more of us that are secure the more secure we all are. And that’s what’s really important. 

Thanks again, and I’ll see you next week.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

“I’m a nobody; why would anyone want to hack me?” – Episode 2

Watch the Episode

Listen to the Episode

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Read the Transcript

Hey, welcome to the Your Secure Life podcast. 

My name is Garrett. I’m an OSINT investigator and a privacy consultant and I am here to teach individuals and small businesses about privacy and security. 

That’s what this whole podcast about. 

You can check it out at YourSecure.Life, and don’t forget to pick up our free guide YourSecure.Life/guide, which will tell you how to clean up and keep clean your digital footprint in five days or less.

This week we’re talking about why hackers want to hack you. 

I talk to a lot of people who tell me things like “no one would want to hack me; I’m a nobody.” 

The fact of the matter is that it doesn’t matter who you are. 

You might be a nobody. You might be a somebody, and of course you have a higher chance of being hacked if you are somebody, but if you’re not somebody there’s still a good chance you could be hacked.

We’re going to talk about why. 

The first thing I want to go over is , the term “hacking,” I’m going to be using that in a way that means “cybercrime”. 

A lot of people take issue with this. It’s fine. I don’t even like to use it. It’s not a catch-all term. You can be a hacker and not do any crime.

You can be a criminal and not do any hacking. They’re not interchangeable. 

There’s a difference between cybercrime hacking and regular hacking. Just like there’s a difference between locksmithing and picking locks to break in. 

You can hire a locksmith because you got locked out of your car and you need to get back into your car. That’s totally legal and there’s no crime involved and it’s ethical. 

But that same person could use those same tools and those same skills to break into cars and steal stereos or other valuables.

It’s the same thing with hacking. 

There are tools there are skills that could be used for good. They could be used for evil. 

But in this podcast, we’re going to be using the term hacking to refer to cybercriminals attacking you. Most likely for identity theft. 

The first and most obvious reason why someone would get hacked, why you would get hacked, is if you have money. 

One of the funniest things that I have to deal with when talking to people is that the the more money someone has, for some reason, the more likely they are to tell me “I’m a nobody; why would anybody hack me?” 

I just look at them like they’ve got a second head or something. 

It just blows my mind that someone who drives a Tesla and lives in a three-story house on the water in Florida doesn’t think that someone would come after their money.

I don’t really think there’s anything else to say about this one. It’s pretty obvious. 

If you have money people are going to come after you.

Another reason that you might be hacked as if you have a good credit score. 

Cybercriminals want people with good credit scores to steal their identity. 

It’s really easy to take out a large, sometimes six-figure, loan online without talking to anybody. Just by submitting information.

If they can steal your identity and submit that information, get a huge hundred thousand dollar loan, and take off… That sucks for you.

If you have a good credit score, even just a mediocre credit score, this could happen to you and it could happen with credit cards, too. 

You don’t even have to have a lot of money to have a good credit score. 

I know plenty of people that have great credit scores and make well below six figures. I’ve been there myself. 

Speaking of identity theft, identity theft on average costs $7,000 and at least a hundred hours of time just to clean up.

You really don’t want to open yourself to identity theft, right? That’s why you’re here, of course. That’s why you’re listening to this. 

Another possibility is that you were randomly chosen. It’s true. You can be randomly chosen to be hacked. 

The way this works is because of all of the past data breaches where all of our information has been leaked out. 

That’s why I advocate for such strong privacy and our own lives and in the corporations that are taking our data. And I guess the governments, too. 

What happens is these databases get leaked and sometimes they have our password. Sometimes they have our user names. Sometimes they have our emails. 

Let’s suppose in one of these leaked breaches your email and password were in the database and that same email and that same password is used for your email or Facebook or maybe even your bank account. 

They now have access to that. 

Cyber criminals have built software that just takes these databases, scours the internet, and just starts pluging it in until it finds positives.

You definitely want to have different passwords.

I talk about that in the guide at YourSecure.Life/guide.

Day one talks about how you should manage your passwords and how you should have a different password for every website. 

So go check that out. It’s free. 

There’s this thing called “doxxing” or “getting doxxed” and what that means is someone’s got your address and they blasted it online.

Usually this is used for harassment purposes. 

These people obviously aren’t trying to steal your identity or get any financial gain out of you, but they are trying to mess up your life and in many cases they succeed. 

So why would someone want to docks and harass you? 

Unfortunately, we live in a very volatile times specially politically and especially when it comes to politics online.

You could say the wrong thing and piss off the wrong person. It’s really that simple. 

They don’t even have to be one of your friends. If you post it publicly you could say something on Twitter and someone just happens to find it and they’re just the wrong person and they happen to decide, “you know, what I’m going to ruin this person’s day.”

The next thing you know, you’ve got a SWAT team beating down your door because they called the police and told them that you had a bomb.

That’s called “swatting” and it happens more often than you think.

A less nefarious prank that is often done is that they just send pizzas to your front door. This might sound good at first, but when you have 10, no sauce, no cheese left beef pizzas, it’s not good. It’s not good at all. 

Another reason you might be a target is because you’re not the actual target, someone close to you is, and you don’t want to be their weak link.

For example, let’s say your husband is the one who said something on Twitter to piss off some trolls. 

Now those trolls are looking for him. But he is way ahead of the game. He’s way ahead of me. He’s already wiped out all information about himself online and so he can’t be found. 

But this person, they found you.

And they know that you live with him. And they find your address because you didn’t clean it up. 

This is why it’s important that you are secure. You have to be secure for the people around you. 

That’s called herd immunity and that’s why I do what I do here. It’s because I want everyone to be safe so that we can all be safe together and it helps all of us.

Again, don’t be someone else’s weak link. 

The last reason I want to talk about someone would want to hack you is because you are putting yourself online. 

This could be in very different ways. It could be because you’re an online entrepreneur and you want to be like Gary Vee. It could be because you are a Twitch streamer and you want to be like PewDiePie.

I guess he’s on YouTube, but maybe you want to be a YouTube person. 

It doesn’t matter. They will come after you just for that. 

Some of it might be jealousy. Some of it’s just trolls trying to harass you.  

The fact is that if you put yourself online like that, people are gonna try to get at you just for whatever stupid reason. 

And that’s another reason you need to be safe.

In fact, a lot of people that have been online, especially Twitch and YouTube, have been swatted, doxxed, all of that. 

It really sucks and it’s really scary. 

But there’s a lot of things we can do to prevent it from happening and that’s what this whole podcast is about. 

It’s a scary world out there these days. Very little could set someone off and have them come after you.

It’s terrible. It sucks. It really does, and here we are living that life. It’s what we got to do. 

That’s what this whole podcast is about. That’s why I put together a free guide. 

I know I’m plugging it a lot today, but I forgot to plug it last episode. I think or I plugged it very little last episode. I might not have even plugged it. I don’t remember, but I just want to make sure you know about YourSecure.Life/guide. It’s free. 

You can take it as a 5-day email course, or you can take it all in one day. You can knock it all out in a Saturday for sure. 

This stuff really is like the bare minimum and we’re just getting started with this podcast.

This is episode 2, so it’s just the beginning, but I’m here working to make sure that everybody can be safe online.

Not just me, not just you, but everybody. 

Because like I said earlier, there’s that herd immunity. If each of us take precautions to be safer, it helps all of us in the long.

Run next episode we’re going to talk about another common thing that I hear: “I don’t need privacy because I have nothing to hide.” 

That one pisses me off even more, and it should piss you off too. 

But this is it for today. Let’s talk about that one next week. 

If you want to check out the show notes or the transcript or even a video of this, you can go to YourSecure.Life/2 because this is episode 2. Slash one has episode 1 and I think slash zero has the introduction episode

Either way, you can find them all from there. You can also just go to YourSecure.Life and you can figure it out from there, I’m pretty sure.

This podcast has no sponsors. It’s never going to have sponsors because I hate commercials.

I pretty much only listen to podcast when I’m driving and it just really sucks to have a really long commercial when I am driving because I don’t want to look down to skip it and then I have to listen to this commercial. 

So that’s why I don’t have commercials.

I don’t ever want to have commercials. 

So the best way that you can support this is you can share it with somebody. 

You can search for this on iTunes if you’re not listening on iTunes and give us a review there, that would be great. And also a subscribe. 

Of course on YouTube, you can like and subscribe the video to help and really just any sort of sharing helps.

I greatly appreciate it. Thanks for listening and I’ll see you next week.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Password Managers – Episode 1

Watch the Password Manager Episode

Premiering at 5PM Eastern time.

Listen to the Password Manager Episode

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Read about Password Managers

Hey, what’s up, Garrett here.

Today we’re talking about password managers because this is probably the bare minimum you should be doing and it’s often misunderstood. 

There are some objections that people might have to this that are unnecessary. The fact of it is: everybody should have a password manager.

That’s the bare minimum you should have.

There’s quite a few out there. In fact, I did some research just to see how many were out there and I don’t think I found them all but the list that I did find, there was:

  • 1Password
  • Norton Password Manager 
  • Password Keeper
  • LastPass 
  • Zoho Vault
  • Chrome’s password manager 
  • Password Safe 
  • Password Vault 
  • Enpass 
  • Bit Warden 
  • SafeInCloud 
  • Keeper Password Manager, which maybe is the same as Password Keeper? I don’t know 
  • Password Vault Manager 
  • Windows Password Manager 
  • DashLane 
  • KeePass 
  • iCloud’s password manager
  • Awallet 
  • PWsafe 
  • Kwallet 
  • Trend Micro Password Manager 
  • Samsung Password Manager 
  • Myki Password 
  • TeamPass 
  • Kaspersky Password 
  • Avira Password Manager 

How do you decide which one you’re going to use? 

Honestly, you just gotta go with one of the big three.

People will probably argue with me. 

I’m not sure where Bit Warden stands on this. I put them probably number four, but the big three for me are LastPass, 1Password, and KeePass.

We’re going to go through each one individually in that order because these are the ones that you’re going to want to look at.

We’re going to talk about the features, the benefits, the prices. Not all of them are free. Some of them are more convenient than others. 

First, let’s get started talking about why you should not use iCloud’s password manager or your browser password managers. 

First of all, these password managers, they’re not very secure. They’re not super secure. They’re a little lacking. 

One of the reasons why browser password managers are lacking is because it’s not really their full business. It’s just a part of their business. 

And the same thing with iCloud, or Windows, or maybe Samsung if it’s in your phone. 

These are only a small portion of their business and that means they’re not dedicating their entire work time to it.

For most reputable companies, it’s really important to have safe customers.

When you’re balancing between a lot of different aspects to your business, you’re gonna dedicate less to other things.

For example, if you’re Chrome or Firefox or Opera, or any other browser for that matter, your main focus is on a working browser. 

Secondary to that would be things like ad blockers, password managers. There’s also going to be support for extensions and plugins.

These are all things that are going to put password managers a little bit lower on the priority list for these companies .

If you go with a company such as LastPass, or 1Password , or any of the password manager specific companies, that’s their whole business. Their entire business is on storing your usernames, your passwords, sometimes other things like credit cards. 

All of that will be stored and  it’s going to be a lot better because that’s their whole business and they’re going to focus on you. 

Another benefit to going with a password manager specific company is that you can take this with you anywhere, forever, for the rest of your life. 

Assuming the company doesn’t go out of business. I don’t really see that happening with any of the major players.

One of the problems with switching platforms is taking your passwords with you. A lot of them do have easy exports and imports but you can’t rely on that forever .

Let’s say you’re using Firefox and you decide you want to switch to Safari. Or you’re using Chrome and you want to switch to Firefox. 

You have to hope that these export and import properly.

If you go with a password manager that is just a password manager, like 1Password or KeePass or LastPass, they work on any system. 

So you can just open it on that system and all your stuff is there. 

You can switch systems in the future. 

You can go from Apple Computers to Windows computers to Linux computers or whatever you need to switch to.

And you’ll always be able to access that stuff because you’re not locked into a specific platform by using their password managers.

Let’s get talking about password managers in specific.

LastPass 

I want to talk about LastPass first. 

LastPass is what I use for a majority of my stuff. A lot of my general online stuff uses LastPass and the reason why is because…Honestly, I started with it for work many years ago and the way it works sharing passwords within an office is just extremely convenient and it’s very affordable.

I ended up just sticking with it for a long time because that’s just where everything was. Of course, I can move it all but I just haven’t yet and LastPass has been good to me. 

I also like their authenticator for two-factor authentication. That’s something we’ll talk about in a future podcast; we’ll also talk about it later in this one, but only briefly.

It’s just been really convenient for me, and so I’ve been using LastPass. 

This isn’t sponsored by LastPass or KeePass or 1Password. This podcast isn’t sponsored by anybody. So, I’m not trying to harp on any specific one. I’m just sharing with you the ones that I have found to be the best or at least the best for me. You can do your own research and look into these but these are pretty much the most popular.

With LastPass, the pricing model is pretty good. The free level is probably all you need. 

There’s a premium level, which has better sharing. 

There’s a family level, which gives you multiple users with sharing and stuff like that. 

And then there’s business levels if you need to handle whole businesses.

If you’re just a family, the family one’s really great. Especially if you have kids. 

One of the things that I really like about LastPass sharing is that you can share a password with someone without showing them the password. 

They can still drop it into forms by using LastPass plugins in whatever browser they’re using, but they can’t see the password. 

So you can allow them access but not allow them to see a password. You can also revoke that access at any time. 

If you have kids that you want to have access to things, you can do that, and because they don’t know the password,  they can’t share it.

You keep it locked in your family that way, but you still have access and you can revoke their access to it if you need to.

Generally, I think it’s kind of a jerk move, but you could theoretically control your kids accounts that way and ground them from accounts by not letting them have their passwords again.

I think that’s kind of a jerk thing to do. But you know, you’re the parent. If that’s what you want to do, that’s what you want to do. 

Another cool thing about LastPass, and this is something that you’ll see in pretty much all password managers,  it has a really great random generated password creator and I really enjoy this.

I not only use their password generator for my passwords.  I also use it for my usernames, which in another podcast in the future we’ll talk about why you should randomly generate your usernames as well as your passwords. 

You definitely want to be randomly generating passwords. You want them to be as long as you can possibly get them to be accepted into a website.

Some websites will keep you under 8 characters. I think the original Xbox. Maybe the Xbox 360 to login to your Microsoft account it requires a pretty short password and I can’t even get onto my Xbox 360s Microsoft Live or whatever they call it now because my password is longer than that and I can’t type it in on the Xbox because the Xbox limits you to a character limit.

Fortunately, most websites and apps and stuff are getting past that but not all of them. I tried to sign up with TikTok the other day and apparently my 32 character password was too long. 

So I didn’t sign up with TikTok. 

You can shorten it and lengthen it using their password generator and you can make it easy to say. 

I use  easy to say and easy to read and then I put only lowercase for my usernames.

Then for passwords, I put it on all characters, I put uppercase, lowercase, numbers, symbols, everything that it will let me, I will do.

I will sometimes put them at 99 for the password length if it will accept it. If an app or website won’t then I’ll start shortening it down. I try to keep it at 32 at the minimum but like I said some websites and apps need something shorter than that.

Either I don’t sign up for them or I just go ahead and do it and just roll my eyes. 

Another great thing about LastPass is storing things like your credit cards.

Some people don’t feel comfortable with this but I do because again, this is their business. Their business is to keep you safe, and I just find it to be very safe and and well done.

It also makes it really convenient because I don’t have to put in my credit card manually, which is annoying. 

And also, pulling it out of my wallet, which is in my backpack. Probably. 

Or somewhere else, especially if I’m here in my messy office, where I don’t even know where my wallet is. 

It’s probably in my backpack.

I would have to go find it. It’s just a pain in the butt. I don’t want to do that.

That’s all the features. I mean, there’s a lot more features, but that’s all the features I really wanted to go over in LastPass. 

1Password

The next one I want to talk about is 1Password 

1Password has all of the features that I just listed for LastPass. It really does. It has all of those.

It’s got family pricing. It’s got business pricing. It is a little bit more in pricing than LastPass. But it has document storage, which is nice. You get 1 gigabyte for the lowest level and you can get more gigabytes for higher levels.

1Password also has travel mode.

1Password Travel Mode

I want to go over travel mode a little bit because travel mode is really cool.

Travel mode with 1Password is really cool because basically it makes it so that you can’t access your own stuff, nor anybody else when you’re traveling.

This is particularly good  for crossing borders. 

We all know that nowadays crossing the United States border, as well as I’m sure other borders, border patrols and TSA agents and whatever you want to call them are checking our phones.

They’re checking our computers. They’re checking any electronic devices we have. 

That kind of sucks. Not very cool.  It’s not right 

People are being picked especially if you are not white, or maybe it has to do with your job such as being a journalist.

I know that journalists are being searched. 

They’re just going through and looking for this stuff. 

What you can do is you can set up different vaults with different things.

Then you can set it so that when you’re traveling you go in there and you basically lock yourself out of your vault.

Then you can’t access that fault while you’re traveling. 

The TSA agents can’t access the vault because you can’t which means they can’t get into your accounts and look at things. 

Everything is locked and you have your plausible deniability because you can’t get into it.

You physically cannot unlock it for them.

It’s not only locking you and them out of it. It actually removes it from visibility. 

You can’t see it. 

They can’t see it. They don’t know that it’s not there. 

Unless they’re savvy with 1Password, in which case they still don’t know. They are just assuming.

That to me makes 1Password way  better than anything else. 

If that is something that’s important to you. If your job involves travelling across the border. Or maybe even just traveling within a country, if we ever reach the point where our phones are being searched just in regular travel. You have this option and if that’s the case, then I would absolutely recommend 1Password over LastPass.

The third password manager I want to talk about is KeyPass. 

KeePass

KeyPass is where I keep all of my really important stuff. 

I know I told you that I use LastPass for most of my stuff and that is true.

In KeePass I keep most of my really important stuff such as: banks, access to my doctor’s accounts.

Anything that’s really really important is stored in KeePass.

The reason why is because KeePass is not cloud storage.

With LastPass and 1Password, you’ll be able to store your stuff on the cloud. You can access it across many devices. You can do that with KeePass too, but you have to store it in your own cloud.

The way KeePass works is it’s open source software that allows you to keep a vault as a file on your computer, on your phone, in your cloud, wherever. 

I personally do not keep my in the cloud. I keep it on the hard drive of my computer and I keep a backup somewhere else. And I’m not going to tell you where it is.

This vault has all of my important stuff: my most important information, my most important passwords, and some other stuff that I keep stored in there because it’s just so much safer. 

The reason why it’s so much safer because it’s not on the internet. You have to have physical access to my device to get it and even then it’s still encrypted. It’s still got its own password. 

You still can’t get into it unless you know these things. That, to me, makes KeePass one of the most secure password managers you can possibly have.

Luckily, I can put it in my cloud and send it to other devices if I need to be able to access it that way.

Because I’m a little bit paranoid and more secure conscious than most people, I don’t even put it in the cloud unless I absolutely have to.

If I do it’s encrypted within an encrypted zip file and then sent that way and then delete it as soon as I can delete it.

That just makes KeePass really important to have. 

So, if you need that level of security, I highly recommend KeePass.

There’s other ones. There’s KeePassX as well. 

I’m not 100% sure the difference between KeePass and KeePassX. 

I’ve been using KeyPass for quite a few years. It’s been good to me, and that’s the one that I’ve used for this stuff. 

It’s open source. It’s OSI certified. It’s completely free forever, as far as I know.

It’s been vetted. People have looked at the open source code and they’ve seen it and said, “hey, this is safe. This is secure. This really encrypts your stuff. It really stores your stuff in a good way.” 

That’s at KeePass.info

I’ll be putting links to each of the password managers that we’ve talked about: LastPass, 1Password, and KeePass, in the show notes, which you can get to at YourSecure.Life/1 because this is the first episode. 

I don’t think I mentioned that earlier. By the way, welcome to the first episode. Happy to have you here.

Now that we’ve gone over the three main password managers that I recommend, I just want to go through a couple misconceptions. 

Common Misconceptions About Password Managers

Some people say, “well if I keep all my passwords in one place like a password manager, isn’t that a single point of failure?”

By definition, yes, but it’s not a single point of failure because you should be using something called two-factor authentication.

All of the ones mentioned allow two-factor authentication.

You should be using two-factor authentication. To get more into detail on what that is and how that works I’m going to dedicate an entire episode to that.

There are four main ways to use two-factor authentication.

The first one is having a one time use code sent to your email. Another one is sent to your phone. 

I do not recommend these two. 

The reason why is because if someone compromises your email, or your phone through sim swapping, then they can reset your passwords and get access to two-factor authentication that way and that sucks.

Other options are: an app that is dedicated specifically to two-factor authentication. 

LastPass has an app. Google has an app. Zoho has an app.

There’s lots of them out there. As well as open source ones, free ones. 

There’s also physical keys that you can get, such as the YubiKey, and that’s something that I use as often as possible. 

That one they have to have the physical key in their hand.

It goes into your USB or they have one that you can plug into your lightning port on your iPhone.

That’s super secure because you literally have to have the key to plug it in to get access to stuff.

You can’t get into my LastPass without that. You can’t get into a lot of my stuff without having my YubiKey.

Getting into a lot of my accounts without that is near impossible.

The other common misconception we basically already touched on but let’s touch on it again. It’s not trusting the vendor. 

First of all, go with a vendor you do trust. 

We know that 1Password is a reputable company. They’ve been around for a while.

We know that LastPass is a reputable company. They’ve been around for a while. 

We know that KeePass is reputable because it’s open source software. It’s been vetted and you can see lots of major security people use it. 

We know that these are trustworthy. 

We also know that iCloud is trustworthy. Although I’m still going to recommend you don’t use that.

I recommend you don’t use Firefox has because they’re also trustworthy but these browser ones. I’ve already given you reasons not to use them. 

You want to go with these companies that are dedicated to password management because that’s their whole business and they’re putting everything into making sure that you are safe.

If they’re not putting everything into it, because they do have other stuff,  at least  that’s their main priority. That’s what they’re focused on. That’s what’s going to have the most man-hours on it.

Closing Remarks

All right. I think that wraps it up. You can find me at YourSecure.Life

You can check out the episode transcripts. There’s going to be a video if you’d like to see my messy office. There’s also show notes with links to anything mentioned. 

This podcast isn’t sponsored by anybody, so if you could please share it around that would be great. 

If you know anybody who could use this: please, please send it on to them. 

We do not intend on ever taking sponsors. I don’t like commercials myself.  It’s so annoying when you’re listening to a podcast and you have to skip through commercials.

It just sucks. 

I don’t want commercials. I’m not going to have sponsors. 

The best way you can help is to help spread the word. 

Again, YourSecure.Life has everything you need to get in touch. Or to re-experience this podcast

I will see you next week.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

0. Introduction

Watch

Listen

Apple/iTunes | Spotify | Google

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Read

Hey there, my name is Garrett and I am a privacy consultant and OSINT investigator

[00:00:14] You’re listening to Your Secure Life, a podcast to help individuals and small businesses remain private and secure on the internet.

[00:00:23] Episode transcripts can be found at YourSecure.Life

[00:00:28] While you’re there, don’t forget to sign up for our free guide on how to clean up your digital footprint in five days or less.

[00:00:35] You can get started even quicker at YourSecure.Life/guide.  

[00:00:43] All right, welcome. I’m Garrett, your host for this podcast. 

[00:00:46] This is the introduction episode. So I’m going to keep it short and sweet. 

[00:00:50] I don’t want to keep you from the good stuff. 

[00:00:52] This podcast is meant for people who are new to, or fairly amateur when it comes to cyber security and personal privacy.

[00:00:59] It focuses on small businesses and individuals. 

[00:01:03] All of the information you’ll learn here will apply to everybody whether you’re a CEO or a stay-at-home mom. 

[00:01:09] It’ll benefit small mom-and-pop shops as well as multinational conglomerates. 

[00:01:14] That said, this podcast is not focused on advanced topics such as how to fully secure an office or business with hundreds or thousands of employees.

[00:01:24] If you’re that big, this podcast will not be advanced enough to give your business the complete security it requires. I recommend you hire an IT team for that. 

[00:01:33] But if you’re an individual looking to keep yourself safe for a small business that doesn’t know what you need or where to start you’re in the right place.

[00:01:40] If you’re a small business who doesn’t think you need privacy and cyber security: you should know that cyber attacks against businesses increased by around four hundred percent last year (2018-2019). 

[00:01:50] Sixty percent of small businesses hit with a cyberattack go out of business within six months of the cyber attack.

[00:01:57] Whether a small business or an individual, a cyberattack against you can cost thousands of dollars and hundreds of hours of headaches.

[00:02:04] For individuals, this usually comes in the form of identity theft, but it could be so much more. 

[00:02:09] If you think to yourself, “I’m nobody. Why would they target me?” They can and they will and there’s an episode for you.  

[00:02:16] If you think “I have nothing to hide,” please immediately email me your full name, date of birth, social security number, and bank login information.

[00:02:25] Oh, hey, it looks like you do have something to hide! There’s an episode for you.  

[00:02:30] In the first episode we talk about password management. 

[00:02:33] To me, this is the bare minimum you should be doing, which is why it’s first. 

[00:02:38] Plus to be honest, it makes life easier. There’s not even a big learning curve. You’ll be up and running in a few minutes and it’s going to improve your life a lot. You’ll see. 

[00:02:46] We’ll also cover topics such as how to choose a good password, two-factor authentication, virtual private networks or vpns, encryption, social media security and privacy, how to safely show off your life and vacations to make your friends jealous, and even touch on some subjects such as how to keep your WordPress website safe and secure from hackers.

[00:03:07] All right. I feel like this introduction episode has taken up enough time.

[00:03:11] Thank you for listening to Your Secure Life. This podcast is an Approaching Utopia project and does not accept outside advertising of any kind. You can support this podcast by sharing it with anyone you know who would be interested.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.

Instagram Phishing Attack 2019

Personal Cyber Security Tips!

Note: This “Instagram Phishing Attack 2019” video is the extended version of a 60 second video originally posted on my Instagram. It addresses you as if you were viewing this on Instagram.

Hey, so I came back to Instagram because I realized that I was forgetting about you and you also need to know about what’s going on.

How to make sure you’re safe from security attacks and stuff like that.

Especially Instagram hacks,  which is why I’m here today. 

There’s an Instagram phishing attack going around.

The Instagram Phishing Email

Here you can see the email that comes in. 

Screenshot of the Instagram Phishing Attack email.
Screenshot mine but I was looking at the Sophos Naked Security website.

It’s not something that’s going to be on Instagram. It’s going to be an email that’s going to come to you and you can tell by the really poor English in this: we sorry, we your account. 

It’s just bad and that’s really the first tip-off.

You should know when you look at something like this and it has terrible English that it’s it’s not going to be legit

It’s not ever legit. 

Social Engineering Tactics Used

If you click on the button, it takes you to a copyright notice with more terrible English and it says that your account is going to be deleted in 48 hours.

Screenshot of the Instagram Phishing Attack fake Copyright Notice.
Screenshot mine but I was looking at the Sophos Naked Security website.

That deletion, in 48 hours, is important because it makes you feel a sense of emergency and a sense of immediacy.

That’s a social engineering trick and also a marketing trick.

It makes you feel like you need to act now because you’ve put a lot of hard work into your Instagram. 

You don’t want it to be deleted in the next 48 hours, right? Or 24 hours, or whatever.

The Instagram Phishing Form

It asks you for some information. Your, birthday, which is a little weird, but I think they just do that to sort of try to help make this feel real. They also ask for your password. 

Screenshot of the Instagram Phishing Attack form.
Weird thing about that cursor…this screenshot was on my phone. Screenshot mine but I was looking at the Sophos Naked Security website.

I haven’t actually looked at this in person other than these screenshots because I have not received the email but I’m assuming it asks for your username at some point, too.

When you put all this in it’s going to give you a pretty realistic looking loading button, a loading screen and then a copyright notice that also looks pretty legit and  a positive check mark saying “hey you submitted it” and it looks legit.

It then sends you to Instagram for real. The real Instagram, where you can log in and actually look at your account.

All of this makes it seem like it’s real and they do a really great job of that.

It’s really easy to be caught off guard unless you pay attention to really important stuff like the spelling. 

How to Protect Yourself from Instagram Phishing Attacks

Really the best way to protect yourself against this kind of stuff is just kind of pay attention, be suspicious of anything that comes to you, especially if you didn’t actually do what they’re saying you did.

The terrible English is really the first major tip off.

That one was really bad and a lot of them really are.

Some of them are actually not so bad and that’s tough.

A lot of people have experienced this on YouTube that are legit and they do… It’s a real YouTube email that really comes from YouTube.

But of course doesn’t ask for your password. 

That’s another thing you should get suspicious: if it’s asking your password you definitely need to do a little bit of research

The main thing is check out the URL up at the top if you’re suspicious.

Just do a search on Google or whatever. “Is this a thing?” 

Or you can always reach out to a website support and say, “hey is this legit?” 

Most likely they’re going to be like “no that’s not! Please don’t do that. Also change your password now anyway!” 

But you should be changing your passwords every 90 days or so anyway.

Hopefully this helps you stay safe on Instagram.

Don’t do that. Don’t lose your Instagram account. I want to see you here tomorrow and not a bunch of spam.

Clean up your digital footprint in 5 days!Or less!

Sign up to get the guide now.