Security – Webworth Blog https://blog.webworthseo.com/ SEO and business related changes Fri, 06 Nov 2020 03:56:16 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.3 https://blog.webworthseo.com/wp-content/uploads/sites/8/2019/06/cropped-cropped-WebworthSEO-Agency-Logo-White-Square-291-x2-32x32.png Security – Webworth Blog https://blog.webworthseo.com/ 32 32 Data breaches and what you can do about it. https://blog.webworthseo.com/data-breaches-and-what-you-can-do-about-it-use-a-password-manager/ https://blog.webworthseo.com/data-breaches-and-what-you-can-do-about-it-use-a-password-manager/#respond Thu, 05 Nov 2020 09:54:49 +0000 https://blog.webworthseo.com/?p=2401

Eatigo and Redmart recently experienced data breaches (1.1 million accounts affected at Redmart straitstimes.com/tech/personal-data-from-11-million-redmart-accounts-stolen-lazada Updated October 31st, 2020 and 2.8 million accounts November 1st, 2020 straitstimes.com/tech/personal-data-from-28-million-eatigo-accounts-stolen-put-up-for-sale-online )

Straits Times October 31st, 2020 and November 1st 2020

Oh no, now people will know what my most ordered items on Redmart are. How am I possibly going to explain adding bags of salted egg crisps to almost every single order I’ve made? 

Or perhaps you’ve used (and more distressingly, reused) a password you had thought was secure? Now everyone will know my favourite drink is KopiOGao123 or that my favourite dim sum is SiewMai@YanTing. 

With data breaches becoming more commonplace, how do you go about securing your online identity?

What’s stopping someone from reusing that password to try and access your financial accounts? This is the reason why you do not reuse passwords on sites. And it is this very prevalence of password reuse which should worry us when we are alerted of a data breach.

If you’ve used the same password for i-banking, PayPal or worse the same e-mail address tied to the services. Change your password this instant.

Let’s face it; we aren’t going to remember 30 super long random passwords. I sometimes have trouble remembering what I had for lunch the day before. And because of this, you start reusing passwords, using shorter passwords made of fewer words, fewer symbols. All it takes is one site to be hacked and access to a bunch of other sites is compromised as well. 

Sure, one can compartmentalise and use different passwords for banking than for e-mail than for social. But there has to be a better way. 

Here’s where a password manager like NordPass can fill the gap. 

What is a password manager?

Essentially, it’s an encrypted vault which manages a whole bunch of passwords for you. It generates secure passwords for websites, so you no longer have to come up with your combinations. You still need a secure password known only to you to lock down that vault. But I’d much instead remember one relatively hard to crack password than two. For the truly paranoid, you could always pair it with a YubiKey as a layer of physical security.

How can a Password Manager help secure my account?

Using a password manager is the first step towards the security of your account. It is a convenient app where you can find your passwords when and where you need them, in addition to this it also:

  • Helps you generate strong passwords with a built-in password generator;
  • Saves your complex passwords, so you don’t need to reuse them on multiple accounts. It’s one of the most common reasons why accounts get hacked. Use unique passwords for all your accounts;
  • Keeps your passwords in an encrypted vault, which is protected by zero-knowledge architecture. Meaning that your data is encrypted before it leaves your device and reaches the password manager’s servers in this case, LastPass. You are the only one who can access and manage your login credentials. The LastPass team can’t.
  • Allows you to set up 2FA to add an extra layer of protection to your account.

What else can you do to lock down your logins? 

Enable 2FA wherever possible. I prefer using a 2FA token like AUTHY, SMS isn’t infallible as there have been several SIM swap attacks. Which aren’t as prevalent in Asia, but you never know with these things.

Yes, it might be a single point of failure but (in my opinion, it’s better than having lots of many weak links and hoping websites don’t get compromised)

For the tech-inclined, you could go old school and load up a VeraCrypt encrypted vault or encrypted disk image on macOS, and store passwords in a text file there. Making sure you only mount it when you need it and dismount it clearing memory after. Or perhaps set up BitWarden (an open-source password manager), but who’s going to set up and manage the server and ensure that that doesn’t get compromised or is running 24/7? 

Disclaimer: Some of the links are affiliate links, meaning, at no additional cost to you. I will earn a commission if you click through and make a purchase. 

Some people use their favourite food and address as their password combination. Mine would have been HokkienMee29 What would yours have been? Comment below and who knows I might send you a spiffy new YubiKey to lock down your digital persona. 🙂 #BadPasswords #ReducePasswordReuse

]]>
https://blog.webworthseo.com/data-breaches-and-what-you-can-do-about-it-use-a-password-manager/feed/ 0
What VPN do you recommend? Why free VPNs are a terrible idea! https://blog.webworthseo.com/what-vpn-do-you-recommend-why-free-vpns-are-a-terrible-idea/ https://blog.webworthseo.com/what-vpn-do-you-recommend-why-free-vpns-are-a-terrible-idea/#respond Tue, 15 Sep 2020 09:21:47 +0000 https://blog.webworthseo.com/?p=2395 What exactly is a VPN?

A VPN (Virtual Private Network) gives you online privacy by creating a private connection from your ISP or free cafe Wi-Fi connection to a secure machine hosted elsewhere. 

In essence, once you’ve connected to the VPN server. All communications are sent through this machine. And it seems as though your connection is originating from that computer’s IP address.

Do you need a VPN? I connect through VPNs if I’m travelling and accessing someone else’s Wi-Fi network. You never know how secure their systems are, and I prefer adding my layer of encryption to the connection. After all, I wouldn’t want to leave my banking statements or medical records at a crowded cafe for everyone to see. If you do not secure your connection, you run the risk that hackers, governments, your internet service provider, website, employer or others can store and make use of such information. A VPN shields your data from all these groups, but routing your traffic through the VPN provider inevitably means that the VPN provider (if malicious) could potentially store and extract the very data you are trying to keep private.

Thus you must pick a reliable VPN provider who’s been audited by a 3rd party. You could very well set one up yourself, but you’d have to make sure that the servers are maintained, and security patches kept up to date. 

There are numerous reasons why people use VPNs. The top reasons being: 

  • Privacy
  • Browsing without censorship
  • Accessing Geo-restricted content.

So which VPN service would we at Webworth recommend?

We recommend NordVPN and ExpressVPN. Both of which have multiple servers globally for accessing geo-restricted content. 

Why NordVPN?

NordVPN has a 30-day money-back guarantee. They support WireGuard protocols which are proven to be faster than OpenVPN. NordVPN’s CyberSec Suite feature also provides adblocking and extra malware protection.

NordVPN also has a massive network with 5,390 servers in over 55 countries and offers speciality servers for P2P, double encryption and dedicated IPs. If you are looking for a service to get around restrictions on Netflix, Disney+, Hulu, you’re in good hands. 

NordVPN offers a kill switch feature and the ability to VPN into Tor. 

Why ExpressVPN?

ExpressVPN also has a 30-day money-back guarantee. 

Their network isn’t as extensive with 3,000+ servers in 160 global locations. 

We turned to our researchers in Asia again to test out ExpressVPN’s ability to bypass censorship. We’re happy to report that it consistently bypassed the Great Firewall of China, so it’s a top pick for regions with heavy censorship, too.

ExpressVPN offers a useful kill switch feature, which prevents network data from leaking outside of its secure VPN tunnel in the event the VPN connection fails.

Why Free VPNs are a terrible idea

VPNs cost money to run. They require a computer, a reliable internet connection and electricity. You can either pay for a premium service with money, or you pay for free services with your data. 

The next time you feel like using a free VPN, have a closer look at the privacy policy. More often than not, there is a lack of transparency or they are explicitly sharing user data for their own gain.

Not only that, but you are also willingly routing all data through computers owned by a 3rd party. Suppose they aren’t charging you for the use of their systems, or monetizing user data. What’s in it for them to provide access to a resource which costs them money?

Keep in mind that we may receive commissions when you click our links and make purchases. However, this does not impact our reviews and comparisons. We try our best to keep things fair and balanced, in order to help you make the best choice for you.

]]>
https://blog.webworthseo.com/what-vpn-do-you-recommend-why-free-vpns-are-a-terrible-idea/feed/ 0