Loose Leaf Security Weekly, Issue 14

We're back from Thanksgiving - and we're still working on eating all the leftovers in our fridges. You know, good security is kind of like leftovers: you do have to spend some time on prep work, but it pays off for a long while afterwards.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

A couple of our stories this week are about employers unexpectedly having access to your accounts or your phone after you've left a job, so our tip this week is about checking whether anyone has unexpected access to your mobile device. The major mobile platforms support a feature generically called "mobile device management," which lets you give an employer abilities ranging from requiring that you set a passcode to possibly remotely wiping your device. Because MDM is so powerful, it's also an appealing target of malware - if you're on family tech support duty for the holidays and you see a device acting strangely, such as having apps or VPNs that can't be uninstalled, you might want to check for unwanted MDM profiles and uninstall them. Apps can't set up MDM on their own - you have to …

Continue reading…

Loose Leaf Security Weekly, Issue 13

Good morning, and happy Thanksgiving to our US readers! Often, security and privacy news can be disappointing, worrying, and even dystopian, so we thought we'd use this Thanksgiving newsletter to take a moment to cover some security and privacy advances we're grateful for.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

What we're thankful for

Password manager extensions

We can't say we're thankful for passwords and especially complex password policies, like "three special characters, two numbers, no repeated letters." That's the sort of security feature that reinforces the popular impression that security and convenience have to be at odds with each other. Fortunately, password managers not only spare us the inconvenience of remembering complicated passwords but also make using the web a little more convenient in their own way. We're thankful for how password managers make it easier to deal with changing passwords and how password manager extensions protect against phishing attacks.

Password managers make it easy to have unique passwords for every website, which helps limit the impact of one of the websites you use getting breached. If a site stores its passwords insecurely and they get stolen, it's a lot …

Continue reading…

Loose Leaf Security Weekly, Issue 12

With the cold season comes ... cold season, and being stuck in bed with a cold is even less fun if you don't have any hot tea to drink. That's what happened to Geoffrey last week, and it got us thinking about the value of backups and even imperfect backups. We're (obviously) fans of good-quality loose leaf tea, and we try to keep an ample supply on hand stored in sealed containers. However, when we run out of loose leaf tea, we're glad to have some packaged, mass-produced tea bags in our pantries - even after a long time, they still make a drinkable cuppa. In the same way, backups of important data and records don't have to be quite as nice to use as your day-to-day email or files, as long as you have a way to get to them when something goes wrong.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Two of our stories this week are about losing access to Google account data, so we figured we'd take a look at how to keep it backed up. It's common for us to think that our accounts …

Continue reading…

Loose Leaf Security Weekly, Issue 11

Hello! The chill in New York provided us the perfect excuse to curl up with a blanket and a pot of tea while making sure the last of our accounts with an authenticator app as a second factor had those authenticator apps configured on both our current phones and backup phones. One of Liz's accounts is an unused Snapchat namespace grab (an account that goes entirely unused but exists so no one else can use Liz's most commonly used username), and Liz was particularly unhappy to have to download the Snapchat app and temporarily give it camera access just to reconfigure two-factor authentication.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you want to upload a photo from your phone to a service like social media or email, there are usually two ways to do it: you can open the service's app and access your photo library or camera from there, or you can take a photo and use your phone's "Share" feature to send it to the service. Sharing a photo via the first approach will often prompt you to give the app direct access to …

Continue reading…

Loose Leaf Security Weekly, Issue 10

Hello again! As the sun rises later and later each day, we're finding ourselves really appreciating the value of a cup of hot tea in the morning - nothing fancy or elaborate, just plain, good tea before we head out the door. In the same way, as the internet gets more dangerous and new threats are discovered each day, we're appreciating the value of security basics, like strong passwords in a password manager. Two of today's stories cover new reports of attacks where giving each site a unique, strong password would have kept you safe.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

We've talked before about how useful computer backups can be, and we've also talked about the risk of social media companies disabling your account without warning. In addition to backups of your computer, it's useful to have backups of your social media data. If you ever lose access to your account for any reason, you won't lose access to any photos or posts you only posted to social media.

Many social media sites make it easy to download your data, including Facebook, Instagram, and Twitter. There's …

Continue reading…