Loose Leaf Security Weekly, Issue 13

Good morning, and happy Thanksgiving to our US readers! Often, security and privacy news can be disappointing, worrying, and even dystopian, so we thought we'd use this Thanksgiving newsletter to take a moment to cover some security and privacy advances we're grateful for.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

What we're thankful for

Password manager extensions

We can't say we're thankful for passwords and especially complex password policies, like "three special characters, two numbers, no repeated letters." That's the sort of security feature that reinforces the popular impression that security and convenience have to be at odds with each other. Fortunately, password managers not only spare us the inconvenience of remembering complicated passwords but also make using the web a little more convenient in their own way. We're thankful for how password managers make it easier to deal with changing passwords and how password manager extensions protect against phishing attacks.

Password managers make it easy to have unique passwords for every website, which helps limit the impact of one of the websites you use getting breached. If a site stores its passwords insecurely and they get stolen, it's a lot …

Continue reading…

Loose Leaf Security Weekly, Issue 12

With the cold season comes ... cold season, and being stuck in bed with a cold is even less fun if you don't have any hot tea to drink. That's what happened to Geoffrey last week, and it got us thinking about the value of backups and even imperfect backups. We're (obviously) fans of good-quality loose leaf tea, and we try to keep an ample supply on hand stored in sealed containers. However, when we run out of loose leaf tea, we're glad to have some packaged, mass-produced tea bags in our pantries - even after a long time, they still make a drinkable cuppa. In the same way, backups of important data and records don't have to be quite as nice to use as your day-to-day email or files, as long as you have a way to get to them when something goes wrong.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Two of our stories this week are about losing access to Google account data, so we figured we'd take a look at how to keep it backed up. It's common for us to think that our accounts …

Continue reading…

Loose Leaf Security Weekly, Issue 11

Hello! The chill in New York provided us the perfect excuse to curl up with a blanket and a pot of tea while making sure the last of our accounts with an authenticator app as a second factor had those authenticator apps configured on both our current phones and backup phones. One of Liz's accounts is an unused Snapchat namespace grab (an account that goes entirely unused but exists so no one else can use Liz's most commonly used username), and Liz was particularly unhappy to have to download the Snapchat app and temporarily give it camera access just to reconfigure two-factor authentication.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you want to upload a photo from your phone to a service like social media or email, there are usually two ways to do it: you can open the service's app and access your photo library or camera from there, or you can take a photo and use your phone's "Share" feature to send it to the service. Sharing a photo via the first approach will often prompt you to give the app direct access to …

Continue reading…

Loose Leaf Security Weekly, Issue 10

Hello again! As the sun rises later and later each day, we're finding ourselves really appreciating the value of a cup of hot tea in the morning - nothing fancy or elaborate, just plain, good tea before we head out the door. In the same way, as the internet gets more dangerous and new threats are discovered each day, we're appreciating the value of security basics, like strong passwords in a password manager. Two of today's stories cover new reports of attacks where giving each site a unique, strong password would have kept you safe.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

We've talked before about how useful computer backups can be, and we've also talked about the risk of social media companies disabling your account without warning. In addition to backups of your computer, it's useful to have backups of your social media data. If you ever lose access to your account for any reason, you won't lose access to any photos or posts you only posted to social media.

Many social media sites make it easy to download your data, including Facebook, Instagram, and Twitter. There's …

Continue reading…

Loose Leaf Security Weekly, Issue 9

Happy Friday! We hope you had a good Halloween and didn't get any candies laced with marijuana as police departments had been warning about - but of course you didn't, it's an urban legend, much like the fears from a few decades ago about candies with razor blades inside. Even police departments sending out these warnings have no record of it happening, and a bit of common sense shows why not: "edibles" are far too expensive for anyone to want to give out for free, and they also look nothing like children's candy. From a computer security perspective, we'd say that this worry demonstrates a lack of realistic threat modeling and an undeserved fear of the spookiest and scariest risks, without assessing how likely they are.

Threat modeling is, essentially, a systematic approach to determining what can go wrong and what we're going to do to protect ourselves. The first step is to accurately describe what we want to protect and who we're protecting against. (Criminal justice professor Joel Best tracks reported stories of drugs and harmful objects in Halloween candy, many of which turn out to have nothing to do with Halloween - for instance, after a 1970 tragedy where a …

Continue reading…