It's finally snowing (at least where we are), and soon there will be enough snow to build a snowman. Be careful with giving your snowman a corncob pipe and a button nose, though. Those distinctive features can be easily identified by facial recognition cameras, and if your snowman plans to run and have some fun past the traffic cop who hollers, "Stop," it will make him much easier to track. Your neighbors' smart doorbells might even be sending video of his face straight to the police department. It's much safer to stick with the classic carrot nose if you want Frosty to be back again someday.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

When you're traveling or otherwise away from your home or office all day, you may find your phone's battery drained before you get back to your normal charging locations. USB charging stations are increasingly common, especially at airports or train stations, but since USB connections were designed to transfer power and data, it's possible that "charging-only" USB port will try to plant malware on your device or access your files - an attack known as …

Continue reading…

We're back from Thanksgiving - and we're still working on eating all the leftovers in our fridges. You know, good security is kind of like leftovers: you do have to spend some time on prep work, but it pays off for a long while afterwards.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

A couple of our stories this week are about employers unexpectedly having access to your accounts or your phone after you've left a job, so our tip this week is about checking whether anyone has unexpected access to your mobile device. The major mobile platforms support a feature generically called "mobile device management," which lets you give an employer abilities ranging from requiring that you set a passcode to possibly remotely wiping your device. Because MDM is so powerful, it's also an appealing target of malware - if you're on family tech support duty for the holidays and you see a device acting strangely, such as having apps or VPNs that can't be uninstalled, you might want to check for unwanted MDM profiles and uninstall them. Apps can't set up MDM on their own - you have to …

Continue reading…

Good morning, and happy Thanksgiving to our US readers! Often, security and privacy news can be disappointing, worrying, and even dystopian, so we thought we'd use this Thanksgiving newsletter to take a moment to cover some security and privacy advances we're grateful for.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

What we're thankful for

Password manager extensions

We can't say we're thankful for passwords and especially complex password policies, like "three special characters, two numbers, no repeated letters." That's the sort of security feature that reinforces the popular impression that security and convenience have to be at odds with each other. Fortunately, password managers not only spare us the inconvenience of remembering complicated passwords but also make using the web a little more convenient in their own way. We're thankful for how password managers make it easier to deal with changing passwords and how password manager extensions protect against phishing attacks.

Password managers make it easy to have unique passwords for every website, which helps limit the impact of one of the websites you use getting breached. If a site stores its passwords insecurely and they get stolen, it's a lot …

Continue reading…

With the cold season comes ... cold season, and being stuck in bed with a cold is even less fun if you don't have any hot tea to drink. That's what happened to Geoffrey last week, and it got us thinking about the value of backups and even imperfect backups. We're (obviously) fans of good-quality loose leaf tea, and we try to keep an ample supply on hand stored in sealed containers. However, when we run out of loose leaf tea, we're glad to have some packaged, mass-produced tea bags in our pantries - even after a long time, they still make a drinkable cuppa. In the same way, backups of important data and records don't have to be quite as nice to use as your day-to-day email or files, as long as you have a way to get to them when something goes wrong.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Two of our stories this week are about losing access to Google account data, so we figured we'd take a look at how to keep it backed up. It's common for us to think that our accounts …

Continue reading…

Hello! The chill in New York provided us the perfect excuse to curl up with a blanket and a pot of tea while making sure the last of our accounts with an authenticator app as a second factor had those authenticator apps configured on both our current phones and backup phones. One of Liz's accounts is an unused Snapchat namespace grab (an account that goes entirely unused but exists so no one else can use Liz's most commonly used username), and Liz was particularly unhappy to have to download the Snapchat app and temporarily give it camera access just to reconfigure two-factor authentication.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you want to upload a photo from your phone to a service like social media or email, there are usually two ways to do it: you can open the service's app and access your photo library or camera from there, or you can take a photo and use your phone's "Share" feature to send it to the service. Sharing a photo via the first approach will often prompt you to give the app direct access to …

Continue reading…