Data Breach

US Dept of Energy Data Center
Data Center – Rawpixel.com

The news seems flooded with stories of a major data breach of National Public Data. This is significant because NPD is a consumer data broker. According to the Electronic Privacy Information Center data brokers:

“…collect and aggregate many types of personal information: names, addresses, telephone numbers, e-mail addresses, gender, age, marital status, children, education, profession, income, political preferences, and cars and real estate owned. Data brokers also collect information on an individual’s purchases, where they shop, and how they pay for their purchases.

“In addition, data brokers collect health information, the sites we visit online, and the advertisements we click on. And thanks to the proliferation of smartphones and wearables, data brokers collect and sell real-time location data.”

If you’ve ever wondered about Identity Theft, this is it. It’s essential to know with all that info, the hackers can sell your data. They may sell your whole file to a woman or man who can open accounts in your name, buy a car in your name, earn income in your name (that you will owe taxes on), or even get medical care, ALL IN YOUR NAME.

Consumer Data Brokers are an unregulated business. They can buy and sell your personal and private information without you even knowing they have it! Because they’re unregulated, there’s not a lot you can do about the data they already have. (Write to your Congressperson and Senator!) But there are things you can do to limit the damage.

Q: What is a data breach?

A data breach happens when hackers virtually “force” their way into corporate or government data centers. As hackers get more innovative, there will be more and more data breaches. Click for Wikipedia’s “List of data breaches“. (It is a little out of date.)

Q: What happened?

National Public Data had a security incident in December 2023. Brian Krebs states, “In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers, and in some cases email addresses for more than 272 million people (including many who are now deceased).”

You can read more on Snopes, Bleeping Computer, and UC Berkeley. There are many articles with sensational headlines and click-bait. Avoid those! In addition, a citizen in Florida filed a class action lawsuit.

Q: Does this data breach include my information?

The first thing you should do is head over to PenTester. Enter your name, state, and birth year to see your status. (The Data Breach includes my data.)

Q: Should I freeze my account? What does that mean, and how will it affect me?

Experian has provided a good explanation about freezing and thawing your account:

“A credit freeze is a free service, guaranteed under federal law, that can protect you from credit fraud by limiting most access to your credit report until you lift it, or “thaw” your report. When your credit report is frozen, any lender who asks to evaluate your report for purposes of issuing a loan or other credit is denied access to the report. A security freeze won’t affect your credit scores, but it will prevent lenders evaluating credit applications from obtaining your credit scores.

“A security freeze prevents criminals from opening new credit accounts in your name, but it also blocks your legitimate credit applications. So, if you have a credit freeze in place, you’ll need to thaw your credit reports before applying for a new loan, credit card or other consumer credit.

“Once your application is processed, you can reinstate the freeze. Alternatively, you can use a temporary thaw to lift the freeze for a set window of time, such as one day or one week, after which the freeze will be reinstated.

“Credit freezes must be activated and lifted separately at each of the national credit bureaus. Procedures differ somewhat with each bureau, but all three enable requesting and lifting of security freezes online, by phone, and via postal mail. There is never a fee for applying or removing a credit freeze.”

Q: What do I do next?

Freeze your account on all three credit reporting sites:
If you haven’t been on these sites, you’ll need to create a new account with a secure password. Remember your login information so you can “thaw” your account if you need to.

Q: What about my email?

Check whether your email has been compromised or “pwned”. Enter your email address into Have I Been Pwned to find out. If it has, the site will tell you where. Go to each site, and change your password to a new one. THEN, enter one of your other emails to find out if that has been compromised, too. For example, I have separate emails for work, personal, and social media. I discovered that my email was breached on Ticketfly, Gravatar, and Factual, among others. (Check out this article I wrote a few years ago.)

Q: Anything else?

You might want to consider a data removal service. The jury is still out on their effectiveness, and we haven’t had a chance to review any of them yet. The primary services available are Incogni, OneRep, or DeleteMe. Here are a few independent reviews:

Conclusion:

Be very cautious about how and where you share your data, and secure your data via account freezing.

 

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

INFORMATION ABOUT GEEK FOR HIRE, INC.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming, too. You can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. If you’re a young adult or a student, you’re eligible for a 6 month free trial!  As an Amazon Associate, we earn from qualifying purchases.

If you’d like to receive our newsletters in your email, please click here.

Tagged

How To Change Password on iPhone

If you’re in the service industry you already know how to change password on iPhone. Having a secure passcode on your SmartPhone keeps your co-workers from posting silly things on your Facebook page.

All kidding aside, if your iPhone isn’t with you 24/7/365 there is a chance it could fall into someone else’s hands. Did you ever leave your phone on the desk in the library while you went to pick up the document you just printed, or leave it on the table in a restaurant while you use the restroom? Your phone isn’t as secure as you like to think.

Of course, we advise that you log out of all apps on your phone as soon as you’re done using them. And we also advise that you never store your credit card information in an app that you use on your iPhone. But who are we kidding? Even I don’t do that all the time, so I’m pretty sure you don’t either. And that’s why you need to make sure your iPhone is securely locked down when you’re not using it.

Should you Use a Passcode or Biometric Authentication?

We prefer using a very secure passcode over biometric authentication. Biometric Authentication is just a fancy way of saying they’ll use your fingerprint or Face ID to say that you are you. We think a passcode or password is more secure.

iPhone Passcode Requirement:

Many people use a simple four or six-digit numeric code to log onto their iPhone. This is simply not secure enough.

Geek For Hire recommends that you use a secure passcode with twelve or more characters, using a good mix of letters, numbers, special characters/punctuation, and capital letters. (The time it takes to crack a six-digit, all number passcode is measured in milliseconds. To crack a 12-digit passcode with mixed characters would take about 2000 years. Check out this article for more info.

If you want to know how to change iPhone passcode so that it is longer, follow these seven steps:

  1. Open “Settings” and click on “Face ID & Passcode.first of two images which show how to change password on iphone
  2. Then click on “Change Passcode.”
  3. After you’ve entered your old passcode, click on “Passcode Options”, and then click on “Custom Alphanumeric Code”. This allows you to use more than just numbers for your code.
  4. Enter your new passcode using a mix of letters, numbers, and special characters. It’s still important to use a passcode that will be easy for you to remember. For example, if you’re an avid reader:
    • I Love My Library could become…
    • I<3MyLibrary!
  5. Write it down so you’ll remember it in an hour. After you’ve entered it a few times, your muscle memory should kick in and you can shred and toss that scrap of paper.
  6. Don’t make it so hard that you get frustrated every time you enter it and decide you’re better off without a passcode.
  7. While you’re on this screen, change the requirement for entering your passcode to five minutes or less.Second of two images which show how to change password on iphone

What You Should NOT Do:

  1. Don’t ignore the passcode altogether.
  2. If you do use a four-digit passcode don’t use any series of numbers that form a pattern. For example,  “1234”, or “1111”, “2580”, and “7139” are all really bad. But seriously, don’t use a four-digit code!
  3. If you do use a six-digit passcode, don’t use “136974”, or any other pattern on the keypad.
  4. Generally, don’t use an easily recognizable pattern or series of numbers.
  5. And, of course, don’t use your birthday, your phone number, your name, etc.

How to Remove Passcode from iPhone:

Seriously? After reading all of that you want to know how to remove iPhone password? Here you go:

  1. Open “Settings” and click on “Face ID & Passcode.
  2. Click “Turn Passcode Off”
  3. Confirm that you don’t want to use your Apple Pay cards and that your Apple Watch will lock.
  4. It’s not too late! Please reconsider! Don’t do it! Click on cancel!

Conclusion:

You should have a passcode on all your portable devices, especially any devices that have credit card information or other private data. This includes your SmartPhone, SmartWatch, tablet, etc.

Information About Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

More Tips Here:

  • Are VPNs worth it? More here.
  • Are you interested in learning more about Extreme Privacy?
  • We have seen a lot of Facebook hacking lately. Here’s what you should do ahead of time to keep your account safe.
  • And here are the 10 Password Mistakes you don’t want to make!
Tagged

4 Ways to Tell if the Person Calling You is Not a Scammer

Is the caller a scammer? I wrote this blog way back in 2017. The tips still apply, but I have updated this post for 2021.

This may seem counter-intuitive, but I don’t think you should always answer your phone.  More and more, the person on the other end isn’t someone you know.  They just want to sell you something, or scam you, or they just want to see if they’ve got a working phone number on their call list.

So, how can you tell if your caller is legit?  Spoiler Alert: I saved the best one for last!

1. Their name and phone number pop up in the caller ID, and you recognize the name.

Many times I receive a call from “Unidentified Caller” or “Number Blocked”.  Why should I answer those calls? I primarily use my cell phone but my cell phone carrier only sends me a number, not the full caller ID info.  That is why I always add every caller to my contact list.  If it ends up being a sales call or a scammer, I block the number from being able to call me in the future.

Sure, this means I sometimes miss a call from my kid when she’s lost her phone and had to borrow a friend’s.  But then, she always leaves a message. Scammers generally won’t leave a message.

What a Scammer will say to you: "We just want to make sure your machine is okay."
     What a Scammer may say to you

2. When you don’t answer, they leave a voice mail. A scammer generally won’t.

Legitimate callers leave a message. It’s a friend or family calling from a new number.  It’s your Dry Cleaners calling to let you know you left a credit card in your shirt pocket.  To be sure, this isn’t a sure-fire way to tell if it’s a scammer or to filter out the junk calls.  I get plenty of messages that start with “If you want to make $1000 each and every day then please listen to this entire message.” But, for me at least, it works 90% of the time.

3. Their phone number doesn’t show up on 800 Notes.

There are several websites that let you check the caller’s information.  I’ve found that 800 Notes generally has current info, especially for scammers. You won’t always find out exactly who is calling you, but you can tell, if a lot of people are reporting the same number, that it’s not someone you want to talk to.

4. They don’t tell you that your computer has malware or isn’t up-to-date. (Scammer for sure!)

Recently, we’ve had several people call us to repair their computer after they’ve had a conversation with “Microsoft” or their “Internet Service Provider”.  There are variations, but it comes down to the same basic thing:

  • “Microsoft” or “Dell” or “Apple” calls to let you know that your Operating System is out of date and you need to update it right away.  The caller would be happy to update it for you if you’ll just give them remote access to your computer.
  • Your “Internet Service Provider” or ISP calls to let you know that you have a terrible virus and you are spreading it all over.  Or, they tell you that your email has been hacked and your account is sending scam emails. (If you think your email has been hacked, here are some tips to follow.) Again, they’d be happy to remove all the malware.  You just have to give them remote access to your computer, and generally pay between $75-500 for the privilege.

Unless you have already signed up for a service where you have asked a company to scan your computer on a regular basis, no well-meaning person in a legit company is going to call you to “help” you with your computer.  When someone remotely accesses your computer, they will generally add malware to it, not remove it!

Conclusion:

Phone call scammers are more subtle and convincing than ever. Be very careful about which phone calls you answer. If you’re not sure about a specific caller, let it go to voice mail.

If you’ve given a cold caller remote access to your computer, and now you’re worried that they installed a virus or other malware, give us a call.  We’ll do a complete scan of your machine and remove all the malware we find.

INFORMATION ABOUT GEEK FOR HIRE, INC.

I’ve created a Free Report to protect you from phishing scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Are VPNs worth it? Does a VPN really keep you safer?

No, I’m not talking about the monthly or annual fee, which is generally fairly low. I’m wondering: Are VPNs worth the time and effort to manage?

There are so many misconceptions about VPNs. Is it worth getting a VPN? Well, if you’re an average person, read on for the answer. Here’s what you’ll learn:Are VPNs worth it

  • What is a VPN?
  • Does a VPN keep you safer?
  • Does a VPN keep my computer safe from viruses?
  • Can someone see my internet history if I use their Wi-Fi?
  • What should you do?

We’ve all been hearing about Virtual Private Networks lately. Many security experts say you MUST have a VPN.  For example, in Extreme Privacy, author Michael Bazzell says:

“VPNs provide a good mix of both security and privacy by routing your Internet traffic through a secure tunnel. The secure tunnel goes to the VPNs server and encrypts all the data between your device and that server. This ensures that anyone monitoring your traffic before it reaches the distant server will not find usable, unencrypted data.”

(Here’s a link to my book review of Extreme Privacy.) Other experts say it is not worth the bother; that VPNs are useless. But first, let’s answer some questions.

If you purchase anything from the links on this page we may receive a small commission. As an Amazon Associate, we earn from qualifying purchases.

What is a VPN?

A VPN, or Virtual Private Network, will encrypt all data which is transmitted and received by your computer, across your network, your Internet Service Provider (ISP), and across the entire Internet to the VPN endpoint server. At that point, your data is fully open. You should know that Financial Institutions already do full end-to-end encryption, so you don’t need a VPN for financial transactions.

In addition, you can choose which VPN server you connect through. So, not only will your internet activity be encrypted, but you can also appear to be in a different location. This could be helpful if you want to watch the BBC from London!

Does a VPN keep you safer?

By itself, a VPN does not keep you safer. A VPN will encrypt your data so that no one can read it. For most people, simply practicing good digital hygiene will keep you, and your data, safe.

Does a VPN keep my computer safe from viruses?

A VPN is not an anti-virus. You still need to be careful with the links you click on and the files that you download. You should always have a good anti-virus installed.

We recommend the ESET NOD32 Antivirus!

Can someone see my internet history if I use their Wi-Fi?

Your internet surfing is encrypted when you use a VPN. Even if you are using public Wi-Fi, your data will not be in a form that can be read by a different party.

Are VPNs worth it? Won’t using a VPN use more data?

Yes. The act of encrypting your data has the side effect of slowing down your network performance. Encrypted data tends to be about 20% bigger than data sent without encryption.

Do I need a VPN at home?

If you practice very good digital hygiene, you may wonder if you really need a VPN. Great digital hygiene means:

  • Change passwords frequently – especially for financial accounts, social media accounts, and any website that has your credit card information stored. Frequently means at least once a month. If you can, change these passwords every week.
  • Use a different password for each account.
  • Log out of each app when you’re done.
  • Don’t share your passwords with other people. If you’re sharing a Netflix account with family or roommates, set it up with a brand new email address and unique password. ONly share that info with your Netflix buddies.

What are the downsides to having a VPN?

If you’re wondering, yes, I do have a VPN installed on my laptop and phone. There are times when a website I’m trying to get to blocks my access because I have a VPN. This happens sometimes with financial sites and with entertainment sites. In those cases what I need to do is to turn off the VPN and turn off the VPN Kill switch. Turning off the VPN kill switch allows me to surf freely without having the VPN turned on.

Another issue I run into is slow internet. It’s easy to blame that on my local ISP, but sometimes it is the VPN endpoint server that I am connected to. When I connect to a different VPN endpoint, many times my internet speed gets faster.

What should you do?

If you feel the need to make sure your data is not read by a third party, including your ISP, then you should get a VPN. If you frequently use public Wi-Fi, you should probably get a VPN. We use (and recommend) Nord.

NordVPN Dream deal: shorter commitment, lowest price! Get 2-years at 70% off, only $3.49/mo, total $83.76

If managing your internet connection makes your head spin, you shouldn’t get a VPN!

Should I always use a VPN?

Yes. If you do get a VPN, install it on all your devices, and always have it turned on. One of the reasons that we like NordVPN is because you can protect six devices with one subscription. Here’s another article if you’d like to learn more about VPNs. If you do need to turn it off for any reason, make sure you re-enable the “kill switch” when you turn it back on.

Are VPNs worth it – Conclusion:

For the average person, having and using a VPN makes little sense. Your bank already encrypts your data, and you (hopefully!) have a good Anti-virus installed. You are good to go without a VPN!

INFORMATION ABOUT GEEK FOR HIRE, INC.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

MORE TIPS HERE:

Tagged

10 Password Mistakes You Don’t Want to Make

As a Mac and PC repair company, when it comes to password mistakes, we’ve seen it all!  From people using “password” to log into their investment account, to people giving their email password to a hacker who calls them on the phone. (“But he sounded like a such a nice guy!”)

Here are 10 password mistakes you don’t want to make when logging into an account on the internet.

password mistakes

  1. Don’t share your password with anyone.  If someone needs to log into one of your accounts to fix something, make sure you trust them.  And when they’re done, change your password on that account right away!
  2. Don’t save your passwords in the “cloud”.  There have been a lot of hacking attempts, and corporations are not always as careful with your data as they should be.  In fact, we’ve had two customers who have lost access to their password account.  One of them needed to log into ALL of her accounts and change the password on each one! I keep all of my passwords in an Excel spreadsheet.  The spreadsheet is on my computer, which has a pretty secure password, and the file itself is password protected with a 12 character phrase.
  3. Don’t keep a written list of your passwords next to your computer. (…or under your keyboard, or taped to your wall…)
  4. Don’t keep a written list in your planner (aka calendar) or phone book.
  5. Don’t auto-save passwords on your browser.  This is the same logic as saving passwords in the cloud.  Yes, it’s a pain to have to type it in each time, but corporations like Google and even Firefox don’t always follow great processes to keep your information secure.
  6. Don’t use sequential numbers or letters, like “111111” or “12345678” or “qwertyuiop” or “abcdefgh”. Click to receive our Guide on creating a secure AND easy-to-remember Password.password mistakes
  7. Don’t use something easy to guess like “password”.  Every year top security companies look to see which are the most commonly used passwords.  (“Password” has always been in the top 5.)  Wikipedia published this list in 2018. Make sure your password isn’t on this list!
  8. Don’t use a password that’s under six characters.  The longer your password is, the better.  In 2017, it took four hours to crack a simple eight-character password and 200 years to crack a simple 12 character password.  In 2019, with computer speeds ever-improving, those times will be shorter. Take a look at this infographic for more details.password mistakes
  9. Don’t use your name or your birthday, or any personal information.
  10. Don’t use your mother’s maiden name. In the last century, most women were married and took their husband’s name.  In 2019, that’s all changed.  Along with other personal information, figuring out your mom’s last name is pretty easy.  Just take a look at one of your Facebook acquaintances for a few minutes. You’ll be able to figure out their mom’s name as well as other personal information in no time at all.

Which of these password mistakes have you made?  Are there others I should have included?  Let me know in the comments below!

Please share this with your brother-in-law, who is making these password mistakes!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Phone Scams and how to protect yourself

Privacy and Security

I’ve been reading some concerning news recently about the volume of phone scams going around. There are more and more each month.  You might wonder why there are so many of them and why the authorities can’t put an end to all of them.  There are good answers to both of those questions:

Why are there so many phone scams going around?Phone Scams

The reason is simple.  People fall for phone scams.  They voluntarily provide their user ID and password, or their name and birthday.  Worse, they’ll hand over their credit card number to a random person calling on the phone.  There are so many scams because they are profitable.  Before you say “Well, I would never do that!”, you should know that the scams have gotten much more sophisticated over the past few years. It’s only after you’ve given out your information and hung up the phone, that you realize that maybe all is not as it seemed.

Why can’t the authorities put an end to these scams?

Are you familiar with the term “Fly-by-night”? It is used to describe a person that sets itself up as a respectable business person, accepting payment in exchange for a promised good or service. Then, all of a sudden, they’ve closed up shop and moved.  Well, that’s what these bad operators are, with the added benefit of the internet.

Back “then,” you’d call the Police Department, and they would work with other Officers in the next county or state to catch them.  Today, the scammers will collect your money, and almost before your call is over, they will have changed their IP address so that it looks like they’re in a different country.

The authorities can’t put an end to the scams, because they have a challenging time catching the perpetrators.

What should you do if you fall for one of these phone scams?

First, don’t beat yourself up about it.  The people who call are very sophisticated and convincing.  They know all the right words to say to get you to give them what they want.

If you provide credit card information:

  • First, call your banker to let them know.  Ask them to deny the charge.
  • If you have online access to your bank account, log on at least once a day for the next few weeks to see if there is any suspicious activity.
  • You should also ask them for a new credit card with a new number.

If you allow remote access to your computer:

  • The first thing to do is to disconnect the computer from the internet. Unplug the ethernet cable or turn off the WiFi.
  • Next, run your virus scanner and delete any viruses or other malware that may be installed on your machine.
  • If you feel like they’ve installed something that you can’t get rid of, give us a call, and we’ll give your machine a good scrub.

How can you protect yourself from email scams?

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Conclusion:

Remember that Microsoft or Google will not call you if you have a virus on your machine.  Run your virus scanner regularly, and just say no to people who call and want to access your computer, or want you to sign up for online computer support.

Please forward this to your friends who may be susceptible to phone scams.

Information about Geek For Hire, Inc.

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

WordPress Security Tips

Do you have a blog or a static website?  Are you as concerned about WordPress security as I am?  I remember a day about two years ago when I received an email. WordPress locked the Geek For Hire website. When I frantically tried to log back in, I wasn’t able to.  I ended up by successfully logging in using Chris’ credentials.  Thank goodness I had set up two admin accounts! After I logged in, I deleted all of the other admin accounts.

(We sometimes provide links to products or services that we think will be beneficial to our readers.  Some of those links provide a small commission to Geek For Hire.)

How to ramp up your WordPress security:

There are several things you can do to make sure your WordPress site is secure.Wordpress Security Tips

  • First of all, don’t use “admin” as your login name.  If someone wants to hack your website, they will need two things.  One is your user id or your email.  The other is your password.  Admin is the most common user id for WordPress sites.  It’s kind of like using “password” as your password.  Don’t do it!
  • Your next step will be to play with your user id. Because “admin” or your name are standard user id’s, you want to use something unexpected. Make your user id something non-sensical.  A string of letters, numbers, and special characters will work.  Think of it as another level to your password.
  • Third, make sure your password is ultra secure.  WordPress has an option where they can generate a password for you.  I think it’s about 20 characters long with a healthy mixture of small and capital letters, numbers, and special characters.  Please use this option.
  • Fourth, check your list of users every few weeks.  There should only be you and whoever else you have authorized to have access to the account. If there are any other users, delete them.
  • Finally, use one of the WordPress plugins to ensure extra security. I use iThemes Security Pro. It has saved our website many times.  Because we have a name that is attractive to hackers, they constantly bombard us with break-in attempts; anywhere from 100-500 every day. If someone tries, unsuccessfully, to log into our account too many times, iThemes will lock them out.  We’re pleased with the level of protection they offer.

What we’re dealing with:

Here’s an example from one day last week.Wordpress SecurityYou can see that there were 243 separate login attempts, and one IP address has been locked out from trying to log in again.

Conclusion:

If you are concerned about WordPress Security, remember to use a secure password, do use an odd user id, check your users, and sign up for one of the WordPress plugins.

Please forward this to your colleagues who manage a static website or blog.

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

NoScript – Another Key to Staying Safe

My NoScript stopped working yesterday so I had the chance to peek over Chris’ shoulder as he was reinstalling it.  I almost felt naked without it.  I know that NoScript protects me and ensures that I’m not sharing private data with entities that shouldn’t have it.

What is NoScript?

NoScript is a free extension that works with Firefox, Chris’ browser of choice. It blocks all web content that requires Javascript, Flash, and Silverlight in order to fully display content.  In order to display that content, you must specifically allow it by adding the website to your “white list.”

Why would I want to block Javascript?

Many of the bad actors out there use Flash and Javascript to install malware onto your machine.  There have been times when I have clicked on a website without realizing what it was.  Once the site opened, I realized I REALLY DID NOT WANT TO BE THERE.  If I did not have NoScript installed, it would have run all of the scripts on that site without asking permission ahead of time.  Once the scripts start running, they can install all sorts of stuff on my machine.

How do I get NoScript?

Start by opening your Firefox browser and then follow these easy steps:

  1. On the top menu bar, click on “Tools”, and then “Add-ons”
  2. A new tab will open. Then click on “Extensions”
  3. In the search box, enter “NoScript”
  4. Click on “NoScript Security Suite”
  5. Then click on “Add to Firefox”

My websites look all weird now!

Once you’ve installed NoScript, you’ll notice right away that pages won’t load as you expect them too.  You’ll need to spend some time training NoScript about which web sites you trust.  Notice that at the top right of your Firefox window, you’ll see a red “S” that looks like this:

NoScript

Now, What Do I Do?

Click on that button and you’ll see a list of websites that NoScript is not allowing to fully load. Then click on “Temp TRUSTED” or “TRUSTED” for each site that you want to load.  You’ll be surprised at the number of scripts that want to load for each web page!  Sometimes, you’ll need to do this another time or two until the page loads to your satisfaction.  Here’s an example for Facebook:

NoScript

Note that if you select “Temp TRUST”, you’ll need to redo this step each time you load that page.  Once you’ve selected which sites you’ll trust, click on the green circle to “reload”.  Once you reload, there may be additional pages that the website wants to load.  I’ve noticed that these are generally for tracking and ads.

I hope this keeps you safer on the Internet!

If you found this helpful, please forward it to your friends!

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!  Prime is normally $119/year, but you can try it for 30 days for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Secure Texting with the Signal App

I know I’m a little behind the times, but I just found out about Signal, a secure texting app that provides a higher level of data encryption than any of the other texting apps out there.  I’ve been looking for something different ever since I found out that Facebook acquired WhatsApp.  (And, again, a little behind the times since Facebook acquired WhatsApp in 2014!) But, then again, even the founder of WhatsApp thinks that it is time to dump Facebook as this tweet reflects from earlier in the year.

Secure Texting with Signal

What’s wrong with WhatsApp? I thought it had secure texting:

And, while WhatsApp says it provides secure texting, it is still owned by Facebook.  From the WhatsApp website:

“WhatsApp’s end-to-end encryption is available when you and the people you message use our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp.”

And, in my view, a for-profit company known to sell private data to the highest bidder is not on my “to be trusted” list.

Why is Signal better:

When I found out about Signal a few weeks ago I downloaded it right away.  I was surprised to see who of my contacts are already using Signal.  Even some of my family are on that list!  Signal is a secure texting messaging app.  It is free for the download from iTunes (you’ll need iOS 9.0 or later), or the Google Play Store (you’ll need Android 4.0 and up). Because it provides end-to-end encryption no one can view the messages you send except you and the recipient.

From the Signal website:

“Signal messages and calls are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We can’t read your messages or see your calls, and no one else can either.”

“Signal has never taken VC funding or sought investment, because we felt that putting profit first would be incompatible with building a sustainable project that put users first.”

In addition to secure texting, you can also use Signal for phone calls and video chat.

Here’s what Mashable has to say:

“By allowing you to have truly private conversations, Signal changes that equation. Why is this so important? This year, perhaps more than ever, we’ve seen just how asleep at the wheel tech giants are when it comes to nefarious actors using their platforms to sow discord and incite violence. Taking your conversations, and, by extension, valuable data about your so-called social graph off those platforms is one way to fight this.”

And more from Wired about secure texting:

“There’s one messaging app we should all be using: Signal. It has strong encryption, it’s free, it works on every mobile platform, and the developers are committed to keeping it simple and fast by not mucking up the experience with ads, web-tracking, stickers, or animated poop emoji.”

If you found this helpful, please forward it to your friends!

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!  Prime is normally $119/year, but you can try it for 30 days for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Secure WiFi on Vacation

secure wifi on vacationGrowing up with a Dad who was a psychiatrist, August was always the month for vacations.  (As I got older I used to worry about his patients who were left alone for an entire month!)  There are some things you can do to make sure you have secure WiFi wherever you are in the world.  The most important is keeping your WiFi use safe and secure.

Here are some steps to take before and during your vacation:

  • Set up a throwaway email before you leave.  While you are gone, you will be asked numerous times for your email address.  Lots of times, they just won’t take “no” for an answer.  Head over to Google’s Gmail sign up page for a new (free) account. Remember the password, and be sure you set up auto-forwarding to your main email address.  You’ll want your smartphone to be able to receive any access codes that may be sent.
  • When you’re going for free WiFi, try to use well-known companies.  For example, Starbucks or the Hilton are well known for their secure WiFi and aren’t likely to steal your info for nefarious use.
  • Whatever you do, don’t try to connect to WiFi with names like “TellMy WiFi LuvHer”, or “FBI Surveillance Van” or  “Hacker 547”.  (Yes, I’ve seen all of those.)  Remember the old adage – “If it’s free, YOU are the product”.  Think about what they might be getting out of the transaction to provide you with free WiFi.
  • Sometimes the rest stops on the Interstate highways will have free secure WiFi, but only if you provide them with your email address and zip code.  This is where that new throw-away email comes in handy.  If they do ask for your name and zip, remember that you don’t have to give them your real info.

If you found this helpful, please forward it to your friends!

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!  Prime is normally $119/year, but you can try it for 30 days for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Tagged