Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.
Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication requires more than just a 1 factor to login. This could include two of the following: something you are (such as biometrics like fingerprints or iris scans), something you know (a password), or something you have (a smartphone or hardware key). This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site.
There's a botnet called "Reaper" that has been growing at an alarming rate. It's a network of compromised devices, mostly routers, that is likely in the millions. We don't know who is doing this, or who's controlling it, and we can't stop them from doing it. It's sophisticated enough that it could be a nation and not just an individual. We still have no idea what it could be used for, either.
Carlos wants to know about biometric behavioral passwords. Leo says that the idea has been around for awhile. Google uses gate analysis to know if you're the one holding the phone. It could be the future.
Karen has a Samsung Phone and Tablet and she is getting a popup in her phone that will allow her apps access to her phone data. Leo says that Android works by requiring permission to do things as she needs them. So when she's opening an app to do something, the app is requesting access in order to do what she wants it to do. That kind of behavior is OK, but if it's out of nowhere, then she's right to be suspicious.
Tom wants to know where he can find a YubiKey, and whether or not it's accessible for the blind. Leo says they are accessible, and he can get it at yubico.com. This is a little USB device that plugs into a USB port, and the computer sees it as a keyboard. The YubiKey will light up, and then press the button on the key. Just make sure the cursor is in the correct field that it will need to fill, and it will fill in the password. This doesn't work for an iPhone, however, because it doesn't have a USB port.
You may have heard about the latest Wi-Fi vulnerability in the news called “KRACK” or “Key Reinstallation Attack.” This is a security flaw in the WPA2 protocol that could allow a third party to intercept network activity between a router and a device. It does this by taking advantage of a problem with the way the client (your mobile device or computer) authenticates with the access point (the router).
Avast/Piriform has confirmed that its popular CCleaner app has been infected with malware for the last several months and that users who have used it may have had their computer's compromised. Avast says they believe that they've fixed the problem and that no users have been harmed by the hack. But Leo says he worries about the term "we believe," and this is yet another reason why using these kinds of apps to protect yourself gives you a false sense of security.
Facebook's top security officer says that it's really hard to keep bad guys off their site. Testifying before Congress, he said that buying so-called dark ads is hard to stop. Leo says that's because they're willing to pay for it. Leo adds that Facebook really needs to do eliminate dark ads completely and have every ad be seen in the light of day so we know who's buying the ads. But Facebook doesn't want to do that.
Alvis has a MacBook Pro with a Kensington Lock. But on the new MacBook Pro, there's no way to use the lock to keep a new MacBook secure. Rich says that he can stick a third party hoop onto the laptop. There's also a USB lock that could work. But then again, the USB-C port means he can't do that either.
The chatroom suggests MacLocks.com for ways to lock up his system, and most are third party solutions.