security

Is there an Android app that could simplify the process of logging onto public Wi-Fi?

Episode 1457

Gary from Rancho Cucamonga, CA
LastPass on mobile

Leo says there's a new feature in Android Oreo 8.1 — it will let you know how fast a Wi-Fi access point is before joining it. Leo says any password vault should enter his password into the web portal when he signs in. Leo prefers using password vaults to any mechanism offered by the browser or phone itself. Password vaults will remember all of his passwords, and on Android, it will actually fill in the password automatically.

Jackpotting Attack Hits US ATMs

Episode 1458

ATM

There's a new attack that has been affecting ATMs around the world, and it's called "Jackpotting." It causes ATMs to dispense all of its cash. Hackers are using endoscopes to gain access to the interior of an ATM in order to connect to it and hack into the ATM's Windows XP operating system. Then, the once the malware is installed, a remote command is given to spew out 40 bills every 23 seconds.

Read more at krebsonsecurity.com.

Do I really need an antivirus?

Episode 1457

Joe from Long Beach, CA
Windows Defender

Joe wants to know how effective antivirus software is. Leo says it can work, but it really does give users a false sense of security. Zero Day exploits can still nail people within 24 hours of discovery. They can also expose people to more flaws. That doesn't mean Joe shouldn't have one, though, but Leo recommends not buying anything third party. He should stick with Microsoft's own Defender that comes with Windows 10. Ultimately, though, his online behavior is his last, best line of defense.

How does Apple's two-factor authentication work?

Episode 1457

Ed from Clairemont, OK
Apple Two-Factor Authentication

Ed set up two-factor authentication on his Mac. But it when he logs into his Apple account, it sends the two-factor authentication code to his Mac. How can that be secure? Leo says it isn't. Apple's idea of two-factor authentication is kind of interesting. The argument is, if he has the password, and he controls the hardware the two-factor code is sent to, then there's a good chance that he is who he says he is. But it would be much better to send it to the smartphone.

Is my Mac infected with malware?

Episode 1457

Brad from Wells, NV
MacBook Pro

Brad accidentally downloaded some malware, but he can't find it to remove it. Leo says downloading a file is only half the equation. He then would have to run it. Since he can't find it, even in his download log, it's likely it was a failed download. On top of that, Brad runs a Mac, so he's even more secure than Windows. But he should always make sure he keeps his computer updated, just in case.

How strong is the encryption on Microsoft Office documents?

Episode 1456

Mike from Riverside, CA
Microsoft Office

Mike is wondering how good the encryption is in Microsoft Word and Excel documents. Leo says it's actually pretty good and that it's adequate, but not uncrackable. Leo says it's hard to crack stuff on the web when a service can slow the attacker down. But if someone can get a document that's locked and own it, there's nothing to stop them from trying a million passwords a second, and brute-force that document. Having said that, Microsoft has started using strong encryption on documents. The weak link will be the password.

How can my wife unlock her Android phone if she's forgotten the pattern?

Adrian from Irvine, CA

Episode 1455

Adrian's wife did a sliding pattern to lock her mobile phone and now she can't remember it. How can she unlock it? Leo says that in theory, Android doesn't want to give users a way around it, otherwise it would be useless for security. However, it's possible that if she has a Samsung account, she could have it backed up. There's also a way to do it by connecting it to a PC running Android Device Manager. Through that, she could unlock the phone.

Should I use Norton AntiVirus?

Episode 1455

Antonio from Chico, CA
Shield

Antonio signed up for Google Docs and he's been offered Norton to protect his files. Leo says he hates antivirus, and Norton is one of the worst. Leo recommends staying with Microsoft's Defender and keep it updated. At the end of the day, it's his behavior online that will be the last line of defense. So, here are a few things he can do to protect himself online:

Has my Bitcoin wallet been hacked?

Episode 1453

Mike from Bakersfield, CA
Coinbase

Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.

How to Set Up Two-Factor Authentication

Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication requires more than just a 1 factor to login. This could include two of the following: something you are (such as biometrics like fingerprints or iris scans), something you know (a password), or something you have (a smartphone or hardware key). This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site.