Category Archives: identity theft: identity fraud
Facebook announced today that YubiKey & FIDO U2F will be protecting Facebook suers. Congratulations, if you have a U2F YubiKey! So how do you set it up to protect your Facebook account? Follow these instructions and you’ll be protected with the simplicity of YubiKey two-factor authentication in no time! The following ‘How to’ was provided by Yubico.
Here is how you setup your YubiKey with Facebook:
- Latest version of Google Chrome browser (or at least version 38) or Opera browser
- A FIDO U2F Security Key by Yubico, YubiKey 4, YubiKey 4 Nano, YubiKey NEO*, or other Yubico U2F-enabled YubiKey
- A Facebook account
*YubiKey NEO requires firmware version 3.3 or later (available since October 2014)
SETTING UP YOUR FACEBOOK ACCOUNT
- In Google Chrome or Opera, log in to Facebook.
- Click the arrow at the top right, and then click Settings.
- In the Security Settings page, in the left pane, click Security.
- Next to Login Approvals, click Edit.
- Under Code Generator, click the link to set up a third party app to generate codes.
- Scan the QR code with your favourite authenticator app that you use to generate codes (or enter the secret key manually, if required).
Apple iOS devices* support a useful data security feature called ‘Erase Data’. This feature if enabled (and you use a passcode), will erase all your iOS data after 10 failed passcode attempts. Enabling this feature should be a priority, especially if you lose your device.
The 10 times failed passcode attempts is consecutive, not cumulative and performs the same data erase as General > Reset > Erase all content and settings. Here is how you enable ‘Erase Data’:
- Open > Settings > Tap > ‘Passcode’ option (see note below)
- Turn the toggle on next to ‘Erase Data’
- Confirm the change and tap > Enable button
Note: If you use Touch ID, this option is called ‘Touch ID & Passcode’
IMPORTANT: In the event, you accidentally erase your iOS device, it’s a good idea to regularly backup your device in iTunes, so you can recover your data.
How do you recover your data to your iOS device?
The encryption key will be deleted on the device when using the ‘Erase Data’ feature. You will then be forced into recovery mode to continue with restoring your iOS device, which can be done from a recent iTunes backup. If you don’t backup up your iOS device, your device will be restored as new.
Here in the UK, there is a trend for companies to sell your personal identifiable information (PII) to trusted third parties. Companies can gain significant commission from doing this, but ultimately this poses the question – why do companies expose your personal information to the risk of data breach and in particular identity fraud? Data breach is a serious issue which can compromise us all.
Mobile phone companies are sharing your data with marketing companies (including your business account) to third parties who attempt to sell you a new product or service (i.e. new improved plan). You don’t want your business data (nor your personal data) transferred to a third-party as your contract is with the mobile phone company.
I’m sure you’ve had a call from a marketing company and you ask yourself how do they have my mobile number and other personal information? If you ask them this question, some will tell you they are an “authorised partner”. This doesn’t help you – How do you know they are who they say?
When you get a call from a marketing company about a new mobile product or service you should do the following:
This will also allow you to sync across Safari with your third-party apps that support the iCloud Keychain. The Keychain also stores your Wi-Fi networks and can be used as a password generator. The information is securely stored using 256-bit AES encryption.
If you are like me and have several Apple device i.e. Mac, iPhone, iPad and/or iPod, you will most likely want to use iCloud Keychain as this means you don’t have to manually reenter your login credentials for each of your devices. You are protected from bad actors, in the event someone manages to guess your password. Refer to my previous post How to enable iCloud and iTunes two-step verification to learn more about how you can protect your Apple ID.
You can setup iCloud Keychain for the first time on your Mac or iOS device. It’s up to you. For the benefit of this post, we will be using a Mac.
NOTE: The following assumes you use a Mac password to login.
Over the past few weeks you may have seen the celebrity photo leaks story regarding iCloud data being hacked. Apple has recently addressed this hacking issue by introducing an additional layer of security called ‘two-factor authentication’.
Two-factor authentication uses your mobile device to authenticate any changes that are made to your login credentials i.e. password and or if a bad actor guesses the answer to your security question.
To be able to setup this authentication you will need to visit this URL: https://appleid.apple.com/ where you will be able to create an Apple ID and manage your Apple ID. You also have the option to reset your password.
- Click > Manage your Apple ID (you will be presented with the sign in screen)
- Next > enter your Apple ID password (you may be presented with ‘Improve Your Password’ screen)
- You should reset your password. As you type in your password it will tell you whether it’s too short; weak; moderate; strong etc. Now you are logged in.
- Choose > Password and Security (this can be found from the navigation options on the left)
- You will now be asked to verify your security questions. Once done, scroll down to the > Two-Step Verification section