Tech 'n Savvy

7' Cybersafety Tips 'n Myths

September 09, 2021 Tech 'n Savvy Episode 7
Tech 'n Savvy
7' Cybersafety Tips 'n Myths
Show Notes Transcript

April and Emily discuss what is cyber safety, their personal tips, news, and some myths. Emily gets her math on debunking random character vs passphrase passwords and April talks about how the pandemic impacted cyber safety. 

Resources
CSNP Cyber Safety: https://www.csnp.org/cybersafety
HaveIBeenPwned: https://haveibeenpwned.com/
Random Word Generator: https://randomwordgenerator.com/
Cyber Safety News: https://www.cybersafe.news/
Duck Duck Go: https://duckduckgo.com/

00:00:00 Emily 

Hi everyone, welcome to Tech 'n savvy. 

00:00:02 Emily 

I'm Emily a 

00:00:03 Emily 

Quantum computing consultant. 

00:00:05 April 

And I'm April 

00:00:06 April 

A software engineer. We're best friends passionate about tech and how it impacts the world today. 

00:00:12 Emily 

Join us as we bring a little tech and savvy into your day. 

00:00:21 April 

Hey everyone, welcome to season 2 of tech 'n savvy. 

00:00:24 April 

Today we're discussing cyber safety and giving you tips to stay safe online. 

00:00:30 April 

Welcome back, Emily. 

00:00:32 April 

Yeah, it's good to be back, isn't it? 

00:00:35 April 

Yeah, we have a lot of exciting things planned for season 2 of tech 'n savvy and we've made a couple of changes during our little hiatus that we took. 

00:00:48 Emily 

Yes, I'd say the main one is for 

00:00:52 Emily 

Right now we're just going to be doing audio. 

00:00:53 Emily 

We're going to try that out because, you know, we don't like looking at ourselves. 

00:00:59 April 

And the video editing. 

00:00:59 

And it's easy. 

00:01:00 April 

Is so stressful, it's very stressful for me so. 

00:01:05 Emily 

So we're going to keep it simple. 

00:01:08 Emily 

And we're also going to try to release biweekly, so have more of a standard release. 

00:01:14 Emily 

Instead of we were doing monthly, right, April? 

00:01:17 April 

Yeah, it was monthly. 

00:01:19 April 

Sometimes it was every six weeks. 

00:01:21 April 

Uhm, but yes, we're definitely trying to be more consistent this season, which will be helped by the fact we're not doing, you know, video, so just editing audio is much less stressful because people don't have to. 

00:01:35 April 

Look at you. 

00:01:37 Emily 

And I guess the last change is we want to have more episodes like this that are just the two of us without a guest so that we can, you know, talk about topics just between us that we're familiar with and also hopefully you can get to know us better. 

00:01:53 Emily 

Possibly. So April, 

00:01:56 Emily 

What has been 

00:01:57 Emily 

Up with you in the last month or so since we recorded? 

00:02:02 April 

So yeah, I mean last time we posted was early in June and around that time I started a new job as a technical consultant. 

00:02:10 April 

So I've been spending a lot of time, you know, kind of learning the ropes at my new job. 

00:02:17 April 

Also got the chance to go on vacation, so that was 

00:02:21 April 

great. Getting some.. 

00:02:23 Emily 

Swim with some sharks. 

00:02:25 April 

And yes, I swam with sharks, not in a cage like actually in water with the sharks it was traumatizing but also really fun. 

00:02:34 April 

Uhm like. 

00:02:37 April 

I would not recommend it if you like get panicked very easily 'cause they were very close but it was fun. 

00:02:47 April 

So once in a lifetime opportunity meaning literally once, I will never do it again. 

00:02:55 April 

It was, it was crazy, but it was fun. 

00:02:57 Emily 

It was glad you survived me too. 

00:03:02 April 

Me too. And then yeah, so vacation and then, beyond that, uh, right now I'm just working on getting my associate cloud engineer certification for 

00:03:14 April 

Google cloud platform. 

00:03:16 April 

Uh, that's my big goal for 

00:03:19 April 

the end of the year. 

00:03:22 April 

What about you, Emily? 

00:03:23 April 

What have you been up to? 

00:03:25 Emily 

Well, nothing as exciting as you. 

00:03:29 Emily 

The last few months have definitely been different for me. 

00:03:33 Emily 

I've spent a lot of time focusing on my health, which is something that I don't put first usually, but is very important and I also. 

00:03:43 Emily 

As you know April, have carpal tunnel. 

00:03:46 Emily 

I developed carpal tunnel in both hands. 

00:03:49 Emily 

And it's because it's mostly because of coding typing and I was doing everything in the worst way possible, like not even just, not ergonomically correct, but really, just like sitting in these weird positions as I'm coding or typing. 

00:04:05 Emily 

And yeah it got so bad I I couldn't use either of my hands for anything. 

00:04:08 Emily 

It was pretty painful and I've been going to physical therapy, so that's kind of my exciting. 

00:04:14 Emily 

It's very exciting news and I have a much better set up, so I'm hoping this doesn't happen again, but. 

00:04:22 Emily 

Yeah, that's I guess a warning for anyone who's. 

00:04:26 Emily 

A coder and not in a good set up. 

00:04:28 Emily 

Definitely get yourself a nice set up. 

00:04:31 Emily 

Other than that, I've I've been trying to make new friends too. 

00:04:36 Emily 

We're both in Chicago and obviously we have each other, but. 

00:04:40 April 

So that's it. 

00:04:41 April 

It's not enough like you 

00:04:43 April 

Can hear the "but" it's there. 

00:04:43 Emily 

It's definitely well if you lived in the city instead of the suburbs, and I could just have you come over in 5 minutes, you know. 

00:04:51 April 

You can see. 

00:04:54 Emily 

Yes, uhm. 

00:04:56 Emily 

Uh, work wise I I did get to present at Business School last week. 

00:05:02 Emily 

That was very exciting. 

00:05:03 Emily 

I talked about some quantum machine learning algorithms that I've implemented and it was very exciting. 

00:05:10 Emily 

That was my first Business School talk. 

00:05:12 Emily 

Hopefully not my last. 

00:05:13 Emily 

So yeah, that's about. 

00:05:16 Emily 

Sums it up. 

00:05:18 April 

Yeah, that sounds like we've both had a very interesting summer so far, but we're definitely ready to get back to tech 'n savvy and, you know, keep learning together about different areas within tech and you know that kind of brings us into today's topic. 

00:05:38 April 

Which is cyber safety. 

00:05:40 April 

So Emily, when you hear the word cyber safety, what's like the first thing that comes into your mind? 

00:05:48 Emily 

Yes, so when I hear the term cyber safety, I think of personal cybersecurity as opposed to like enterprise security. 

00:05:57 Emily 

And I would say my first 

00:06:01 Emily 

encounter that I could remember is actually my dad. 

00:06:05 Emily 

Uhm, talking about viruses, I don't know how old I was. 

00:06:09 Emily 

Maybe in elementary school. 

00:06:10 Emily 

and he had just, 

00:06:13 Emily 

He just described like what a virus was and how he had a windows computer. 

00:06:17 Emily 

Of course it was very susceptible to viruses and I think I would use the computer for random things and that was always a 

00:06:24 Emily 

He was always like getting upset with me, if I wasn't doing things correctly because you know. 

00:06:32 Emily 

I didn't really take it seriously, but he kind of emphasized the importance of antivirus things like that, so I think that was my first encounter. 

00:06:40 Emily 

But I have to say I really didn't take it seriously, 

00:06:46 Emily 

overall like cyber safety, I didn't think about it that much until I got my first job. 

00:06:52 Emily 

This was out of college. 

00:06:54 Emily 

I was a cryptography engineer and that's actually where April and I met so. 

00:07:00 Emily 

TBT that job. It was a great job and I learned so much but just being immersed in the cyber security world. 

00:07:09 Emily 

Suddenly I realized all these things I was doing wrong and some of the tips that we'll talk about are things that I was not doing. 

00:07:17 Emily 

Some things like reusing passwords, and I don't even know just things that I should have been doing and I was not so. 

00:07:26 Emily 

I can't really, I I know once I came home like the winter after starting that job, I was telling all my friends like Oh my God, you need to use two factor. 

00:07:33 Emily 

You need to use a password manager like. 

00:07:35 Emily 

I was suddenly and I was explaining all these like random attacks that could happen. 

00:07:39 Emily 

I was. 

00:07:40 Emily 

I was so excited about it but I think I was like. 

00:07:43 Emily 

Overwhelming to my friends of how like interested I was, but. 

00:07:48 April 

Well, obviously you learned a lot during that time. 

00:07:52 April 

What would you say are some of your top tips for people to stay safe online? 

00:07:58 Emily 

Yes, so my first tip that I tell everyone this is something I always emphasize is to have a good backup strategy. 

00:08:08 Emily 

So if you get hit with ransomware, which basically what ransomware is, it's type of malware. 

00:08:14 Emily 

So it goes on your computer, it encrypts 

00:08:17 Emily 

all of your files, and then the hacker has the decryption key, and they're basically holding your data for ransom. 

00:08:25 Emily 

And they might charge thousands of dollars to get your data back. 

00:08:29 Emily 

And even if you pay, they might not give it back. 

00:08:31 Emily 

There's not necessarily, well 

00:08:33 Emily 

There's no guarantee, right? 

00:08:34 Emily 

It's a hacker. 

00:08:36 Emily 

Uhm, so when that happens, there's a whole Reddit of people asking like what can I do and 

00:08:43 Emily 

really, the main thing you can do is restore from backup. 

00:08:47 Emily 

And the problem is, if you don't have a backup, then there's really not much you can do. 

00:08:52 Emily 

You can't break that encryption, they're usually using AES or advanced Encryption standard, which is 

00:09:00 Emily 

unbreakable to everyone and 

00:09:02 Emily 

So the best thing to do is have 

00:09:06 Emily 

Three different I think 

00:09:08 Emily 

3 different versions of everything. 

00:09:10 Emily 

I like to have 

00:09:11 Emily 

One backup that I backup recently and then another backup that I have that I backup maybe every six months and I keep them in different physical locations as well. 

00:09:24 Emily 

The importance is just having a strategy. 

00:09:27 Emily 

The second one I'll say is to check websites. 

00:09:31 Emily 

So you want to make sure that the URL has HTTPS, not HTTP, and for I think most browsers they'll put a little lock in the corner to show you your connection is secure. 

00:09:45 Emily 

Here you can click on the lock and then go to the certificate and it'll show the certificate is valid and you can dig through and look at all 

00:09:55 Emily 

These details actually of the cryptography that's securing 

00:09:59 Emily 

Your communication with this website and this is incredibly important because otherwise your data that's being passed back and forth is not encrypted, so 

00:10:09 Emily 

Someone could eavesdrop on that information. 

00:10:12 Emily 

Also you might not be going to the website that you think you are, there's just there's a lot of risk. 

00:10:17 Emily 

So definitely using HTTPS where the S stands for secure, not HTTP. 

00:10:24 Emily 

And the last one, I'll say the one that I have talked about talked to all my friends about was the two factor authentication. 

00:10:32 Emily 

Two factor authentication is where you have, 

00:10:36 Emily 

You need two different things to log into an account. 

00:10:39 Emily 

So for instance you put your password in and then you also put a code from your phone. 

00:10:45 Emily 

And that code can be texted to you. 

00:10:48 Emily 

It could be a code that was emailed to you. 

00:10:51 Emily 

I think the best way to do it is to use an authenticator app. 

00:10:56 Emily 

There's a lot of authenticator apps, and they're more secure than having it texted to you, so it just shows the code on the app, and, uh. 

00:11:05 Emily 

A lot of two factor authentication, 

00:11:08 Emily 

websites that use two factor authentication, will give you that as an option too. 

00:11:12 Emily 

If your username and password gets leaked, which happens a lot, a hacker will try to get into your different accounts. 

00:11:22 Emily 

But if you're using two factor authentication, then likely they cannot do this. 

00:11:27 Emily 

There are certain ways to bypass it, but for the most part it only adds security. 

00:11:36 Emily 

Two factor authentication can definitely be annoying to use, and so I try to think about is this a account that I would be really upset or even devastated if it got, 

00:11:48 Emily 

If somebody got into it, so maybe it has financial data. 

00:11:52 Emily 

Or maybe it's your LinkedIn or your Instagram and you don't want people to have access to that or your Facebook. 

00:11:58 Emily 

Maybe you have a lot of Facebook messages that you do not want anyone to be able to get into and see. 

00:12:04 Emily 

For things that are that essential, I would say use two factor authentication. 

00:12:10 Emily 

Those are my three top tips. April, 

00:12:12 Emily 

What are your tips? 

00:12:15 April 

Yeah, and then just before we go into mine, I do want to say definitely look into HTTP versus HTTPS. 

00:12:22 April 

You know, like I've gotten to the point that if I go on like a shop site, or even just any general business website and they don't have like have the lock to show that you know like it's secure. 

00:12:35 April 

Or there's like that message that says the site isn't secure like I immediately like get off and. 

00:12:43 April 

You know, like just try to find some other website or something because yeah, like you're, you're not. 

00:12:50 April 

You don't even have an updated certificate, but you want me to send you money? 

00:12:54 April 

No, definitely not. 

00:12:59 April 

And I guess for for my 3 tips the first one, which is one of my favorite ones to tell people all the time, is to use a password manager because it's not really secure to use the same username and password for every website. 

00:13:15 April 

However, it's also very inconvenient  

00:13:18 April 

to have to create a new password for every single website and this is where password managers really come in handy, because number one you can store your credentials securely in them, so you'll you know you always have your password manager, so you know you'll never forget your password and then also, 

00:13:38 April 

If you're having trouble like coming up with passwords, some password managers will generate a password for you, so I find password managers to be a really nice way of keeping track of your special credentials. 

00:13:54 April 

I would say they're relatively easy to use and a lot of them are free or very low cost. 

00:13:59 April 

For my second one, kind of off, the Internet is to sign up for identity theft protection. 

00:14:07 April 

If your credit card offers it. 

00:14:10 April 

I know my credit card company, they offer identity theft protection for free with my account. 

00:14:17 April 

So not saying it's foolproof, but 

00:14:20 April 

It is a relatively easy and free way for you to, you know, be constantly checking to make sure your personal information isn't online, which if your personal information is online, like your Social Security number, that. 

00:14:37 April 

Could really impact you, so just signing up for something simple like that can really keep you in the know. 

00:14:44 April 

And my third tip is to use a VPN to protect your personal data while you're surfing the Internet. 

00:14:53 April 

VPN stands for Virtual Private Network and the way a VPN works is that it creates a secure private connection on top of your Internet connection and masks your IP address so that your online activities your browsing. 

00:15:12 April 

All of that is virtually untraceable. 

00:15:16 April 

Now one one of the popular ways people know about using VPN's is that you know if you're using Netflix US and you switch to a different VPN location, you can get the Netflix in a different country so. 

00:15:32 Emily 

You've never done that right? 

00:15:32 April 

That's one way.. 

00:15:34 April 

Obviously not Emily, what do you think? 

00:15:37 April 

Who do you think I am? 

00:15:43 April 

But it's not just good for you know, being able to catch all your shows in all the area codes. 

00:15:50 April 

It's also good for protecting your personal data while you're while you're surfing the Internet. 

00:15:57 April 

You know these websites track everything from your location to your cookies. 

00:16:02 April 

And a VPN is a good way of like protecting your footprint. 

00:16:07 April 

So all these companies don't have access to you and are able to track you and what other websites you're going to. 

00:16:14 April 

So if you're really trying to protect your browser history, I would say using a VPN is a good option. 

00:16:22 Emily 

Those are great tips. 

00:16:23 Emily 

I I totally agree. 

00:16:25 Emily 

I use VPN password manager, I didn't know about the identity theft protection 

00:16:30 Emily 

that credit card companies offer. 

00:16:33 Emily 

I'll have to look into that. 

00:16:35 April 

Definitely something to look into because it's nice that when I get that a notification every month, like your Social Security number didn't show up on any 

00:16:44 April 

You know black listed websites. Or you know they even tell you, 

00:16:50 April 

Tell me like if I opened up a new account under my name, they'll tell you like 0. 

00:16:55 April 

New accounts opened under your Social Security number this month. 

00:17:00 Emily 

And did you have to specifically enroll in it? 

00:17:04 April 

Uh, yeah, it was like it was just like the, you know. 

00:17:07 April 

It's basically one of those things you tap in it and then you just click the button to enroll and then you're enrolled in it. 

00:17:13 April 

But yeah, it's not something, UM, automatic. 

00:17:18 Emily 

Yeah, that's that's very interesting. 

00:17:19 Emily 

I'll have to look into. 

00:17:21 Emily 

The credit card and I know that password managers also can offer a lot of other services like dark web monitoring. 

00:17:31 Emily 

Well, I don't know, but I was just looking at my password manager a minute ago so. 

00:17:40 Emily 

Yeah, thanks for those tips, April. 

00:17:43 Emily 

Now let's transition into talking about cyber safety in the news. 

00:17:47 Emily 

So where have you seen cyber safety in the news recently? 

00:17:53 April 

So there are actually two instances recently that I saw some articles online that I thought were really interesting. 

00:18:01 April 

And the first one was that Instagram was launching and has launched a security checkup to help users recover their hacked accounts, which is very prevalent across Instagram. 

00:18:17 April 

And then also Facebook users are always their accounts are always getting, you know. 

00:18:22 April 

Hacked and it's important to be able to get control back if someone hacks your account. 

00:18:26 April 

And so Instagram has implemented a new security feature called Security Checkup where it will help users keep track of 

00:18:37 April 

Who signed into their account recently so they can see was that them? 

00:18:41 April 

Where was the account signed into? 

00:18:43 April 

And they're also really starting to push for their users to enable two factor authentication, which is one of the tips that Emily had mentioned earlier. 

00:18:54 April 

Because you know that extra layer of security will really protect you against those hackers who only have your username and password, and it will also help you 

00:19:06 April 

Recover your account. 

00:19:09 Emily 

That's great, and that's good that they're pushing for two factor. 

00:19:13 April 

Yeah, definitely. 

00:19:14 April 

I think that it. 

00:19:15 April 

It really makes a lot of sense, especially because you know, in this day and age, so many people livelihoods are attached to their social media accounts. 

00:19:25 April 

Like you know, their work and their opportunities they get for work is tide directly to their social media like Instagram. 

00:19:33 April 

So being able to have access to accounts like that at all times is something that's really important. 

00:19:40 April 

You know your Instagram? 

00:19:42 April 

You know Facebook, Instagram, they collect so much data on you and you don't want to lose that to someone who you know just guessed your username and password and now they have access to your whole life, really. 

00:19:56 Emily 

That'll also help too. 

00:19:57 Emily 

There's a lot of young users on these social media. 

00:20:00 Emily 

Sites and they don't always. 

00:20:04 Emily 

I mean, everyone of all ages doesn't necessarily know all of these security best practices, but I would say especially young users just aren't thinking of that and speaking as someone who was not thinking about things like that, that's really great that they're implementing it. 

00:20:21 April 

Yeah, and like you said, young kids, I remember my passwords when I was like in elementary school. I love elephants 123. 

00:20:30 April 

Right? 

00:20:33 Emily 

Or it's actually not even that bad. 

00:20:37 Emily 

I think the most common passwords are things like I love you like that's a really one of the top 10. 

00:20:42 April 

Yeah, or people you know they or like even elephants is better than that. 

00:20:47 April 

Elephants is better or people who put like. 

00:20:48 Emily 

It's not good though. 

00:20:50 April 

You know they put like the current year and then like their grandchild name, Michael 2019. 

00:20:57 April 

Ah, it is true. 

00:20:59 April 

OK Emily, it's cute. 

00:21:00 April 

But it's also like. 

00:21:02 Emily 

It's cute, but it's not secure exactly. 

00:21:05 Emily 

Yeah, we'll talk about secure passwords in a little bit very, very soon. 

00:21:14 April 

That was just the one of the first instances and then the other instance I saw of you know, cyber safety in the news is that recently 1,000,000 stolen credit cards were leaked onto the dark web so. 

00:21:30 April 

These were credit cards that were stolen between 2018 and 2019 and they were released. 

00:21:36 April 

Uh, earlier this year and it was just they were up for sale and that's just one of those things, uhm, kind of tying back to the advice I gave earlier, which was to, you know, sign up for your credit card companies. 

00:21:52 April 

Identity Theft protection program because you know? 

00:21:56 April 

Those programs are free and they'll be able to detect better than you if someone got ahold of your personal information and is opening more credit card accounts in your name. 

00:22:08 Emily 

That's crazy that's so many. 

00:22:10 Emily 

Stolen credit cards, and that's also good. 

00:22:13 Emily 

A lot of companies you know they'll if you're going out of town or something. 

00:22:18 Emily 

They do it by location, so you can say if you're going out of town or not and that way. 

00:22:23 Emily 

They know where your credit card is being used, so they can kind of track that and determine if it's fraudulent or not. 

00:22:30 Emily 

But that is that is crazy. 

00:22:30 April 

Yeah, and even like you said like they're, you know, being able to tell them whether you're you know out of town and them using machine learning to determine whether or not it's you know, unusual activity. 

00:22:43 April 

Because recently when I went on vacation, I was going. 

00:22:47 April 

I went to put in like I'm going on vacation. 

00:22:50 April 

To my credit card company and they were like you don't need to do that anymore. 

00:22:55 April 

We use our algorithms to, you know, determine whether or not you know it's like a purchase. 

00:23:00 April 

I would make basically. 

00:23:03 Emily 

Oh, scary. 

00:23:05 April 

Yeah kinda. 

00:23:06 April 

It's like OK, she's not in her usual spot. 

00:23:10 April 

This is new. 

00:23:11 April 

Is this a store that we think she would shop at? 

00:23:15 April 

Should we approve it? 

00:23:18 Emily 

There's so many funny jokes I I feel like in TV shows they make fun of that a lot. 

00:23:23 Emily 

It's like the person gets. 

00:23:25 Emily 

Buy something. 

00:23:26 Emily 

It's very healthy or nice and they're like, uhm, is this this you? 

00:23:29 Emily 

You know if the person is like trying to change their lifestyle? 

00:23:34 Emily 

There's always out or there's all these outrageous purchases. 

00:23:37 Emily 

I think in Parks and Recreation, I forget, do you watch that? 

00:23:41 April 

No, and you ask me this like every other month and answer 

00:23:44 Emily 

Well, it's a great show. 

00:23:45 April 

Is always no. 

00:23:49 Emily 

Oh, I don't know. 

00:23:50 Emily 

The the credit card company calls because they think someone has their card, 'cause it's all these ridiculous purchases and they just start listing it. 

00:23:58 Emily 

But it's on speakerphone and everyone can hear all the ridiculous purchases that she's made and then eventually she's just like, Oh yeah, somebody definitely stole it. 

00:24:05 Emily 

Just cancel all of it. 

00:24:08 Emily 

Just because it's so embarrassing anyway. 

00:24:12 Emily 

Those are great and honestly I think about getting hacked all the time. 

00:24:16 Emily 

Is that just me? 

00:24:17 Emily 

I'm constantly afraid and I take all these precautions and I'm like despite all of that, it's going to be me. 

00:24:24 Emily 

I'm going to be attacked like what haven't I covered. 

00:24:28 Emily 

So it's not just me you're you're shaking your head trying to think. 

00:24:33 April 

And yeah, I definitely like. 

00:24:35 April 

I mean me in general like I play out a lot of situations in my head all the time. 

00:24:40 April 

Like I pre plot. 

00:24:41 April 

how other situations are going to go but uhm. 

00:24:45 April 

No, I definitely also always have that feeling where I'm like, huh? 

00:24:49 April 

I know I did the right thing, but somehow I feel like it's still not going to turn out the way I want it to. 

00:24:56 April 

So yeah, I definitely relate. 

00:24:57 

There's still, 

00:25:00 Emily 

There's still always a chance you know you. 

00:25:03 Emily 

You try to minimize the risk of. 

00:25:05 Emily 

Getting attacked and you can really greatly, but there's always that small chance and I think I was even more worried about it when I worked in cyber security. 

00:25:15 Emily 

Because how embarrassing. I was 

00:25:17 Emily 

Just like how embarrassing would that be? 

00:25:19 Emily 

You know, I don't know. 

00:25:21 Emily 

Does your company have those automated? 

00:25:23 Emily 

I'm sure they do the phishing. 

00:25:26 Emily 

Links they send you phishing emails. 

00:25:26 April 

Oh yeah, yeah. 

00:25:29 Emily 

Oh, it's called a phishing campaign and basically the company is. 

00:25:35 Emily 

Sending you fake phishing emails that look real, but. 

00:25:41 Emily 

You can clearly if you read through it, tell that it's like supposedly phishing and you have to report it. 

00:25:46 Emily 

And and if you click on the link, it's like. 

00:25:49 Emily 

This was a fake phishing, but you've been phished. 

00:25:51 Emily 

You know, kind of scares you like if this was a real. 

00:25:55 Emily 

If this was a real phishing email, you would have fallen for it, and sometimes you're just like scrolling and you accidentally click without even looking and. 

00:26:02 Emily 

It happens to everyone, but I do. 

00:26:05 Emily 

I always feel like, oh, with that would always be embarrassing. 

00:26:08 Emily 

I would be the one person to get to get hacked even with everything. 

00:26:12 Emily 

But I mean I think also when you do software when you do coding anything tech related. 

00:26:19 Emily 

I think it does increase your chance. 

00:26:21 Emily 

Would you say of, 

00:26:23 Emily 

Getting hacked? because you have to download a lot of random software. 

00:26:28 Emily 

If you're using your personal computer like I am. 

00:26:33 April 

Yeah, definitely you know. 

00:26:34 April 

Especially, you know tech is evolving so quickly nowadays there's always a new library to do something and you know, like a lot of people in tech. 

00:26:45 April 

We're all really into, you know, getting into the latest and greatest things and a lot of times there's bugs in the latest and greatest things. 

00:26:53 April 

Because of the keyword latest. 

00:26:59 April 

Having more access in, being closer to potentially vulnerable tech puts you at risk. 

00:27:06 Emily 

All right, let's bring it back now and we're going to get into our next segment, which we titled Mythbuster and Hard truths because we couldn't decide between doing a Mythbusters segment or hard truths, which in our case are essentially the same. 

00:27:24 Emily 

So April can you get us started? 

00:27:28 April 

Yeah, so one hard truth that I have is that since since the beginning of covid the FBI has reported a 300% increase in reported cyber crimes and that is a dramatic leap compared to years before. 

00:27:47 April 

300% more of anything is incredible, but also very scary because now so many of us are online. 

00:27:57 April 

And so many of us don't, you know, practice basic cyber safety so so much of our data and our personal information is at risk now and that's why it's even more important to follow some of the tips we gave in this video and to do your own research on. 

00:28:17 April 

Cyber safety. 

00:28:20 Emily 

300% though that is crazy. That is so high. I do remember the beginning of COVID seeing that there was an increase of cyber attacks, which surprised me at first, but it it does, it makes sense that there's more like you said, more people are vulnerable and and so this includes all cyber crime? 

00:28:41 Emily 

Personal, business, organizations? 

00:28:46 April 

Yeah, I think it's just a general, you know 300% increase in reported cyber crimes, but I would not be surprised if the majority of that 300% increase are individuals. 

00:29:03 Emily 

Yeah, I'm curious now. 

00:29:06 Emily 

'cause I do think too. 

00:29:07 Emily 

It's been very difficult for a lot of companies to get. 

00:29:10 Emily 

To start having everybody work virtually, most companies were not entirely virtual, so that does seem. 

00:29:20 Emily 

Like being able to do it at all is hard, and then let alone being able to do it securely. 

00:29:25 Emily 

That's just a whole another layer. So yeah, when you think about it like that, the 300% does not surprise me, but it's still insane amount. Yeah it is. It's really something to keep an eye out on and just. 

00:29:39 April 

Remember to keep protecting yourself. 

00:29:43 April 

So that's my first hard truth, Emily, do you have a myth or a hard truth for us? 

00:29:50 Emily 

So I didn't do any hard truths. 

00:29:52 Emily 

I do have a myth I would like to bust. 

00:29:55 April 

All right. 

00:29:58 Emily 

So the myth I want to bust is that you need passwords to have lots of complicated random characters. 

00:30:09 Emily 

We are going to compare a short password of random characters, specifically 8 random characters with the passphrase containing multiple words, specifically four words and show that the passphrase is more secure. 

00:30:24 Emily 

To determine which is more secure, we'll look at how many tries it would take a hacker to guess the password by brute force. 

00:30:32 Emily 

That is to try all the possibilities and we'll show that there are more possibilities to try for the passphrase than the short password. 

00:30:41 Emily 

So it's much better to use a passphrase which could be 4 words, four random words like I'm looking at this word generator and four words are cancelled, neutral, exiled, domination. 

00:30:58 Emily 

Oh, that's weird. 

00:30:59 Emily 

OK, let's try again. 

00:31:00 Emily 

World aisle intense franchise. 

00:31:03 Emily 

OK world aisle intense franchise, so that is much more secure. 

00:31:10 Emily 

Then using a bunch of random numbers and characters, even using 8 numbers and characters, for example, J $ 6F H, 2 G. 

00:31:24 Emily 

That seems like it's more secure, but the passphrase is actually much more secure. 

00:31:31 Emily 

And every time I I make this point, I I get pushback from people. 

00:31:37 Emily 

They just think that no, like using the random characters is more secure, whereas passphrases is actually more secure and easier to remember. 

00:31:45 Emily 

So I wanted to actually do out the math April. 

00:31:48 Emily 

Do you mind if I do out the math? 

00:31:51 April 

No Emily, I love when you get your math on so enlighten us. 

00:31:56 Emily 

Get the math on! 

00:31:57 April 

Have fun. 

00:31:59 Emily 

Awesome, alright, so I'm going to do the math out. 

00:32:03 Emily 

So we're going to look at how many possibilities there are for a different password of a different passphrase of different lengths. 

00:32:13 Emily 

So first for the password, we're going to think about, you're doing some really truly random truly in quotes. 

00:32:25 Emily 

Password of different letters, numbers. So there's 10 digits. 26 lowercase, 26 uppercase, and 33 special characters. So assuming you can make a password, that's random. 

00:32:39 Emily 

And uses any of those characters that comes to 95 characters. 

00:32:44 Emily 

So 95 to the 8th power. 

00:32:48 Emily 

Is on the order of magnitude of 10 to the 15th. 

00:32:52 Emily 

That means there's 10 to the 15th possibilities. 

00:32:55 Emily 

So if a hacker wanted to brute force it, they'd have to try 10 to the 15th. 

00:33:01 Emily 

Now let's instead think about using 4 words, and so there's a lot of different ways that you could actually measure how many possibilities there are. 

00:33:13 Emily 

So this is where it gets a little bit tricky. So you could say, well there's 170,000 English words. 

00:33:23 Emily 

A lot of those words people don't use. I looked into it. It seems like 20 to 35,000 words is how many words people know. 

00:33:33 Emily 

So let's choose the low end of that and assume 20,000. 

00:33:38 Emily 

So there's 20,000 words, so 20,000 to the 4th power means on the order of magnitude of 10 to the 17th. So that means there's more possibilities of using four random words then. 

00:33:53 Emily 

Using eight random characters. 

00:33:57 Emily 

And also it's just easier to remember what do you think, April? 

00:34:02 April 

So it definitely, definitely. 

00:34:04 April 

It's definitely interesting seeing how the math plays out so. 

00:34:09 April 

You, like you were saying, even if you, you know, had a completely truly quote unquote, truly random, you know. 

00:34:19 April 

Password generator and you took the maximum amount of digits. 

00:34:22 April 

The maximum you know upper or lower case letters. 

00:34:26 April 

The maximum amount of special characters. 

00:34:29 April 

And you know you get to a certain number and your order of magnitude is 10 to the 15 and just by the nature of the human language, there is more words than there are combinations of the random characters. 

00:34:47 Emily 

Now, what's really important to keep in mind is that the most secure passwords are the long passwords of random characters, meaning 20 plus random characters. 

00:34:58 Emily 

However, this is not something that most people can remember, especially when you have multiple passwords. 

00:35:05 Emily 

So if you're using a password manager. 

00:35:07 Emily 

Then yes, use long passwords of 20 plus random characters. 

00:35:12 Emily 

So then why did we do all this math? 

00:35:15 Emily 

That's because there will be some passwords that you have to remember that you can't keep in a password manager. 

00:35:22 Emily 

For example, you need a master password for your password manager, and you want this to be super secure and something that you will never forget, so. 

00:35:32 Emily 

I would recommend an obscure phrase or lyric of 6 words even. 

00:35:38 Emily 

Also, you may need a password to log into your personal laptop or a different one for your school or work laptop and other accounts that it's maybe not convenient to check with your password manager every time because you can't directly copy and paste, so therefore it's very important to know how to make. 

00:35:57 Emily 

A strong password you'll remember, which is a passphrase. 

00:36:03 April 

I hope everyone listened through. 

00:36:08 Emily 

So anyway, I get this all the time, even from you know tech professionals. 

00:36:14 Emily 

They ask me, they question that you should be really using passphrases, but the math speaks. 

00:36:23 Emily 

So anyway, so that is my myth that I wanted to bust. 

00:36:29 April 

Yeah, that was really interesting. 

00:36:31 April 

I really felt like I learned more about you, know the math and the data behind why you should use passphrases. 

00:36:40 April 

I knew they they were telling us to use them, but it was just kind of like it's better, but why? 

00:36:46 Emily 

Is it? 

00:36:49 Emily 

Show me the numbers. 

00:36:51 April 

Listen and so. 

00:36:53 April 

My last uhm. 

00:36:56 April 

My last topic is I guess it's a myth, but it's also a hard truth, kind of. 

00:37:02 April 

At the same time, and it's, uh, you know that myth that you know I'm safe as long as I only visit legitimate websites, you know that means. 

00:37:13 April 

The websites that have you know up-to-date certificates and you know they're verified and reputable. 

00:37:24 April 

That's a myth, because the hard truth is that they collect your data, and even if it's a secure, legitimate website, if you created an account with them and you have your credit card information with them. 

00:37:39 April 

A legitimate website can get hacked and your data. 

00:37:44 April 

Can can be taken and you'll become compromised even if it's one of you know, even if it's a site that has up-to-date security. 

00:37:52 April 

So it's just a reminder to keep always keep your wits about you when it comes to cyber safety. 

00:37:58 April 

Don't think you're safe just because you're on a common and popular website. 

00:38:05 Emily 

So true, and this is also something Abdel mentioned in the dev spec OPS episode is that websites will have ads and the ads aren't necessarily run by that company, so you can click on that ad. 

00:38:21 Emily 

It might not be secure, so just another reason. 

00:38:25 Emily 

That that's definitely true. 

00:38:27 Emily 

If you visit a legitimate website, you're not necessarily safe. 

00:38:31 Emily 

There's also more tips too for security on that episode, so definitely go back and watch it. 

00:38:37 Emily 

It was our third episode ever, very fun episode. 

00:38:41 Emily 

Our first guest Abdel Sy Fane talked a lot about cyber security and gave us some. 

00:38:45 Emily 

Tips, that's actually why we decided to do this episode. 

00:38:50 Emily 

We were all going to give our cyber security tips not just Abdel, but all three of us and then it ended up taking so much time that we were like, OK, you know what, we'll just save this. 

00:39:00 Emily 

For a separate episode and give our tips then. 

00:39:05 Emily 

All right, so we're almost at the end. 

00:39:07 Emily 

We're going to share a few more resources for cyber safety, but first, let's recap what we went over. 

00:39:16 Emily 

So we talked about our different tips, so my 3 tips were to have a backup strategy. 

00:39:24 Emily 

So always backup your data to visit HTTPS websites, not HTTP where the S stands for secure and to use two factor authentication in any accounts. 

00:39:36 Emily 

That you would be really devastated if they got hacked. 

00:39:40 Emily 

And then April talked about how you should use a password manager. 

00:39:45 Emily 

Sign up for identity theft protection if your credit card offers it, and use a VPN to protect your personal data. 

00:39:55 April 

And then we also talked about major cyber safety news. 

00:39:59 April 

We discussed how Instagram has launched a security checkup so users are more easily able to recover their hacked. 

00:40:08 April 

Routes we talked about the 1,000,000 stolen credit cards that were leaked on the dark web. We talked about the advancement of ransomware attacks in enterprises. 

00:40:23 April 

And then we went into a little bit of a true and false myth, Buster. 

00:40:30 April 

This area and we learned that cyber attacks have increased 300% since COVID and they won't. They're most likely not going to go down as more people continue to work from home and choose to work from home. 

00:40:48 April 

And Emily, you know finally got her day and was able to prove why. 

00:40:56 April 

For you know, four word passphrases are more secure than quote unquote, truly random. 

00:41:05 April 

Character passwords. 

00:41:08 April 

And then I also gave you the tip to just always be aware that even if you're on a legitimate website with, you know, up-to-date certs, that doesn't mean that your information isn't at risk. 

00:41:24 Emily 

And to now just give some resources if you want to find out if your email has been leaked, you can go to haveibeenpwned, that's have I been and then PWN Ed. haveibeenpwned.com and find that out. 

00:41:42 Emily 

You can find some resources on cybersafety from. 

00:41:47 Emily 

csnp.org/cybersafety. 

00:41:53 April 

Yeah, that's that's good to know for the future. 

00:41:58 April 

Thanks Emily, Uhm yeah I had. 

00:42:02 April 

I had a lot of fun today. 

00:42:04 April 

You know there could always be another episode on Cybersafety. 

00:42:07 April 

This is such a large topic. 

00:42:10 Emily 

Yeah, this was really great. 

00:42:11 Emily 

I love talking about this topic. 

00:42:14 Emily 

It really feels it makes me feel like I'm still in the security world. 

00:42:17 Emily 

We hope you all enjoyed listening and you can find all the links to our social media as well as contact us at tech the letter N savvy.com so. 

00:42:30 Emily 

technsavvy.com. Our Twitter is @technsavvy and our Instagram is @technsavvypodcast. Our intro outro music is gone by 414 so thank you all and we'll see you in the next episode.