“What’s that password again? Wait, I changed it… Harrumph. I don’t remember!” We’ve all been there, sometimes many times a day. Password autofill on our Web browsers felt like the sun was shining on our online activity again. Sorry to tell you, but this convenience may not be entirely safe.
Most browsers will ask after you’ve entered a new password into a site or changed a password if you want it stored for you. That way, when you revisit that site, the browser can autofill the access credentials for you. It saves you the struggle of trying to keep all your passwords straight.
The problem is that some sites, including legitimate sites, can be compromised with a hidden form. You’ll never see it, but your browser will. So, it will autofill that form, and in clear, unencrypted text. This allows bad actors to capture your username and password without your knowledge.
Another risk? Irresponsible digital marketers may use hidden autofill forms to track your online activity. That’s done without your consent.
Using browser autofill with a password manager can also cause confusion, especially if your browser autofills, whereas the manager asks before filling in forms. Using both at the same time you also run the risk of duplicating passwords, which could make it difficult to track your passwords and increase the risk of security breach.
How to disable autofill
You can protect your passwords by disabling autofill on any browser you use:
On Microsoft Edge, go to Settings, then Profiles, then Passwords, and disable “Offer to save passwords.”
On Google Chrome, go to Settings, then Passwords, and disable “Offer to save passwords.”
On Firefox, open Settings, then Privacy & Security, then Logins and Passwords, and “Autofill logins and passwords.”
On Safari, from the Preferences window, select and turn off Auto-fill.
Can I keep using password managers?
A password manager, such as LastPass or 1Password, typically provides more security than browser autofill. Password managers have strong encryption algorithms to protect your login credentials, which means that even if your device is compromised, your passwords are safe.
Still, if the manager autofills your credentials, you face the same risks. Most password managers have autofill disabled by default. That’s good. Leave preemptive autofill off. You might see it called “Autofill on page load.” Keep that turned off, too.
Our advice? Use a password manager that requires you to click a box before it fills in your credentials. This action avoids your information from automatically populating a hidden form.
Securing your online activity is an ongoing challenge. Our experts can help identify ways you can protect your privacy and data online. Contact us today at (651) 456-8655 or visit our contact page.
Is Your Instagram Account Secure? Why would someone want to target your Instagram account? You share what you ate, maybe the books you read, the shoes you bought, or that really cool image of the sky above. How is that going to help a hacker? Read on to learn more.
OK. Your obvious love of chicken and waffles isn’t going to mean a lot to a cybercriminal, not unless your password is “chicknwaffles.” But there are people who make a living from Instagram. Influencers can make millions by posting a pic of their latest smoothie or the new pair of socks they love. Their IG accounts are their business. A hacker gaining access could destroy an influencer’s reputation, their livelihood.
Businesses, too, are moving to IG as a way to reach a targeted audience with vibrant visuals. They can’t afford to have their accounts taken over by an ill-intentioned hacker. That could lead to lost customers and brand damage.
Then, there’s you, the “average” IG user. Yes, the cybercriminal might still target your Instagram account. For one, they might use your IG handle to reach out to your friends and say, “I’m stuck overseas. I need some money.” Caring friends, not knowing it’s not you, could end up a victim of a scam.
How to Protect Your Instagram Account
#1 Go Private
Instagram lets individuals, influencers, and businesses show creativity. However, you want to control who sees what you post. You may not want everyone to see your photos. Limit your content visibility to friends and family in the Instagram profile window:
Click on the three dots in the right corner.
Scroll to the bottom of the options.
Turn on the Private account setting (the button should turn blue).
You can also block followers you don’t know. Click on your Followers list, and tap on the users you don’t recognize. Tap on the menu button and choose “Block User.”
#2 Disable cross-app sign-ins
Using your IG account to sign in to other applications is convenient, because you have to remember only your IG access credentials. Still, by streamlining your sign-in you are also making it easier for a hacker to compromise your accounts. Now, they can get access to one account and use that as a way into the other connected accounts.
Log in to your account and review all connected applications. You can do this by visiting the Authorized Applications tap under the Edit Profile tab.
#3 Don’t overshare
Sure, that’s the golden rule of social media. Still, we’re talking here about reviewing personal information you share on Instagram. Take a look at your profile information and review whether all those details really need to be there. A hacker could use anything specific you write in your Bio to verify your identity elsewhere. Reconsider posting your birth date, alma mater, anniversary, favorite sports team, etc.
#4 Turn off location services
Instagram’s location services can let you check in at a particular place. But by doing this, you’re giving thieves extra information they can use against you. Instead, go into your phone’s Privacy settings and turn off location services for IG.
You also don’t want to cue criminals that you’re away for a vacation with posts from the beach. You might want to share that sunny sand pic. Then, you regret it when you come home to a burgled home.
#5 Enable two-factor authentication
Of course, the starting point is to pick a strong, unique password for your Instagram account, but Instagram has added two-factor authentication for an added layer of security.
In Instagram’s mobile app you click on the Options icon at the top right to get to a menu offering this option. You will get a short link to click on. Do so, and turn on the two-factor authentication. You’ll set it up using your mobile phone. Then, in the future, you’ll have to log in with the added security of a unique code sent to your phone via text message.
#6 Review your login activity
Keep an eye out for illicit use of your account by reviewing Login Activity. This is under Settings on the desktop app and shows a list of locations from which you’ve logged in. So, if you’ve never been to Thailand, but your IG account has, that would be a red flag. If you do spot locations you don’t recognize, log out from your device, and change your password.
Need help securing your Instagram account or other social media channels? Our helpful IT pros have the expertise you need. Contact us today at (651) 456-8655 or by visiting our Contact page!
Inver Grove Heights Residents – Don’t Fall Victim to Webcam Blackmail. Many users have reported recent scam messages from individuals claiming to have intercepted their username and password. These messages often state they have been watching your screen activity and webcam while you have been unaware.
Typically, attackers threaten to broadcast footage to your contacts, colleagues, or social media channels. Demanding payment in Bitcoin, malicious hackers blackmail their victims to keep confidential information private.
Where Have the Attacks Come From?
In many cases where hackers have claimed to have a victims’ password, this has turned out to be true.
In the last few years alone, many large websites have suffered enormous hacks which have released confidential details on many of their users. LinkedIn, Yahoo, and MySpace all suffered massive and devastating hacks. Some users of these services are still feeling the consequences today.
The details leaked from these sites, and others facing the same issues, are sold online for years after the initial breach. Hackers buy username and password combinations in the hopes of reusing them to access services, steal money, or blackmail their owners.
How to Respond
If you have been contacted by one of these hackers, it is a scary reality that they could have access to your credentials, data, and online services.
The only thing you can do in response to this type of email is to ignore it. This “we recorded you” email is a scam made much more believable because they probably do have one of your real passwords gained from a site hack.
That said, accounts that share the same password should be changed immediately. Security on additional services you use should be updated too.
Self Defense On the Web
When using online services, a unique password for every site is your number one defense. A good password manager makes this practical and straightforward too.
Using a different password for each site you use means that hackers can only gain access to one site at a time. A hack in one place should never compromise your other accounts by revealing the single password you use everywhere.
Often, people think that maintaining many passwords is hard work or even impossible to do. In truth, it’s almost always easier to keep tabs with a password manager than it is to use the system you have in place today.
A high quality and secure password manager such as LastPass, or 1Password, can keep track of all your logins efficiently and securely. They often offer the chance to improve your security by generating random and strong passwords that hackers will have a tougher time cracking.
Password management services offer a host of features that help you log in, remind you to refresh your security, and make your safety a number one priority. After using a manager for just a short time, you can be forgiven for wondering how you managed without it.
If you think you might have been hacked already, or want to prevent it from ever happening, give us a call today at (651) 456-8655 to update your security. You may also visit our contact page HERE.
If your typical New Year’s resolutions lasted about 30 seconds, you’re not alone. Pledges to eat better, start running and learn how to juggle can be rebooted again next year easy enough.
This year, we challenge you to think about your tech health with some resolutions you’ll want to keep.
No More Junk Mail
Whether you checked a box agreeing to get newsletters, or you have no idea how you got on that list, it’s time to say goodbye. Start by emptying your mailbox to zero unread messages – no you don’t have to read all that spam – you have permission to delete it unread. Let’s face it, if you were going to read it, you would have done so already. Away it goes.
Now that you’re starting with a clean slate and a huge feeling of accomplishment, resolve this: Each day, unsubscribe from 5-10 lists. Keep an eagle eye out for that gorgeous ‘unsubscribe’ link and click it with confidence. You don’t even need to give a reason if it redirects to a survey page. Before too long, your inbox will be a refreshing place filled only with people and businesses you look forward to hearing from.
Go Password Pro
With all these password leaks from LinkedIn, Myspace, and goodness knows who hasn’t come forward, now’s the time to get smart with your passwords. Because most people use the same passwords on every site, a single breach can be the hack that keeps on giving. You know how important it is to use different passwords for each site, but let’s be real, that’s a LOT of passwords to remember!
Instead of writing them down, we recommend using a password manager like LastPass. It remembers all your various passwords for you, so all you need to know is the super-protected master password. Master passwords are kept encrypted on your system, not theirs, and 2-factor authentication checks with you via text for all big changes.
Backup. No Really, Backup.
I’ve been meaning to backup is the cry of someone who just lost all their photos. Good intentions don’t count AT ALL in data security, because once the data is gone, it’s gone. With new cloud backup options, there’s no reason to put this off, because backup apps are now easier and more accessible than ever before. You can also backup to local drives, but this will take a little extra remembering on your part, as you’ll want to have at least one drive that stays disconnected in case of viruses.
There you have it. Three New Year’s resolutions you can easily keep, and that will make a real difference to your year. Opening your email will be a pleasure, you’ll be a spectator only in any future password leaks, and your precious files will be safe against all manner of disaster. Feels better than any diet, doesn’t it?
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.AcceptNoPrivacy policy
Recent Comments