How I Manage A 12-Year-Old’s Public Figure Profile on Instagram

Advertisements

Your Mother’s Maiden Name Is Not a Secret

Excerpt from this article:

Security questions are astonishingly insecure: The answers to many of them are easily researched or guessed, yet they can be the sole barrier to someone gaining access to your account. The cryptology and security expert Bruce Schneier once described them as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”

There has been no shortage of incidents demonstrating these questions’ vulnerabilities. In 2005, Paris Hilton’s T-Mobile account was hacked by a teenager who, like anyone who searched “Paris Hilton Chihuahua” on the internet, knew the answer to “What’s your favorite pet’s name?” In 2008, Sarah Palin’s Yahoo account was hacked by a college student who reset her password using her birth date, ZIP code and the place where she met her spouse.

How many of us can answer the premillennial “What city were you in to celebrate the year 2000?” or “What year did you take out your first mortgage?” And how many Indian- or Brazilian-born users went to a high school without a mascot, or grew up on a street with no name? How many of our mothers never changed their names?

The other main type of security question asks for a subjective answer. Such questions imagine lives punctuated by distinct firsts and bests and filled with enduring favorites, but favorites and bests and even firsts can change when people maintain accounts for decades. At some point, both factual and subjective security questions become archaeological. “In what month did you meet your significant other?” requires a framing question: Whom were you with when you set up this account?

A 2015 study by Google engineers found that only 47 percent of people could remember what they put down as their favorite food a year earlier — and that hackers were able to guess the food nearly 20 percent of the time, with Americans’ most common answer being pizza.

 

Apple: don’t use Face ID on an iPhone X if you’re under 13 or have a twin

Apple iPhone X

Excerpt from this article:

In a security guide published Wednesday, Apple recommends that children under the age of 13 do not use Face ID due to the probability of a false match being significantly higher for young children. The company said this was because “their distinct facial features may not have fully developed”.

While few young children are likely to be given a £999 iPhone, false matches are also more likely for twins and siblings. In all those situations, the company recommends concerned users disable Face ID and use a passcode instead.

For most users – those over 13 without “evil twins”, as Apple’s head of iOS Craig Federighi describes them – the bigger concern is deliberate attacks. Touch ID, Apple’s fingerprint sensor, was famously bypassed just two days after it was launched in the iPhone 5S, using a fake fingerprint placed over a real finger.

A short investigation into the mysterious tweets from press secretary Sean Spicer

Excerpt from this article:

One possibility is that they are passwords, tweeted out as whoever is behind the account gets used to the new security procedures governing it. There are a lot of theories out there on how it might have happened. By far the most likely is that of the Guardian’s Alex Hern, who identified one possible way that could happen, if the @PressSec account has two-factor authentication activated.

Two-factor authentication provides an extra layer of security for password-protected accounts, and it would be good for the official account of the press secretary for the White House to have it. In fact, it would be good for anyone with a Twitter account to have it. According to a brand-new Pew report on cybersecurity, about 52 percent of Americans have used two-factor at some point to manage an account.

In case you are one of the 48 percent of Americans who haven’t used it, here’s how it works: In addition to entering in a password, two-factor requires users to enter in a randomly generated code that changes with each login, usually sent to your phone through either an app or a text message. For Twitter, those codes are sent via text by default, from a number that should look familiar to any longtime Twitter users: 40404.