Know How...

Apr 17th 2017

Know How... 303

Personal Security

Protect yourself with MFA, encrypted messaging apps, and surf anonymously with the TOR browser.
New episodes every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
Category: Help & How To

Protect yourself with MFA, encrypted messaging apps, and surf anonymously with the TOR browser.


2-Factor Auth

Multi-Factor Authentication (MFA) is a way to secure your online accounts that can bring you closer to the "perfect protection".
* Something you know
* Something you have
* Something you ARE

A username and password is only "Something you know" - so it's a single factor authentication

Something you ARE is something like fingerprints, retinal scan or facial recognition.

We're adding a mobile-based verification to our Google account so it's "Something you Have"

Steps:
1. Log into Google.com with your account
2. Go into "My Account"
3. Under "Sign-in & Security", click "Signing into Google"

Before continuing, this is a good time to set your "recovery email" & "recovery phone" to accounts that are NOT served by your Google account.
* In other words, once you enable 2-Factor authentication, you will require a verification to enter your Google-connected resources. If you setup to send that verification to a Google-connected resource, you won't be able to access the account to get the verification without first verifying the account.

4. Under "Password & sign-in method" click "2-Step Verification"
5. Click "Get Started" (you'll have to sign-in)
6. Enter the phone number of the mobile that will receive your verification codes
7. Enter the code you just received on your phone.

** You are now setup to use 2-Factor Authentication for ALL your Google-connected resources. Anytime you want to access a Google-connected resource from a NEW browser/computer/device/location, you WILL be required to have a verification code that is sent to your device.

Bonus Features!
There are several features available in Google MFA that you really should use.

1. Backup Codes
* If you've ever worried about being able to access your account after you lose your device or if you're out of connection range, this is for you.
* This will give you a set of 10 one-time use verification codes.
* EACH TIME you press "Get New Codes", it will eliminate the old codes from the authentication list
* You can download them to a thumb drive/laptop or print and keep in your wallet.

2. The Authenticator
* This is an app you can download to your Android or iPhone that will give you verification codes even when your phone is offline.

3. Backup Phone

4. Security Key
* A Security key is a device (usually USB) that acts as your second factor w/o you needing to type anything in.
* You MUST have the device in order to sign in.

Pro Tip:
* Every once in a while, revoke access from ALL trusted devices. This will require you to MFA for all your devices, but it "clears the table" of any devices you may have authenticated and forgotten.


TOR Browser

The TOR Project    
ProTips,
- Don't torrent over TOR: doesn't help, slows down network, DON'T BE A JERK
- Don't enable or install browser plugins, i.e. Flash, Quicktime, etc. They can be used to reveal your IP
- Use HTTPS
- Don't open documents downloaded through TOR while online.
- Use Bridges and or find company

   
TOR Browser
   
Works with,
- Windows, Mac, or Linux  
    
Mobile Option    
Orbot: Tor for Android
- Select Apps, choose apps to route through Tor
- Ability to set location"   


Orfox: Tor Browser for Android
- Built on Firefox
- Includes NoScrips and HTTPSEverwhere

Connect with us!

Thanks to CacheFly for the bandwidth for this show.