Your 2018 New Years Resolution: finally protect yourself online

Here are 5 trivial things you can do RIGHT NOW to protect yourself online in 2018.

Equifax. Chipotle. Yahoo. Seems like there’s no avoiding data breaches these days. But that is no excuse for not doing the basics to protect yourself online. Just because there is crime in your neighborhood, doesn’t mean you should leave your doors unlocked. In fact, it is now more important than ever before.

You must secure yourself online or you are going to get hacked. You will. I promise.

The good news is that it’s actually pretty easy to protect yourself. Yes, it will take you 1 hour. Yes, it may cost you $50-$100. Wah. Just do it.

Note: these steps are easier to do at a computer than on your phone. You’ll need both, but start by sitting down with your computer.

1. Use a password manager

Using a weak password in 2017 is unacceptable. Repeating a password is inexcusable. If you even know your passwords, you are probably doing it wrong. You need to use a password manager. LastPass is my favorite: it’s secure, syncs everywhere, cross-platform, mobile, and has nice premium features to securely share joint accounts with family members. 

First, sign up and install LastPass. I personally use it on my iMac, my Macbook, and on my Android phone. Next, and this is a tough one, take an extra 5 minutes to learn what it does and how to use it. (I know, I know. Reading. Not what you wanted to do over the holidays. Just power through it.)

After giving this advice for years, friends often tell me they get overwhelmed at this point: “I have 1 strong password I use at the bank and 1 weak password I use everywhere else. How to do I even begin?” Don’t be embarrassed. This is super common. I suggest the following: start by changing your most important accounts today. That means your gmail, your bank, Dropbox, and Facebook. Then, over the next few weeks, every time you login to a site with your old password, take the 2 minutes to change it and save it in LastPass. The app will even generate strong passwords for you. Easy!

The best part is, after the 30 minute investment up front, a password manager actually makes your life easier, not harder. Like a lot easier. Trust me. I haven’t typed or forgotten a password in 5 years.

2. Turn on 2-factor authentication

You know, those annoying PIN codes that get texted to you. But they are incredibly important. It’s the best defense you have to keep hackers across the world from getting into your email & bank account. 

Start with Gmail. Follow Google’s excellent instructions. Then do it everywhere else that offers it: your bank, Twitter, Dropbox, Facebook. If your bank doesn’t offer 2-factor, switch banks. Seriously. Your security is more important than any interest rate or bill pay feature. I personally like to get my codes delivered over SMS, but if you prefer to use an app (technically more secure), download Authy.

Notes: Yes, this recommendation makes your life slightly more annoying. But trust me, it’s worth it. And it’s OK to “remember this computer” at home so you don’t get asked for a PIN code every time you check your mail.

3. Enable Autolock on your phone

Fingerprint, Face ID, Touch ID, and swiping make it so easy to unlock phones these days, it’s inexcusable not to lock it. I don’t care what you use or how long your timeout is; just set autolock to something.

4. Turn on auto-update on your phone & computer, or manually update whenever prompted

Google, Apple, Microsoft all push out regular security updates for your phone and computer. Lots of people like to ignore them. You probably do too. Especially if you have to restart. Well stop ignoring them. It is incredibly important to keep your phone/computer up to date. These companies give you the protection for free; you just have to put it on.

This is a behavior you’ll have to do all year long, but what can you do today?

1. If your phone or computer currently has a “Upgrade to latest” banner that you’ve been ignoring, click it now.

2. Auto-update is probably already enabled on your phone and for all your apps, but just in case it’s not, enable auto-update now. (iOS & Mac | Android | Windows)

5. Backup

This one is 2 parts. Many people will need to do both, but 5b may not apply to everyone. Use your judgement.

5a) Backup your phone

This is an easy one. Android and iOS each have built-in trivial ways to backup your phone built in. Stop reading this now and make sure backup is enabled. 

Android users: Settings > Backup & Reset > Backup my Data

iOS users: Settings > [your name] > iCloud > iCloud Backup

5b) Backup your computer

First, enable offsite backup. I like Backblaze. Windows users try Carbonite or Crashplan. It takes 5 minutes to setup and only costs $5/month. Do you care about your photos? Your finances? Do this now. I’ll wait. Next, if you don’t have one, order an external hard drive. When it arrives, plug it in and turn on Time Machine or Windows Backup. Yes it costs money. Yes you have to wait 2 days for it to ship. But you can click “Buy” now to get mindless peace of mind. Done.

There you have it, folks. Five super easy things you can do to protect yourself online this holiday season. You’ll be glad you did.

If you do all 5, or at least the first 3, please tell me on Twitter @benstein. I LOVE to hear about it. Friends taking personal responsibility for their online security is all the holiday cheer a nerd could ever want.

Notes:

Backing up your phone and enabling auto-update are new recommendations for 2018.

Common objections I hear to using a password manager are:

“What if LastPass gets hacked?” -- This is not a big concern. your password vault itself is encrypted. It doesn’t matter if a hacker gets your vault. Without the password, they can’t read it.

“What if I forget my master password?” -- LastPass has decent account recovery features. Or write your password down, seal it in an envelope, and give it to your lawyer/mom. Or worst case, you can start over by doing “forgot my password” at every site. This is not a reason not to do it.

“I read that passwords with numbers and symbols is no longer recommended and I should make long pass phrases that I can remember” -- Ignore this. Just use a password manager that automatically generates and autofills long, strong passwords for you. Now you can spend your time thinking about elephants wearing quilts instead of the mathematical entropy of your password.

“I read that SMS is not secure and Face ID can be tricked by twins. Should I worry?” No, probably not. There is no such thing as perfect security, and following this advice will get you 99.99% of the way there. That’s way more than you had before and way more than most people. There’s no real reason to stress about those things.

In years past, backing up your computer used to be much higher priority, but it’s downgraded to #5. Back then, 99% of what we did wasn’t stored in the cloud. Remember your precious mp3 collection? That said, if you still have anything of importance on your computer -- photos, tax returns, Word docs, anything at all -- you still need to do this. Also, ransomware is a real threat and it’s growing. You don’t have to care what it is; you just need to know that the ONLY defense against it is backing up. I almost considered removing it. But people lose/break their phones so often, it seems to be worth keeping.

I'm excited about the proposal to add a "brontosaurus" emoji codepoint because it has the potential to bring together a half-dozen different groups of pedantic people into a single glorious internet argument.

http://xkcd.com/1726/

Innovation winning.

Watch Dutch Cops Use Eagles To Catch Rogue Drones

Hiking with the boys at Tomales Point

Your 2016 New Year’s Resolution: Secure Yourself.

Well, it finally happened: I personally know more people who got hacked in 2015 than people who followed my annual advice to secure yourself online.

And don’t fool yourself: the problem is getting worse. You need to secure yourself online or you are going to get hacked. 

Here are 4 trivial things you can do RIGHT NOW to protect yourself online. Yes, it will take 1 hour. Yes, it will cost you $100 this year. Wah. Just do it.

1. Use a password manager

Using a weak password in 2016 is unacceptable. Repeating a password is inexcusable. If you even know your password, you are doing it wrong. You need to use a password manager. LastPass is my favorite: it’s secure, syncs everywhere, cross-platform, and mobile. Start by changing your most important accounts (email, bank, Dropbox, and Facebook) today. Then, over the next few weeks, every time you login to a site, just change that one password and save it. Easy. The best part is, a password manager actually makes your life easier, not harder. 

2. Turn on 2-factor authentication 

Start with Gmail. Follow Google’s excellent instructions. Then do it everywhere else: your bank, Twitter, Dropbox, Facebook. If your bank doesn’t offer 2-factor, switch banks. Seriously. Your security is more important than any interest rate or bill pay feature. I like to get my codes delivered over SMS, but if you prefer an authenticator app, use Authy.

3. Autolock your phone

Touch ID and swiping make it so easy to unlock phones these days, it’s inexcusable not to lock it. If you really hate it, set a long timeout. I don’t care; just set autolock to something.

4. Backup

This one is 2 parts: First, enable offsite backup. I like Backblaze. Windows users try Carbonite or Crashplan. It takes 5 minutes to setup and only costs $5/month. Care about your photos? Your finances? Your music? Do this now. I’ll wait. Next, if you don’t have one, order an external hard drive. When it arrives, plug it in and turn on Time Machine or Windows Backup. Done.

There you have it folks. Four super easy things you can do to protect yourself online this holiday season. You’ll be glad you did.

Little family in the cow pastures

#NowPlaying Movin' Right Along by Fozzie, Kermit

https://twitter.com/POTUS/status/600407380279566336

Hilarious movie poster juxtaposition in my news feed this morning... if only it came true!

It’s finally happening. Today, the FCC votes on whether the internet belongs to you, or to the cable companies.

You’ve already done a phenomenal job of encouraging the FCC to adopt rules that will keep the internet free, fair, and thriving—nearly 200,000 calls to Congress have been placed from Tumblr alone, hundreds of thousands more from a diverse coalition of partners, and 4 million total comments have been submitted directly to the FCC. You raised you voice and, holy cow, your government is actually listening. By all accounts, Chairman Wheeler is prepared to do the right thing—a politically brave thing—and enact firm net neutrality rules under Title II of the Communications Act.

If this happens, it’s you guys who deserve the credit for making it happen. So let’s make sure it happens. If you haven’t called your representative yet, call your representative. If you’ve already called your representative, call them again.

And with your help, we’ll all have an historic milestone to celebrate: An internet whose freedom is secure for generations to come. 

Today I Learned: Diaper Genie makes an amazing catapult for launching T-rex at little brothers at high speed.

What does reblog mean? Is it going to hurt?

Gabi, 4 years old, after my excited reaction to his first-ever Tumblr post

Wow. This was Gabi's first ever Tumblr post, which he did without any help. 4 years 2 months.

On February 26, the FCC is going to decide if the internet should stay free and fair, or if it should be handed over to the cable companies.

You don’t want them to pick the cable companies.

Join everybody on the internet to help the FCC do the right thing.

The boys out to dinner in Jamaica

Snow Day