what is the best way to get safer/more anonymous online

Ok, security and anonymity are not the same thing, but when you combine them you can enhance your online privacy.

My question is: how tech literate are you and what is your aim? As in do you live in a country where your government would benefit from monitoring private (political) conversations or do you just want to degoogle? Because the latter is much easier for the average user.

Some general advice:

Leave Windows and Mac operating systems and switch to Linux distributions like Fedora and Ubuntu (both very user friendly). Switch from Microsoft Office or Pages/Numbers/Keynote (Mac) to LibreOffice.

You want to go more hardcore with a very privacy-focused operating system? There are Whonix and Tails (portable operating system).

Try to replace all your closed source apps with open source ones.

Now, when it comes to browsers, leave Chrome behind. Switch to Firefox (or Firefox Focus if you're on mobile). Want to go a step further? Use LibreWolf (a modified version of Firefox that increases protection against tracking), Brave (good for beginners but it has its controversies), DuckDuckGo or Bromite. You like ecofriendly alternatives? Check Ecosia out.

Are you, like, a journalist or political activist? Then you probably know Tor and other anonymous networks like i2p, freenet, Lokinet, Retroshare, IPFS and GNUnet.

For whistleblowers there are tools like SecureDrop (requires Tor), GlobaLeaks (alternative to SecureDrop), Haven (Android) and OnionShare.

Search engines?

There are Startpage (obtains Google's results but with more privacy), MetaGer (open source), DuckDuckGo (partially open source), Searx (open source). You can see the comparisons here.

Check libRedirect out. It redirects requests from popular socmed websites to privacy friendly frontends.

Alternatives to YouTube that value your privacy? Odysee, PeerTube and DTube.

Decentralized apps and social media? Mastodon (Twitter alternative), Friendica (Facebook alternative), diaspora* (Google+ RIP), PixelFed (Insta alternative), Aether (Reddit alternative).

Messaging?

I know we all use shit like Viber, Messenger, Telegram, Whatsup, Discord etc. but there are:

Signal (feels like Whatsup but it's secure and has end-to-end encryption)

Session (doesn't even require a phone or e-mail address to sign up)

Status (no phone or e-mail address again)

Threema (for mobile)

Delta Chat (you can chat with people if you know their e-mail without them having to use the app)

Team chatting?

Open source options:

Element (an alternative to Discord)

Rocket.chat (good for companies)

Revolt.chat (good for gamers and a good alternative to Discord)

Video/voice messaging?

Brave Talk (the one who creates the talk needs to use the browser but the others can join from any browser)

Jami

Linphone

Jitsi (no account required, video conferencing)

Then for Tor there are various options like Briar (good for activists), Speek! and Cwtch (user friendly).

Georestrictions? You don't want your Internet Provider to see what exactly what you're doing online?

As long as it's legal in your country, then you need to hide your IP with a VPN (authoritarian regimes tend to make them illegal for a reason), preferably one that has a no log policy, RAM servers, does not operate in one of the 14 eyes, supports OpenVPN (protocol), accepts cash payment and uses a strong encryption.

NordVPN (based in Panama)

ProtonVPN (Switzerland)

Cyberghost

Mullvad (Sweden)

Surfshark (Netherlands)

Private e-mails?

ProtonMail

StartMail

Tutamail

Mailbox (ecofriendly option)

Want to hide your real e-mail address to avoid spam etc.? SimpleLogin (open source)

E-mail clients?

Thunderbird

Canary Mail (for Android and iOS)

K-9 Mail (Android)

Too many complex passwords that you can't remember?

NordPass

BitWarden

LessPass

KeePassXC

Two Factor Authenticators?

2FAS

ente Authenticator

Aegis Authenticator

andOTP

Tofu (for iOS)

Want to encrypt your files? VeraCrypt (for your disk), GNU Privacy Guard (for your e-mail), Hat.sh (encryption in your browser), Picocrypt (Desktop encryption).

Want to encrypt your Dropbox, Google Drive etc.? Cryptomator.

Encrypted cloud storage?

NordLocker

MEGA

Proton Drive

Nextcloud

Filen

Encrypted photography storage?

ente

Cryptee

Piwigo

Want to remove metadata from your images and videos? ExifCleaner. For Android? ExifEraser. For iOS? Metapho.

Cloak your images to counter facial recognition? Fawkes.

Encrypted file sharing? Send.

Do you menstruate? Do you want an app that tracks your menstrual cycle but doesn't collect your data? drip.

What about your sexual health? Euki.

Want a fitness tracker without a closed source app and the need to transmit your personal data to the company's servers? Gadgetbridge.

How to Recover If Your Facebook Account Is Hacked? Easy Steps

In today's digital age, social media platforms like Facebook have become an integral part of our lives. We use them to connect with friends and family, share our thoughts and experiences, and even conduct business. However, the convenience of social media also comes with security risks, and one of the most common problems users face is having their Facebook account hacked. If you find yourself in this unfortunate situation, it's essential to act quickly to recover your account and secure your personal information.

In this comprehensive guide, we'll walk you through the steps to recover your hacked Facebook account, protect your data, and prevent future breaches.

1. Recognize the Signs of a Hacked Facebook Account

The first step in recovering your hacked Facebook account is to recognize the signs of a compromise. Common indications include:

Unauthorized login notifications: Facebook sends notifications when someone logs into your account from an unfamiliar device or location.

Unusual activity: Strange posts, messages, or friend requests that you didn't initiate.

Changed password or email address: If you can't log in because your password or email address has been changed without your consent, it's a strong indicator of hacking.

Locked out of your account: If you're unable to access your account due to suspicious activity, your account may have been compromised.

2. Immediate Actions to Take

Upon suspecting or confirming a hack, take the following immediate actions:

Change your password: If you can still access your account, change your password immediately. Make it strong by using a combination of upper and lower-case letters, numbers, and symbols.

Log out of other devices: Go to Facebook's Security Settings and log out of all devices to prevent the hacker from continuing to access your account.

Enable two-factor authentication (2FA): Set up 2FA to add an extra layer of security. This usually involves receiving a code on your mobile device that you'll need to enter when logging in.

Check your email account: Ensure that your email account associated with Facebook is secure. Change its password and enable 2FA if you haven't already.

3. Report the Hacked Account to Facebook

To report your hacked account to Facebook, follow these steps:

Go to the Facebook Help Center.

Navigate to the "Security and Login" section.

Click on "I think my account was hacked or someone is using it without my permission."

Follow the on-screen instructions to secure your account and recover it.

4. Recovering Your Hacked Account

Facebook provides a dedicated recovery process for hacked accounts. Follow these steps to recover your account:

Visit the Facebook Account Recovery page.

Enter your email address, phone number, or Facebook username associated with your account.

Follow the instructions to verify your identity. You may be asked to provide a photo ID or answer security questions.

Facebook will guide you through the account recovery process, allowing you to reset your password and secure your account.

5. Check for Unauthorized Activity

Once you regain access to your account, review your activity log for any unauthorized actions, such as posts, messages, or friend requests. Remove any malicious content and unfriend or block suspicious accounts.

6. Strengthen Your Account Security

To prevent future hacks and secure your Facebook account:

Regularly update your password: Change your password at least every six months, and use a unique combination of characters for each platform.

Enable two-factor authentication (2FA): Ensure that 2FA is enabled to provide an extra layer of protection.

Review app permissions: Periodically check which apps have access to your Facebook account and remove any unnecessary ones.

Be cautious with emails and messages: Avoid clicking on suspicious links or providing personal information in response to unsolicited messages.

Educate yourself: Stay informed about common hacking techniques and scams to protect yourself better.

6. Monitor Your Account

Continuously monitor your Facebook account for any unusual activity. Facebook offers features like login alerts, which notify you of any login attempts from unrecognized devices or locations. Stay vigilant and report any suspicious activity promptly.

7. Protect Your Personal Information

Remember that hackers target personal information. Limit the amount of personal data you share on your profile, such as your phone number, address, and birthdate. Adjust your privacy settings to control who can see your posts and personal information.

Conclusion

Recovering a hacked Facebook account can be a stressful experience, but by taking swift and informed action, you can regain control of your profile and protect your data. Follow the steps outlined in this comprehensive guide, and remember to prioritize account security by regularly updating your password, enabling two-factor authentication, and staying vigilant against potential threats. With these precautions in place, you can enjoy the benefits of social media while keeping your personal information safe from hackers.

For More Information - https://www.linkedin.com/pulse/how-recover-your-facebook-account-hacked-neha-kumari

More Articles -

How to Use Venmo for Payments: A Comprehensive Guide

Venmo has become one of the most popular peer-to-peer payment platforms, making it easy to transfer money instantly. Whether you are paying for dinner, splitting rent, or reimbursing a friend, Venmo send money features offer a seamless experience. This guide will walk you through how to send money on Venmo, how to receive money on Venmo, and much more.

How to Send Money on Venmo

Step 1: Download and Set Up Venmo

Before you can send money, you need to install the Venmo app on your smartphone. Venmo is available for both iOS and Android devices.

Download the Venmo app from the App Store or Google Play.

Open the app and sign up using your email, phone number, or Facebook account.

Link your bank account, debit card, or credit card to fund your transactions.

Set up your profile and ensure your payment methods are verified.

Step 2: How to Send Money through Venmo

Once your account is set up, follow these steps to send money through Venmo:

Open the Venmo app and log in.

Tap on the “Pay or Request” button.

Enter the recipient’s username, phone number, or email. You can also scan their QR code.

Type the amount you want to send.

Add a note describing the transaction (optional).

Choose the funding source (bank, debit card, or credit card).

Tap “Pay” to complete the transaction.

Step 3: Confirm the Payment

After sending money, you will receive a confirmation message. The recipient will also get a notification that they have received funds.

How to Receive Money on Venmo

Receiving money on Venmo is just as simple:

Open the Venmo app and log in.

Navigate to the “Me” tab to see your balance.

If someone sends you money, it will appear in your Venmo balance.

You can choose to keep the money in your Venmo account or transfer it to your bank.

How to Transfer Money to Venmo

To add money to your Venmo account:

Tap on the “Me” tab.

Select “Manage Balance.”

Choose “Add Money.”

Select the bank account you want to transfer funds from.

Enter the amount and confirm the transfer.

It typically takes 3-5 business days for the money to reflect in your Venmo balance.

How to Get Money from Venmo

To withdraw funds from Venmo:

Go to the “Me” tab.

Tap “Transfer to Bank”.

Choose Instant Transfer (for a small fee) or Standard Transfer (1-3 business days, free).

Confirm the details and submit the transfer.

How to Pay Someone on Venmo

If you need to pay someone on Venmo, follow these steps:

Open the Venmo app.

Tap on “Pay or Request”.

Enter the recipient’s username, email, or phone number.

Type the amount and add a note.

Select “Pay” and confirm the transaction.

How to Pay Someone with Venmo Using a QR Code

Venmo offers a QR code feature for faster payments:

Open the Venmo app.

Tap on the QR code icon at the top.

Scan the recipient’s Venmo QR code.

Enter the amount and confirm the payment.

Security Tips for Using Venmo

Enable Two-Factor Authentication (2FA): Add an extra layer of security.

Use a Strong Password: Avoid common passwords and enable biometric authentication.

Be Cautious of Scams: Only send money to people you know and trust.

Monitor Your Transactions: Regularly check your transaction history for any suspicious activity.

Frequently Asked Questions (FAQs)

1. Can I Send Money on Venmo Without a Bank Account?

Yes, you can use a linked debit or credit card instead of a bank account.

2. Is There a Fee for Sending Money on Venmo?

Sending money using a linked bank account or debit card is free. Credit card transactions incur a 3% fee.

3. How Long Does It Take to Receive Money on Venmo?

Instantly, if sent to your Venmo balance. Bank transfers take 1-3 business days.

4. Can I Cancel a Venmo Payment?

No, once a payment is sent, it cannot be canceled. You must ask the recipient to return the money.

5. How Secure Is Venmo?

Venmo uses encryption and security measures, but users should enable additional security features for safety.

Step-by-Step Guide: Recovering a Hacked Instagram Account In the digital age, Instagram is more than just a photo-sharing app; it’s a platform for self-expression, business, and connecting with friends. However, with its popularity comes the risk of hacking. Discovering that your Instagram account has been compromised can be alarming, but the good news is that quick action can help you regain control and secure your account. Signs Your Instagram Account Has Been Hacked Before diving into solutions, it’s crucial to identify whether your account has indeed been hacked. Here are the tell-tale signs: 1. Unusual Activity If you notice posts, comments, or direct messages that you didn’t create or send, it’s a red flag. Hackers often post spammy links or inappropriate content. 2. Changed Account Information If your email address, phone number, or username has been altered without your knowledge, it’s likely someone else has gained access. 3. Login Alerts Instagram notifies users when their account is accessed from a new device or location. If you receive such notifications and it wasn’t you, take it seriously. 4. Unable to Log In If you find yourself locked out of your account despite using the correct password, it’s possible the hacker has changed your login details. 5. Account Deactivated or Deleted In extreme cases, hackers may deactivate or delete your account. If this happens, you might not be able to find your profile when searching for it. Immediate Steps to Take If Your Account Is Hacked Time is of the essence when dealing with a hacked Instagram account. Here’s what you should do right away: 1. Change Your Password If you can still access your account, immediately change your password to something strong and unique. Include a mix of uppercase letters, numbers, and special characters. 2. Reclaim Your Account If you’re locked out, use Instagram’s “Forgot Password” feature to reset your login credentials. Follow these steps: Go to the Instagram login page. Tap on “Forgot password?” Enter your email address, username, or phone number. Follow the instructions sent to your email or phone. 3. Report the Hacked Account to Instagram If resetting your password doesn’t work, report the issue to Instagram: Go to the Help Center or the login page and click “Need more help?” Select “My account was hacked.” Provide requested details, including proof of identity if needed. Instagram may ask you to verify your identity by sending a photo of yourself holding a handwritten code. 4. Check Linked Accounts Hackers may exploit your linked accounts (e.g., Facebook, email). Change the passwords for these accounts to ensure they remain secure. 5. Enable Two-Factor Authentication (2FA) After regaining access, enable 2FA for added security: Go to your account settings. Select “Security” > “Two-Factor Authentication.” Choose a verification method (text message or authentication app). How to Protect Your Instagram Account from Future Hacks Preventative measures are just as important as recovery steps. Here’s how to safeguard your Instagram account: 1. Use a Strong, Unique Password Avoid using common passwords or recycling old ones. Password managers can help generate and store secure passwords. 2. Avoid Suspicious Links Phishing scams often trick users into providing login credentials. Be cautious of links sent via email, direct messages, or comments. 3. Monitor Login Activity Instagram’s “Login Activity” feature shows where your account is logged in. To access this: Go to “Settings” > “Security” > “Login Activity.” Review the listed locations and devices, and log out of any unfamiliar ones. 4. Update Your App Regularly Ensure your Instagram app is up-to-date to benefit from the latest security features and patches. 5. Be Selective with Third-Party Apps Granting access to unknown apps can expose your account to risks.

Only use trusted third-party tools, and revoke access to ones you no longer use. FAQs About Instagram Hacks Can Instagram recover a deleted account? If your account was recently deleted, you might have a short window (usually 30 days) to restore it by following the account recovery process. What should I do if I receive a phishing email? Avoid clicking on any links or downloading attachments. Report the email to Instagram and delete it from your inbox. How often should I change my password? Changing your password every 3-6 months can add an extra layer of security. Conclusion Realizing your Instagram account has been hacked can feel overwhelming, but staying calm and acting swiftly can make all the difference. By identifying the signs early, taking immediate recovery steps, and implementing preventative measures, you can secure your account and enjoy a safer social media experience.

How to Improve the Security of Your Facebook Account

Facebook is one of the most widely used social media platforms, making it a prime target for hackers and scammers. Securing your account is essential to protect your personal information and ensure a safe online experience. If you’re looking to enhance the security of your Facebook account, here’s a step-by-step guide to help you.

1. Strengthen Your Password

A strong password is your first line of defense against unauthorized access. To improve your password security:

Use a combination of uppercase and lowercase letters, numbers, and special characters.

Avoid using common words, names, or easily guessable information like your birthday.

Change your password regularly and hacking facebook avoid reusing old ones.

2. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication adds an extra layer of security by requiring a second verification step when you log in. To enable 2FA:

Go to Settings & Privacy > Settings > Security and Login.

Click Use Two-Factor Authentication and follow the setup process.

You can choose a text message, authenticator app, or security key as your second verification method.

This ensures that even if someone has your password, they won’t be able to access your account without the second step.

3. Regularly Review Privacy Settings

Facebook offers detailed privacy controls to limit who can see your profile and activity:

Use the Privacy Checkup tool to review your current settings.

Set your profile visibility to Friends or customize it for specific groups.

Limit who can send you friend requests or look you up using your email or phone number.

4. Be Cautious with Links and Third-Party Apps

Cybercriminals often use malicious links and apps to gain access to accounts.

Avoid clicking on suspicious links, even if they seem to come from friends.

Review third-party apps connected to your Facebook account in Settings > Apps and Websites, and remove any that you don’t recognize or no longer use.

5. Monitor Login Activity

Regularly check which devices are logged into your account:

Go to Security and Login in your settings.

Review the list of logged-in devices and locations.

Log out of any unfamiliar devices and change your password if necessary.

Conclusion

Improving the security of your Facebook account is essential in today’s digital age. By strengthening your password, enabling Two-Factor Authentication, managing privacy settings, and staying vigilant, you can significantly reduce the risk of unauthorized access. Regularly updating your settings and monitoring activity will help you maintain a secure and worry-free online presence. Take these steps today to protect your Facebook account and enjoy a safer social media experience.

Tiranga Login A Guide to Accessing and Playing the Tiranga Game

In the world of online gaming, the Tiranga Game has gained immense popularity for its unique approach to color-based prediction games. It is simple yet engaging, drawing in players from various backgrounds who are looking for an exciting and fast-paced experience. One of the most crucial steps in getting started with the game is the Tiranga login process. In this article, we will explore what Tiranga login entails, the steps to follow for a seamless experience, the importance of secure login practices, and troubleshooting common issues players might face.

What is Tiranga Game?

Before diving into the details of the login process, it’s important to understand what the Tiranga Game is all about. Inspired by the Indian national flag, or "Tiranga," the game involves color-based predictions where users place bets on different outcomes represented by colors. Players predict which color will win in various rounds, and if their prediction is correct, they win rewards. It’s an innovative fusion of gaming and chance, providing users with quick results and real-time excitement.

The Tiranga Game is available on both mobile and web platforms, allowing users to access the game easily from anywhere.

Why is Tiranga Login Important?

The Tiranga login process is essential because it serves as the gateway for users to access their accounts and start playing. It ensures that each player’s data, progress, and any rewards or funds they have accumulated are stored securely. A proper login system also provides a personalized experience for players, enabling them to participate in multiple rounds, claim bonuses, and manage their transactions within the app or website.

Step-by-Step Guide to Tiranga Login

Download the Tiranga App: The first step is to download the Tiranga Game app from the Google Play Store (for Android users) or the Apple App Store (for iOS users). Once downloaded, install the app on your device. For users who prefer not to use the mobile app, Tiranga Game can also be accessed through its official website. Ensure that you are using a secure and official platform to avoid any security risks.

Sign Up or Register: If you are a new user, you will need to register before logging in. The registration process is simple and requires basic information such as your name, email address, phone number, and a password. Some apps may offer registration through social media accounts like Google or Facebook, making the process even quicker. Verify your account via an email or SMS code if prompted.

Tiranga Login: For returning users, the login process involves entering your registered email or mobile number and password on the login page of the app or website. Once logged in, you will have access to your account dashboard, where you can start participating in the game, check your winnings, or make deposits and withdrawals.

Two-Factor Authentication (Optional): For enhanced security, some Tiranga Game platforms may offer two-factor authentication (2FA). If enabled, you will receive a one-time password (OTP) via SMS or email, which must be entered to complete the login process. This adds an extra layer of protection to your account.

Secure Login Practices

While the Tiranga Game provides entertainment and excitement, it’s important to ensure your account and personal information remain secure. Here are some tips for maintaining a secure login:

Use Strong Passwords: Create a strong password that combines letters (both uppercase and lowercase), numbers, and symbols. Avoid using easily guessable information like your name, date of birth, or common phrases.

Enable Two-Factor Authentication: If the platform supports 2FA, enable it to add an extra layer of security. This ensures that even if someone knows your password, they cannot access your account without the one-time code sent to your mobile or email.

Avoid Public Wi-Fi: Public Wi-Fi networks can be vulnerable to security breaches. Avoid logging into your Tiranga account while connected to public Wi-Fi. Instead, use secure networks or mobile data when accessing the game.

Log Out After Use: Always log out of your account after using the app or website, especially if you are using a shared or public device. This ensures that no one else can access your account without your permission.

Keep the App Updated: Regularly update the Tiranga Game app to ensure you have the latest security patches and features. App updates often include important bug fixes and improvements that can help protect your account.

Common Login Issues and Troubleshooting

While the login process is generally straightforward, players may occasionally encounter issues. Here are some common problems and their solutions:

Forgot Password: If you forget your password, click on the "Forgot Password" link on the login page. You will be prompted to enter your registered email or phone number. Follow the instructions to reset your password and regain access to your account.

Account Locked: If you enter incorrect login details multiple times, your account may be temporarily locked as a security measure. In this case, wait a few minutes and try again, or contact customer support for assistance.

Login Not Working: If you’re unable to log in despite entering the correct credentials, ensure that your internet connection is stable. If the issue persists, check for any ongoing server maintenance or outages. You can also try clearing the app’s cache or reinstalling it.

Two-Factor Authentication Issues: If you do not receive the OTP for two-factor authentication, check your internet connection, and make sure your phone number or email is correct. Contact support if the issue persists.

Device Compatibility: If the Tiranga app crashes or fails to open, ensure that your device meets the minimum system requirements. You may need to update your operating system or switch to a device that supports the app.

Conclusion

The Tiranga login process is a crucial step for players who want to access and enjoy the exciting features of the Tiranga Game. By following the proper registration and login steps, as well as maintaining secure practices, users can enjoy a seamless and safe gaming experience. Whether you are a beginner or an experienced player, the Tiranga Game offers a unique and thrilling way to participate in color-based predictions, making it one of the most popular gaming options today.

All right, since I bombarded a poor mutual yesterday...

Privacy is not security and security is not privacy. These terms are not interchangeable, but they are intrinsically linked.

While we're at this, anonymity =/= security either. For example, Tor provides the former, but not necessarily the latter, hence using Https is always essential.

It is impossible to have privacy without security, but you can have security without privacy.

A case in point is administrators being able to view any data they want due to their full-access rights to a system. That being said, there are ethics and policies that usually prevent such behavior.

Some general tips:

Operating System: Switch to Linux. Ubuntu and Linux Mint are widely used for a reason. Fedora too. And don't worry! You can keep your current operating system, apps and data. If you're on a Mac computer, you can easily partition your hard drive or SSD by using Disk Utility. If you're on Windows, you can follow this guide.

You want to go a step further? Go with Whonix or Tails. They're Linux distributions as well, but they're both aiming for security, not beauty so the interface might not be ideal for everyone. Many political activists and journalists use them.

You want anonymity? Then you need to familiarize yourself with Tor. Also, Tor and HTTPS and Tor’s weaknesses. When you're using it, don't log in to sites like Google, Facebook, Twitter etc. and make sure to stay away from Java and Javascript, because those things make you traceable.

Alternatives for dealing with censorship? i2p and Freenet.

Is ^ too much? Welp. All right. Let's see. The first step is to degoogle.

Switch to a user-friendly browser like Firefox (or better yet LibreWolf), Brave or Vivaldi. There are plenty of hardened browsers, but they can be overwhelming for a beginner.

Get an ad blocker like Ublock Origin.

Search Engine? StartPage or Duckduckgo. SearXNG too. Like I said degoogle.

Get a PGP encrypted e-mail. Check Protonmail out.

There's also Tutamail that doesn't cover PGP, but uses hybrid encryption that avoids some of the cons of PGP.

Skiff mail is also a decent option.

Use an e-mail aliasing service such as SimpleLogin or AnonAddy.

Check OpenPGP out. Claws Mail is a good e-mail client for Windows and Linux, Thunderbird for Mac OS.

Gpg4win is free and easy to use for anyone that wants to encrypt/decrypt e-mails.

Instead of Whatsapp, Facebook messenger, Telegram etc. use Signal for your encrypted insant messaging, voice and video calls.

Get a metadata cleaner.

Get a firewall like Opensnitch, Portmaster or Netguard which can block Internet for trackers.

Alternatively, go with a private DNS that blocks these trackers. NextDNS is a good paid service. Rethink a good free option.

Replace as many of your applications as you can with FOSS (free and open source) ones. Alternativeto can help you.

Always have automatic updates on. They are annoying af, I know, but they are necessary.

Keep your distance from outdated software.

Always have two-factor authentication (2FA) enabled.

Do not use your administrator account for casual stuff. If you're on Linux, you probably know you can be sudo, but not root.

On Linux distributions use AppArmor, but stay away from random antivirus scanners. Other distributions default to SELinux, which is less suited to a beginner.

Never repeat your passwords. If you can't remember them all, use a password manager like KeePass.

Encrypt your drive.

Honestly, VPNs have their uses and ProtonVPN, Mullvad and Windscribe are decent, but eh. If you don't trust your ISP, why would you trust the VPN provider that claims they don't log you when you can't verify such a thing?

Excerpt:

You might even be well aware of the various court rulings that prohibits police from forcing you to give up your finger or your noggin to unlock your device for them, as well as your passcode. That won’t stop the police from trying, or even trying to cajole you into coughing up your login credentials in exchange for, say, processing you faster out of wherever it is you’re being held.

You can stand strong against police requests to unlock and search your device—they’ll need a warrant for that—but you also don’t have to make things easy for them. When you’re heading out to protest, consider:

Disabling face/fingerprint authentication entirely and set up your phone to use a long PIN or password instead. That’ll make it a lot harder for police to crack your security if they get their hands on your device (with or without a warrant).

Setting up encryption on your phone: This comes enabled by default on iOS and Android if you’re using a passcode. (On Android, you can check by visiting Settings > Security—at least, on my Pixel 3 XL, which is what I’m using for all the steps in this guide. YMMV.)

Adjusting your screen-lock time to nothing: Convenient as it is to not have to authenticate into your phone all the time when you’re actively using it, you might want to turn your screen-lock time down to zero, or a much smaller time than what you’d typically use at home.

Lock down your SIM card with a PIN number: You set this up on both Android (Settings > Security > SIM card lock) and iOS (Settings > Cellular > SIM PIN). When you do, nobody else will be able to impersonate you if, for whatever reason, they get physical access to your SIM card. That’s especially useful if someone else is trying to break through the two-factor authentication protection you use for other apps and services.

Set up secondary authentication wherever possible: Someone might be able to break into your phone, but if you can set up a separate password, PIN, or two-factor authentication for the apps you use most often, such as your messaging apps, then you might have an extra layer of defense. How helpful this is depends on the app. For example, my Home Depot app bugs me constantly for a 2FA code whenever I’m logging in to check my account, whereas Facebook only queries you at the point of an initial sign-in. If you have time to log out of your critical apps when the going gets rough during a protest, and your supplemental authentication doesn’t send a text message with a code to the very phone you’re holding—lock your 2FA app with a separate form of authentication, too—then that’s just one more digital wall someone has to overcome to see what’s on your device.

Turn off or secure your previews and notifications: Obviously, if someone gets hold of your device, they don’t need to even log in if all of your incoming texts and other notifications display directly on your phone’s screen. Turn off or set Show Previews to “when unlocked” in iOS (Settings > Notifications) or turn off notifications on your lockscreen in Android via Settings > Apps & notifications > Notifications.

Consider setting up Screen Pinning (Android) or Guided Access (iOS): If you need to access an app on your device pretty regularly—such as some mapping app that can help you get home—but you want to lock down the rest of your phone behind a PIN or password, then these two features will allow you to “sticky” one screen to your device. If you, or anyone else, tries to access the rest of your phone, they’ll need to authenticate as you. You’ll find Screen Pinning in Settings > Security on Android, and Guided Access in Settings > Accessibility on iOS.

Learn how to lock down your phone in an instant: Both iOS and Android come with a way to quickly lock down your device, which will force whoever next has your device to figure out a viable authentication method. This shouldn’t matter if you’ve set your device to immediately lock as soon as the screen goes off, but it’s worth remembering just in case.

On iOS (iPhone 8 or newer), hold down the Power and Volume Up buttons at the same time. On the emergency screen that appears, tap cancel, or simply tap the power button one more time to flip your phone off. When you power the screen back on again, you’ll have to enter your password (or passcode) to log in; Touch ID or Face ID will be disabled.

On Android, you’ll first need to visit Settings > Security, and tap on the gear icon to the right of your primary authentication option under the “Device Security” heading. You’ll then see an option for “Power button instantly locks,” which you’ll want to enable. You’ll also want to go to Settings > Display > Lock screen display and enable “Show lockdown option.” Then, whenever you hold down your device’s power button, you’ll see a new “Lockdown” option you can tap to disable your Smart Lock, biometric unlocks (face or fingerprint), and lock-screen notifications

Sign out of your social media: Generally speaking, if you don’t think you’ll use it during a protest, sign out of it. This includes Facebook, Twitter, Instagram, the email you’ve tied to your device—anything that someone else could use to make your life a disaster (or affect your fellow protesters’ lives) were they to get their hands on your phone.

Where Is Code Generator On Facebook When You Enable A 2FA Program

In today's post, we are going to explain how easy to be aware of Where is Code Generator on Facebook. Furthermore, you will also learn the right way to find it out without any difficulties. So, if you fund out the need of getting such requirements to be fulfilled carefully, you should refer to this post and determine the feasible guidance and assistance.

However, it would be good to understand what exactly a Facebook Code generator is before you find how to determine a code generator on Facebook and where is the code generator on Facebook. As everyone is aware of the fact, Facebook and other social media platforms are making proper utilization of a two-factor authentication to safeguard their host and customers’ security in an effective manner.

To make 2FA feature stronger, the Facebook code generator is introduced by the officials. Simply put, it is a kind of a security feature through which you will be able to use the two-factor authentication feature efficiently with your Facebook account.

How do I Find out Code Generator on Facebook?

Keep the fact in mind that it is very easy and straightforward to determine the Facebook Code Generator. Don't worry if you are one of those who are lacking the required information! Luckily, you will be able to find out the right source of information and details by continuing to readthe post. In such a critical situation, it would be good to go through the post as carefully as possible.

Here are the necessary steps you just follow these instructions to do so:

First Step:

First of all, you will have to go to the Facebook app on your mobile device no matter whether you are using an Android device or an iOS device. While accessing the application on your smartphone, you have to ensure a strong internet connection.

Second Step:

After launching the application, you should consider logging into your Facebook account with the user credentials. Note: before you check for the same, it is important to confirm whether you have activated the two-factor authentication on Facebook or not. However, you must have this feature enabled on your Facebook account.

Third Step:

In the next step, you will have to click on the hamburger icon. For that, you will have to reach out to the top-right corner of the mobile screen.

Fourth Step:

Scroll down the screen unless you come across the 'Settings & Privacy' option. What you have to do is click on it to expand it. Hereafter, you will be able to see the listed options. So, you have to simply search and choose the 'Code Generator' option.

Fifth Step:

As quickly as you tap on it, you will be able to find a six-digit code. Keep the fact in mind that you will have to use this code within 30 seconds of its generation. However, if you don’t use the code within the given time, the code gets expired automatically.

This is all about the way to find out a code generator on Facebook. Whenever you use it to generate a code, you will be able to receive a new and fresh code from Facebook Code Generator. Also, you have to be aware of the fact that you don't need to share this code with anyone.

Related Article- Find Your Facebook Contacts By Phone Number

Is there any Reference Available to Fetch Necessary Assistance?

During the course of determining Where is code generator on Facebook, it is expected to encounter some sorts of problems be it technical or non-technical. However, you don’t need to worry in case any such loopholes take place when you try to do the same. To find a reliable source, you should immediately navigate through the official Facebook hell center. Here, you will be able to get the required assistance and support right from the comfort of your home. At the official Facebook help center, you will get clarification and answers to any type of questions.

Though Facebook doesn't have any kind of customer care service, you can either refer to the official help section or you can also go to some reliable forum where such questions are discussed and answered in easy language so that anyone can be aware of the procedure. So, whenever you find the need of getting a code generator on Facebook, this post will be beneficial to take reference from.

Summary:

This article is written with a clear objective of assisting those users who are looking forward to knowing Where is Code Generator on Facebook. Furthermore, the readers will also be able to determine how easy it is to find out a code generator on Facebook. What they have to do is go through the whole article post to find a better understanding.

The Libertarian Argument for the Right to be Forgotten

Libertarians talk about our inherent rights such as self defense, property, free speech, and so on all the time. What about our right to our own data and online privacy?

In Europe, they have the General Data Protection Regulation (GDPR) which is a regulation that allows European Union citizens to find out and remove any and all data a company has on them.

I’ve been a staunch privacy advocate for many years as it’s a core principle of the free, Libre, and open source software movements.

I am that guy who goes through every application, analyzing what, and how, data is collected from the accounts and applications I use, and I almost always take extra steps to secure my privacy and security.

In fact, I have been well on the way to “de-Googling” myself for years, having deprecated my Gmail and Google services, to the point I only use Google Voice because the several numbers I have there have been well established in my circles, and I can’t port those phone numbers. But my Gmail is solely for Google Adsense, YouTube, and Voice.

I have long stopped using the actual Gmail and Drive components, in favor of building my own private email and cloud storage server.

My Facebook has been locked down severely, and, to be completely honest, if it wasn’t for my team at Being Libertarian being heavily reliant on Facebook, I would have killed my Facebook account long ago; all because Google and Facebook are two of the biggest violators of personal privacy and of my capability to own my personal data.

I have spent a good deal of time making sure my search results on Google, Bing, Yahoo, and Duck Duck Go have been really clean of most sensitive personal information, which has been really easy at times and at times hard, due to my name being extremely unique.

It’s well known that Facebook, Google, Microsoft, and many companies earn money by analyzing, gathering, and compiling information on you. Every email, search, upload, message, voice call, video call, video upload, etc. to Facebook, Google, and Microsoft is scrutinized to see how it can gain money from you.

While monetarily many of their services are free, your price is your privacy.

Even diving into Microsoft Windows you can see in Windows 10 that there are options to analyze what you are doing on your own computer, so they can target ads to you, and it’s because of the ways Microsoft invades privacy among many other reasons outlined in “Free(dom) Software: Why Your PC Should Have Liberty”. I use Linux as well as other free, Libre, and open source software in my everyday life.

Many internet service providers also do this by analyzing your internet traffic, and some have been caught injecting ads of their own while you are browsing.

So, with that all said, it’s not surprising there are people like me who spend a lot of time, effort, and some money to retain our data privacy.

I personally spend about $50 per month for my private email, contacts, and calendar (powered by mail-in-a-box), cloud storage (powered by Next Cloud), WordPress blog, and three VPN services to retain my privacy and security.

But I have at times been paying for third party services such as Abines DeleteMe to scour public databases to prune my private information, although they do offer a free DIY tutorial to remove your data.

In case you are wondering why I use three VPN services — each serves a different purpose:

1) VPN Unlimited which I have had for years, is a lifetime subscription to allow my devices to use Netflix and other streaming platforms whilst traveling or using public wifi to secure my devices and grant some extra privacy.

2) Private Internet Access which I pay yearly, is paid for in Bitcoin and focuses on security and privacy in general browsing. I use them especially when I am torrenting files or browsing the internet via Tor as an additional privacy and security step.

3) Private OpenVPN is a server I made so I have a static IP address no matter where I work from to know I have a guaranteed IP address to access all my and my clients’ servers successfully in case I lock myself out.

But there is a problem with a lot of VPNs too in terms of data privacy rights. A lot of them log and track your usage, also in an effort to make more money off of you. So you have to be careful of the VPN service you use, because the free VPN services, especially Onavo which is offered for free by Facebook, will give a false sense of privacy. I chose Private Internet Access because they open source as much as possible, and donate to many organizations whose jobs are to promote data privacy and the free, Libre, and open source software community.

Libertarians like to regularly talk about an inherent right to privacy, especially when on our own property. But we seem to fall rather silent when it’s a business, not the government, invading our privacy.

We willingly sign away our privacy and security to a business in exchange for “free stuff,” the very same way we make fun of liberals for wanting to do the same when Bernie Sanders talks about us getting free stuff.

But, because it’s a business, it’s totally okay, apparently, even though it’s well known and documented that U.S. and other governments will easily approach Google or other companies for data on specific people because that is a path of less resistance as I touched on in my prior article, “It’s Time to De-Google Yourself: Email”.

The fact is, for an Orwellian style of government, Google, Microsoft, and Facebook are an authoritarian wet dream for data collection.

Think about it. In the USA, not only are businesses free to collect any and all data on us on and offline, but there is no way for us to remove our data should we choose to in the future.

So, despite being observant of my data for a little over a decade all those companies still have, and in many cases, continue to collect my data without me being able to do anything about it; whereas, if I were in the EU, I could invoke the GDPR laws to get Microsoft, Google, Facebook, and more to remove my data from their systems.

One of the counter arguments I have heard is that you agree to use the company’s services and therefore shouldn’t have a right to complain as they can do as they please, and you can choose not to use the service. This is a fair argument, however, I should still retain the rights to my data, so should I opt to stop using a service, that my data is guaranteed to stop being used, or I can specify what data is allowed to be tracked.

For example, I have stopped using Gmail for receiving any emails. My account is purely for sending log emails from some servers, Google 2 Factor Authentication, Google Voice, and YouTube. Maybe I am okay with them getting my data and usage statistics for YouTube but want to keep my email, 2FA, and Voice services unable to be tracked and logged for security and possibly legal reasons.

This is an issue, as one thing I have regularly come across in my job of being IT systems consultant for small and medium businesses, is an inordinate number of doctors’ offices are using free Gmail accounts which is actually a violation of the Health Insurance Portability and Accountability Act (HIPAA). Due to the data collection tactics of Google, you have to sign up for G-Suite and sign a Business Associate Agreement (BAA) to make it HIPAA compliant.

But that also means private correspondence with your lawyer, accountant, family, and more is also available to advertisers or anyone willing to pay Google.

The same HIPAA issues come to light with really any free email provider, because those free providers more often than not are making their money back by scouring your emails for any valuable bits of your personal data to make money.

I believe, as a libertarian, we should have a right to our data, whether it is from the government or a business. I should have the ability to choose whether to disclose any or all information to any business, and should I end my use of a service, or choose for them not to have access to some data, be able to request for my data to be permanently deleted.

It also shouldn’t be a complicated process. A simple form or email submission is all we should require; not to go the routes I have gone where I have to constantly stay on top of what platforms have my data. But that still doesn’t help me in the case of Google, Microsoft, Facebook, Amazon, and others. This is why we should fight for GDPR in every country and embrace the right to be forgotten.

The post The Libertarian Argument for the Right to be Forgotten appeared first on Being Libertarian.

from WordPress https://ift.tt/2qZlDUT via IFTTT

What Should We Consider When Adding 2FA to Our Cloud Account Logins?

New Post has been published on https://www.aheliotech.com/blog/2fa-cloud-account-logins/

What Should We Consider When Adding 2FA to Our Cloud Account Logins?

Compromised passwords are the major cause of cloud account data breaches. In 2019, 77% of cloud service breaches were caused by hacked passwords.

Stealing user passwords through malware or a spoofed login form has because the #1 purpose of phishing attacks. Which makes securing passwords at the top of the priority list for any Ohio business that wants to avoid a costly account compromise.

What can happen when your cloud service accounts, like Microsoft 365, QuickBooks Online, or SalesForce are compromised by an attacker? You can suffer from multiple attack types:

Your email account can be used to send out phishing emails.

A hacker could have access to your bank account information.

Any stored credit cards could be compromised.

Your list of usernames and passwords for that account could be stolen and sold.

Ransomware could be injected into cloud storage.

A hacker could quietly steal documents and emails for months or even years.

It’s important to put password best practices in place to urge users to create strong passwords that are difficult to hack. But this is only one step in the account security process. Cloud infrastructure also needs to be protected by two-factor authentication (2FA).

You could have the strongest passwords in the world and still have them compromised by a 3rd party breach. For example, so far in 2021, there have been several breaches that exposed the login credentials of millions of users. Some of these are:

Facebook, Instagram, LinkedIn, 214 million user accounts were breached through a Chinese social media management company.

Pixlr: This free online photo-editing site had 1.9 million user records breached.

Microsoft Exchange Server: Initial reports were that 30,000 organizations had email account breaches, which has now risen to over 200,000.

So even the strongest passwords can become compromised and need protection. That’s why 2FA is a vital tool to use for securing your cloud logins.

Two-factor authentication can block 99.9% of fraudulent sign-in attempts, even if the hacker has the password.

Things to Consider When Enabling Two-Factor Authentication

Even though implementing 2FA is an easy decision when it comes to the security of your cloud accounts, you do need to consider a few things before putting it into place. This will help your transition go more smoothly for your companies and your users.

Which Method Will You Use for Receiving the 2FA Code?

Two-factor authentication adds an additional step for users to log in. This is the input of a time-sensitive, unique code into the webform to complete the authentication process. How the user receives this code can differ.

Some will be more convenient than others, while some are more secure. You want to choose a balance between security and convenience.

The three methods you can choose from are:

SMS/Text Message: This is the most convenient and most commonly used. The drawback is that it’s slightly less secure because SIM cards from mobile devices can be cloned.

Authentication App: This is also a fairly common method but includes an additional step of choosing the authentication app to use, and a need to have users install and set it up. It has the mid-level of security between the three methods.

Security Key: A security key device that is plugged into a phone or PC is the most secure way to get the 2FA code. This is also the costliest method because you need to buy the key. It could also be less convenient if a user loses the key.

How Many Logins Need 2FA?

Most companies have more cloud accounts and online logins than they realize. A company with 50 or fewer employees averages 40 cloud apps, and a company with 51-100 employees averages 79 of them.

It’s important to have a strategy and not just start enacting 2FA before you know how many accounts are involved.

Go through all your accounts that require a login, including any used with Remote Desktop Protocol (RDP). You want to have a full count so you can ensure all are enabled together and none that could compromise your data are left behind.

Consider Implementing a Single Sign-on (SSO) Tool

Even if you had half of the cloud accounts of an average small business, that’s still a lot of disruption for employees if they must enter MFA codes into them all day.

You can streamline the process for your users and give yourself more control over the type of 2FA you use by implementing a single sign-on tool. An SSO gives you one portal where employees can sign in and enact 2FA for all of their logins. You also get more control over additional challenges you may want to add, such as including an additional security question if a login attempt is at night.

Get Help With a Fluid 2FA Strategy for More Secure Accounts

AhelioTech can help your Columbus area business implement 2FA and single sign-on to secure your cloud accounts without sacrificing employee productivity.

Contact us today for a free quote. Call 614-333-0000 or reach out online.

How to set up two-factor authentication on all your online accounts

Just about any account you own on the internet is prone to being hacked — and one of the easiest ways to add an extra layer of security is to enable two-factor authentication. Also known as two-step verification or 2FA, the process gives web services a secondary access to the account owner (you!) in order to verify a login attempt. Typically, this involves phone number and / or an email address.

While 2FA doesn’t totally cloak you from potential hackers, it is an important step in preventing your account from being accessed by unauthorized users. Here’s how to enable 2FA on your accounts across the web.

Apple

2FA is currently offered to Apple users on iOS 9 or Mac OS X El Capitan or later. We don’t make the rules!

iOS

The steps are minorly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to “Settings” > [Your Name] > “Password & Security.” You can turn on 2FA to receive a text message with a code each time you log in.

Those using iOS 10.2 or earlier, the settings are under “iCloud” > “Apple ID” > “Password & Security.”

Mac OS

Click the Apple icon on the upper left corner of your screen then click “System Preferences” > “iCloud” > “Account Details.” (You can shorten this step a bit by typing in iCloud on Spotlight.) Click on “Security” and you’ll see the option to turn 2FA on.

The remainder of the steps, from either iOS or Mac, are the same. You can opt for Apple to send you a six-digit verification code by text message, or a phone call.

Instagram

Even though you can access Instagram from a web browser, at this time you can only turn on 2FA from its mobile app. Head over your profile and click the hamburger menu on the upper right corner. Under the Account section, you should see “Two-Factor Authentication.” Toggle “Require Security Code” on to receive a text message with a login code to your account’s phone number each time you sign in.

GIF by Amelia Krales / The Verge

Facebook

Under the hamburger menu on mobile apps or the upper right side on a web browser, click “Settings” > “Security and Login,” or go to http://ift.tt/rPnzFp. Under the section “Use two-factor authentication” you will have the option of registering your phone number to receive a code each time you log in, or have Facebook send a push notification to your phone to authorize or deny the login attempt.

Here, you can also set up a Security Key to log in through USB or NFC, or pre-generate a Recovery Code in case you’re traveling abroad where you will not have cell service.

If you prefer to not use 2FA each time you log in from the same device (say, your personal laptop or phone) you can also set up your trusted devices under the “Authorized Logins” menu. This will allow you to grant access to bypass 2FA for devices currently logged in to your Facebook account.

Twitter

On either the Twitter mobile app or browser version, click your profile avatar and find the “Settings and privacy” menu. Under “Account” > “Security” (or https://twitter.com/settings/account, as a shortcut), you can toggle on “Login verification” to make Twitter text your phone number a code to log in.

Just like other services mentioned above, you can generate a backup code to use when you’re traveling and will be without internet or cell service, or even create a temporary app password that you can use to log in from other devices. The temporary password expires one hour after being generated.

Amazon

Go to the Amazon homepage and log in. From your Account homepage, find “Login & Security” and click the edit button on “Advanced Security Settings.” To set up, click “Get Started” and Amazon will walk you through registering your phone number, or you can opt to use your preferred authenticator app by syncing it through a QR code.

Once verified, you can select trusted devices to bypass 2FA or generate a code to login via a mobile app.

Google

The easiest way to turn 2FA on across your Google account (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking “Get Started.” You’ll be asked to log in then enter a phone number before selecting to receive verification codes by text message or phone call. Like Facebook, you can also choose to use “prompts” that allow you to simply click “Yes” or “No” when a login attempt occurs, or generate a Security Key with a USB stick.

Here, you can also generate backup codes for offline access. Google generates 10 at a time, and they’re designed to be single-use each so once you’ve successfully used one, cross it out as it will no longer work.

Snapchat

From the app’s main page, tap the gear icon and look for “My Account,” followed by “Login Verification.” Select SMS to receive a code for each time you log in. Once 2FA has been enabled on your Snapchat account, you can add trusted devices or request a recovery code for when you’re planning to be somewhere without cellular service.

Slack

To enable 2FA, you’ll need to access the “Account Settings” page from either 1) clicking on your username on the upper left corner to open a drop down menu > “Profile & Account” > clicking the gear icon, 2) clicking on your own username from the chat window and selecting “Open account settings,” or 3) heading to http://ift.tt/1glK5bN. The second option under your username should be to enable 2FA.

From here, if you have multiple email addresses, you may need to select a default one before moving on to picking whether you’d like to receive a passcode by SMS or through an Authenticator app. More on that at the bottom of this post. After you verify your account with a six-digit code, 2FA will be enabled.

Microsoft

Log in to your Microsoft account and find the “Security settings” menu. Choose to set up 2FA and you’ll get walked through the steps with your phone number similarly to the process outlined for all other services above. For when you lack cell service, click “App passwords” to generate a unique, one-time use password to log in.

Dropbox

From your Dropbox homepage on the web, click your profile avatar and find “Settings” > “Security.” Scroll down a bit to find “Two-Step Verification” — there it will tell you the status of your 2FA. Click to enable to turn the feature on and enter your phone number to verify.

WhatsApp

Open up WhatsApp, and find the Setting menu. Look under “Account” > “Two-step verification” and hit enable. You can enter your phone number just like everything else on this list, or choose to input your email as an alternative place to receive the verification code.

Having an associated email with your WhatsApp account is important since the service won’t let you reverify yourself if you’ve last used WhatsApp within seven days and forgot your PIN. So if you can’t wait a week to reverify for whatever reason (lost phone, can’t remember your PIN), it’s helpful to have an email to log yourself in or disable 2FA. In the same vein: be cautious of emails encouraging you to turn off 2FA if you didn’t request it yourself.

PayPal

On the main dashboard, click the gear icon and find “Profile and settings.” PayPal doesn’t explicitly call the feature out as “Two-Factor Authentication” so you’ll need to look for “Security Key.” Click this to set up what’s basically your 2FA by entering your phone number, verifying with the SMS code, and continuing as normal.

If you lose your phone, change numbers, or decide to revoke authorization rights, come back to this menu in the same steps outlined before to make adjustments.

Authenticator apps

For everything else not listed here, we recommend using authenticator apps to keep track of verification codes so you can get them sent to you without requiring cellular service — useful for when you’re traveling abroad and have access to only internet. Popular options include Authy, Google Authenticator, or HDE OTP (iOS only). These apps follow mostly the same procedure when adding a new account: scan a QR code associated with your account and it will save it in the app. The next time you need to login, just open up your app to find the six-digit code required to get past security.

These extra steps are great for adding a layer of security on all your accounts, but remember that you should be changing and updating your passwords regularly even with 2FA enabled just to stay in tip-top shape.

June 24, 2017 at 03:42PM

Magento Cron Job Setup | Tutorial 2020

If you are already active on Facebook or Youtube, you should have known those social media all have the same feature that can schedule the timeline publicity posts that you have previously prepared.

However, can you apply that effective working system into your business, specifically your Magento 2 platform Website?

The answer is here, thanks to Cron Jobs; you will save a great deal of time to manage the server and related tasks.

If you’re an office worker, you can now relax after an 8-hour day spent in the office instead of spending your evening backing up files and managing contacts.

At the same time, you do not need to try to remind yourself to recreate periodic tasks, thanks to the Magento 2 Cron Job Setup.

What is a Cron Job?

Are you wondering what a Cron Job means according to its miracle?

Hence, Cron Job is a function used to periodically perform specific commands for a period predetermined by the administrator.

Put it simply, Cron Job is a function that helps you automatically perform specific tasks, which have been formerly set up.

The Cron Job is an excellent periodical method to make any of your essential programs active automatically and accurately instead of doing them manually.

Because of its functionality, Magento uses the Cron Job for numerous features to schedule activities. The operations you can control scheduling from Magento include:

List price rules

Newsletters popup

Forming Google sitemaps

Customer Cautions/Notifications (product price, product stock status)

Reindex available

Private sales (Magento Commerce only)

Updating currency rates

E-mails (including order confirmation and transactional)

Based on the rapidly changing speed of the trade balance, take the example of Currency Rate Updates, is it too complicated to manually update it regularly (maybe monthly but also daily)?

For another example, without a Magento Cron Job Setup, you have to refresh the catalog price rules several times a day manually. If you have a large scale company, this can be a time-consuming task. Furthermore, what if you disremember to do it?

Do You Need Magento 2 Cron Job Setup?

When Magento 2 with Cron Jobs, there are some improvements compared to Magento 1.x version.

The database doesn’t seem to be more advanced over Magento 1, but the configuration does.

What’s new in the configuration is that now we can group our tasks and choose whether we want jobs to be executed in parallel or not as separate processes, which could be very helpful sometimes.

As a result, the Cron Jobs list you created will now in a separate file called Crontab, which is not available in Magento 1.x.

Magento 2 With “Cron” Terms

The difference between Cron, Cron Job, and Crontab

Cron: the name of the tool

Crontab: generally the file that lists the jobs that Cron will execute

Cronjob: a specific set of execution instructions specifying day, time and command to execute

On most systems, you must get approval from the system administrator to submit Cron Job requests to Cron.

On some shared systems with only one Crontab file, only the leader has the authority to access the Crontab command.

Magento 2 Crontab

Starting with version 2.2, Magento creates a Crontab for you. The Magento 2 Crontab is the configuration used to run Magento Cron Jobs.

Put this term in a more straightforward way to comprehend:

Cronjobs are commands that execute prepared actions at a given time

Crontab is where storing Cron Job data.

According to Magento’s guidance, it uses Cron for two sets of tasks with two different configurations:

PHP command-line configuration: The general Cron Job that reindexes indexers, generates e-mails, generates the sitemap, etc.

Web server PHP plug-in configuration: Two other Cron Jobs are used by the Component Manager and System Upgrade utilities.

A Cron Job Operation

Typically, Cron Jobs has fixed components as follows:

The script to be called or executed.

Command to execute the script on a reoccurring basis (usually set up in cPanel)

The operation of the text depends on what the text is called and executed. Typically, scripts called Cron Job will modify the files or databases.

Besides, Magento official developers recommended that you should run Cron Job as the Magento file system owner instead of run Cron as “root” (custom available installation bypasses the developers’ high-security barriers) or run Cron as the Website server user.

Magento 2 Cron Job Setup Step-by-Step

More tutorial should you read:

Magento Detailed Guidance

There to say, Magento Cron Job Setup is slightly different from Magento 2 Cron Job Setup as Magento version 1.x runs Cron in a different system. Otherwise, on the Magento 2.x platform, generating a Crontab file is necessary before creating Cron Jobs.

To remind you, below is a Magento 2 Cron Job Setup. As a result, if your Website is running on the previous Magento 1.x version, there will be a different tutorial for you to follow.

  STEP 1: Crontab Opening

To open the Crontab as the user, type:

crontab -e

To open the Crontab as a specific user, type:

crontab -u USERNAME -e

In the above example, you will change the “USERNAME” with your reference.

STEP 2: Cron Job Generating

Magento 2 Cron Job setup with command line

Before start trying, you have to notice that Magento creates three log files, which are:

var/log/magento.cron.log var/log/update.cron.log var/log/setup.cron.log.

You can watch these log files and run the following commands on your command line:

#~ MAGENTO START c5f9e5ed71cceaabc4d4fd9b3e827a2b * * * * * /usr/bin/php /var/www/html/magento2/bin/magento cron:run 2>&1 | grep -v "Ran jobs by schedule" >> /var/www/html/magento2/var/log/magento.cron.log * * * * * /usr/bin/php /var/www/html/magento2/update/cron.php >> /var/www/html/magento2/var/log/update.cron.log * * * * * /usr/bin/php /var/www/html/magento2/bin/magento setup:cron:run >> /var/www/html/magento2/var/log/setup.cron.log #~ MAGENTO END c5f9e5ed71cceaabc4d4fd9b3e827a2b

Magento Cron Job setup with WGET Command

Following command:

*/5 * * * * wget -q http://www.yourdomain.com/cron.php

In the above example, you will need to change the link to point the cron.php file in your Magento root.

STEP 3: Magento Cron Job Setup with WGET Testing

This method will testify whether your Magento Cron Jobs are set up correctly or not without waiting a couple of days.

With the Magento 2 Cron Job setup with WGET, change your Crontab command to the following line:

*/5 * * * * wget-bad-command -q http://www.yourdomain.com/cron.php

Notice that an error has appeared in this method.  In the above link, the path to the cron.php to a file that doesn’t exist.

You need to change that email address to your email address.

Now, if your Cron Job Setup is correct, every five minutes, you should get an email saying that there was an error with the Cron script. Once you have that email, you can safely revert to the correct version.

If you don’t receive this email, your Magento 2 Cron Job Setup did something wrong. Check it carefully or comment below to let us know!

Magento Cron Job Setup With Magento Extension

More explore:

All Magento Extension reviews and comparisons

In Magento 2 default, it is inconvenient for administrators to manage Cron tasks because it requires the store database. It is unrequired to go into the database whenever any errors of Cron Jobs occurred.

Also, accessing databases is quite risky and requires absolute priority as well as strong technical skills.

Therefore, designers have launched an updated specialized Magento Extension for Cron Job. Here is the one by Mageplaza which you should give it a try!

Mageplaza Magento 2 Cron Job Setup (FREE)

With Mageplaza Magento Cron Job Setup Extension, admins can manage all the executed Cron Jobs through the listing grid.

The grid allows supervising Cron Job details, including Cron Job code, group name, activation status, job method, instance classpath, schedule, etc.

Also, at the Manage Cron Jobs Grid, store administrators can take mass actions as delete, change status, or execute all or selected Cron tasks conveniently and in a time-saving way.

Magento Cron Job Setup in Magento 2 Admin with Mageplaza

After installing the Mageplaza Magento Cron Job Setup Extension, you have a permit to skip all the complicated and time-consuming installation steps above and will finish the installation step with just one-click.

With this Extension, you can install Cron Jobs right from Magento’s Admin editing page, followed this below guidance.

STEP 1: Login Magento 2 Admin

On the Admin page, click Stores.

In the Settings, select Configuration

Open the Cron section.

STEP 2: Fill in the blank

Open these 2 sections:

Cron configuration options for a group: Index

Cron configuration options for a group: Default

Complete all following information:

Consequently, all of your tasks have been set up and will automatically do their mission!

Conclusion

In the bottom line, I have to admit that there is too much information for users to comprehend. Moreover, standing in front of a vast knowledge can make you confused about whether to follow those guidances or not.

Accordingly, we have summarized the information from other articles in detail and reasonably paraphrase them to understand.

Hopefully, after reading this article, you can understand more about Magento Cron Job Setup. We would appreciate it when you found this article helpful. Please let us know your feedback!

Besides, there are still many other informative articles waiting for you to read:

Magento 2 Backup Extension: Every Online Merchant Should Know

How To Schedule Design Changes in Magento 2

Magento 2 Security: Protect Your Site with 2FA and ReCaptcha in Mind

The post Magento Cron Job Setup | Tutorial 2020 appeared first on Mageguides.

from Mageguides https://ift.tt/380rIn7 via IFTTT

Protect your accounts with two-factor authentication

New Post has been published on https://nexcraft.co/protect-your-accounts-with-two-factor-authentication/

Protect your accounts with two-factor authentication

Use the same password for everything? Two-factor authentication is just what you need. (Youssef Sarhan via Unsplash/)

Online security has never been more important, and if you think keeping all your accounts safe and secure is a big challenge, you’re definitely not alone.

But even if you feel comfortable with your passwords and you’ve managed to think of a different one for every account—an impressive feat to say the least—there are simple steps you can take to lay an extra layer of protection over your data. One of the most effective is enabling two-step authentication across all your apps and services.

How two-factor authentication works

The “two” is key in two-factor authentication—it means that if someone wants to get into one of your accounts, they need not one, but two bits of information. A password counts as one, but it’s not enough. In addition to something you know—your password—two-factor authentication also requires “something you have.” This may be a code (sent to your phone via text message or from a code generator app) or a token you carry around with you, like a USB security key.

If you’re already dreading the idea and think this will make it too complicated to check your email every day, know that two-factor authentication can be set to kick in only when you access your accounts from a new device. You can list your laptop and phone as “trusted devices,” and you won’t be required to constantly look up codes or wait for texts when you log in from there. This can be comfortable, but is also a great reason to protect your personal devices with strong PIN codes, passwords, and fingerprints.

Two-factor authentication, along with two-step authentication or verification, are terms often used interchangeably, and though they are very similar, they are not the same.

Two-step usually refers to two bits of similar information, like a passcode and a password, that are needed to log in, and that might arrive on the same device. Two-factor, meanwhile, typically requires two different devices or types of authentication, like a passcode and a fingerprint.

No, Google Authenticator won’t give you the winning Lotto numbers, but will help you protect any account. (David Nield/)

You only need to look at the number of data breaches that regularly hit the headlines to know how easily your password and email address can leak into the public domain. You can take mitigating steps after the event but, as with everything, pre-emptive action is the best option.

With two-factor authentication, anybody who tries to log in with your username and password will be asked for a second bit of information they don’t have. If they’re not you, they won’t be able to get in. If this happens, you’ll also be notified of an unsuccessful attempt to access your account, which could be useful if you ever wonder about whether you need to take further steps to protect your data.

But using two-factor authentication (or 2FA) doesn’t mean your accounts are suddenly unhackable or that you can let your guard down. Text messages can be intercepted, phones can be stolen, and it’s important that you think of 2FA as one part of an effective security strategy rather than a failsafe lock.

Placing this extra layer of security across all your accounts is easy and shouldn’t take you long at all. It’s definitely worth a few minutes for some extra peace of mind.

Activating two-factor authentication

If you have time to play FarmVille, you have time to enable two-factor authentication. (David Nield/)

Just about every major digital account out there has a two-factor authentication option now. In some cases you might actually get prompts to turn it on when you log in.

From your Google account on the web, click Security and then 2-Step Verification to start the setup process. If you have a Microsoft account, once you’ve logged in on the web, click Update under Security and then Explore next to More security options—you can enable two-factor authentication from the next screen.

For Apple accounts, 2FA needs to be turned on from iOS (Settings > your Apple ID name > Password & Security) or macOS (System Preferences > iCloud > Account Details > Security).

2FA is also available on all your social media accounts. Log into Facebook on the web, click the drop-down menu on the toolbar, then pick Settings and Security and login to access two-factor authentication. On Twitter on the web, click your avatar, then Settings and privacy and Account to find the option.

For Instagram and Snapchat, you need to go inside the mobile apps. On Instagram, open your profile tab and tap the menu button (three horizontal lines, top right), then choose Settings* and *Security. In Snapchat, tap the cog icon from your profile tab and you’ll see the Two-Factor Authentication option.

Tell your friends about securing their Snapchat account. And yes, you can use the doggy filter while you’re at it. (David Nield/)

Dropbox user? If you’re logged into the web platform, you can click your avatar, then Settings, and choose Security to configure your 2FA options. For WhatsApp, open the app, then the app menu (three dots, top right), then choose *Settings** and Account.

As you can see, two-factor authentication is just about everywhere and you should find the option fairly prominently displayed under any platform’s security options.

Where you won’t find two-factor authentication—at least not yet—is on media streaming services such as Spotify and Netflix.

While we can’t speak for those services, it’s likely that the extra convenience of quickly switching between devices to listen to music or watch movies outweighs the security concerns of someone being able to binge watch Stranger Things, or binge listen the complete works of Coldplay without your knowledge.

Where 2FA is available, switch it on, and pay attention to whatever backup login options there are (like security questions or a text message). After all, your accounts are only as strong as their weakest points. With two-factor authentication, you should stand a much better chance of keeping your digital properties safe from unwelcome visitors.

Written By David Nield

Android 7.0+ Phones Can Now Double as Google Security Keys

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.

As first disclosed by KrebsOnSecurity last summer, Google maintains it has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.

The most commonly used Security Keys are inexpensive USB-based devices that offer an alternative approach to 2FA, which requires the user to log in to a Web site using something they know (the password) and something they have (e.g. a one-time token, key fob or mobile device).

But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key. Once a user has enrolled their Android phone as a Security Key, the user will need to approve logins via a prompt sent to their phone after submitting their username and password at a Google login page.

Many readers have expressed confusion or skepticism about how Security Keys can prevent users from getting hooked by phishing sites or clever man-in-the-middle attacks. This capability was described in far greater visual detail in this video last year by Christiaan Brand, product manager at Google Cloud.

But the short version is that even if a user who has enrolled a Security Key for authentication tries to log in at a site pretending to be Google, the company’s systems simply refuse to request the Security Key if the user isn’t on an official Google site, and the login attempt fails.

“It puts you in this mode….[in] which is there is no other way to log in apart from the Security Key,” Brand said. “No one can trick you into a downgrade attack, no one can trick you into anything different. You need to provide a security key or you don’t get into your account.”

Google says built-in security keys available on phones running Android 7.0+ (Nougat) with Google Play Services, enabling existing phones to act as users’ primary 2FA method for work (G Suite, Cloud Identity, and GCP) and personal Google accounts to sign in on a Bluetooth-enabled Chrome OS, macOS X, or Windows 10 device with a Chrome browser.

The basic idea behind two-factor authentication (Google calls it “two step verification” or 2SV) is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor.

The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via an app (like Authy or Google Authenticator), text message, or an automated phone call. But all of these methods are susceptible to interception by various attacks.

For example, thieves can intercept that one-time code by tricking your mobile provider into either swapping your mobile device’s SIM card or “porting” your mobile number to a different device.

A Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.

Probably the most popular maker of Security Keys is Yubico, which sells a basic U2F key for $20 (it offers regular USB versions as well as those made for devices that require USB-C connections, such as Apple’s newer Mac OS systems). Yubikey also sells more expensive U2F keys designed to work with mobile devices.

A number of high-profile sites now allow users to enroll their accounts with USB- or Bluetooth-based Security Keys, including Dropbox, Facebook, Github and Twitter. If you decide to use Security Keys with your account, it’s a good idea to register a backup key and keep it in a safe place, so you can still get into your account if you loose your initial key (or phone, in Google’s case).

To be sure you’re using the most robust forms of authentication at sites you entrust with sensitive data, spend a few minutes reviewing the options at twofactorauth.org, which maintains probably the most comprehensive list of which sites support 2FA, indexing each by type of site (email, gaming, finance, etc) and the type of 2FA offered (SMS, phone call, software token, etc.).

Please bear in mind that if the only 2FA options offered by a site you frequent are SMS and/or phone calls, this is still better than simply relying on a password to secure your account.

I should also note that Google says Android 7.0+ phones also can be used as the Security Key for people who have adopted the company’s super-paranoid Advanced Protection option. This is a far more stringent authentication process for Google properties designed specifically for users who are most likely to be targeted by sophisticated attacks, such as journalists, activists, business leaders and political campaigns.

I’ve had Advanced Protection turned on since shortly after Google made it available. It wasn’t terribly difficult to set up, but it’s probably not for your casual user. For one thing, it requires users to enroll two security keys, and in the event the user loses both of those keys, Google may take days to validate your request and grant you access to your account.

from https://krebsonsecurity.com/2019/04/android-7-0-phones-can-now-double-as-google-security-keys/