Lightweek in Tech Support: Account Security and Tips

Sorry for the absence friends, been a hectic month. We’re back and ready for more. Lightweek in Tech Support is something I’m looking to do every so often. With the holidays coming up, rest assured my Nrdly brethren we’ll be called upon to provide the basics for our family that cannot or will not. Be sure and provide let us know if you’ve got any basic support topics in mind or just general holiday tech support horror stories you’ve dealt with in the comments.

loginsSecurity is a topic I’ve brought up a time or two, but it bears repeating again today. Last week I had 10 successful logins from various countries around Europe and Asia to my Microsoft Account. And after taking measures to secure my account, none have been successful, but only attempted once since then. Recently there’s been a rash of suspect account activity from Microsoft accounts with old Skype logins. Like if your Microsoft Account now is your email user123@email.com you might have used a login of user123 for Skype. These successful logins are using the latter credentials.

notyourfaultApparently, there’s been so much activity for accounts that were tied to Gmail email accounts that Gmail filed the initial notification of account activity into my Spam folder. I don’t know if that’s a shortcoming of Gmail or what. I’m not sure, but I did my duty to flag the email not spam and carried on. The good news is that despite being able to log in to my account, they couldn’t do anything since Microsoft takes some steps to protect users. Plus, I require a verification from Microsoft sent to me through email to double check that it’s me trying to do something with my account.
img_3573This is called Two-Step or Two-Factor Authentication (2FA). Sometimes it’s as simple as sending an email to an address they know on file, but you must specify first before a code is sent to you. Microsoft uses this method, but also enables use through an app to authenticate. I haven’t used their app. Another popular method is through SMS. Google uses this method a lot. Sending you a text message with a code you enter into the screen to verify you’re you. Other times you can provide a code via connected devices like a USB thumbdrive that provides the second layer for you. Another method is an offline device. These typically use a button to display a code. I have one I use to log in to play Star Wars: The Old Republic, hey, I get a Cartel Coin grant each month for it and it’s still a kind of a fun game I’m getting back into lately. Apple uses a method that recognizes login attempts to your iCloud account and sends a notification to your device(s) prompting you to authorize it and then provides you a six-digit code to enter on the other login screen. Each one is a little different, but still accomplishes the same thing.

Is 2FA necessary? No, not at all, and I wish it wasn’t even recommended. But it’s the world we live in. It all depends on how sensitive your information is and if you wish to keep it secure as you can. Sometimes, an email address is simply for spam and you wouldn’t mind anyone having access to the contents therein. However, if you don’t employ spam email accounts and use a central email for most things, you might consider locking it down as best you can. It will undoubtedly contain financial information, social network credentials as well as other connected services like Google Drive or iCloud access. Usually larger companies like Google, Microsoft, Apple, Facebook, and others will typically lock down your login info in the event of compromise. Not necessarily because they’ve been breached, but because the IP address associated with the login attempt is unfamiliar to an extent that it’s certainly malicious. I’m not going to log in to my Microsoft account from Ukraine. Just not going to happen. It’s an assumption made by Microsoft that pays off in the user’s case.

lastpassWhat else can you do? Use a better password and change them every so often. A decade ago I was using a simple alphanumeric password ranging 8-12 characters. Now I’m using special characters that some sites still don’t allow in a password. If you’re having issues remembering passwords, use something like LastPass. It’s free and will allow you to store all your passwords, organize them and now access them via mobile. All the major browsers support it through an extension, even Edge! You can even let it generate passwords for you. You can make them gibberish, or pronounceable where you can stand a chance to remember them if you’re without LastPass. Though I doubt that will happen. Not LastPass being unavailable, but you remembering all your passwords. It’s damn near impossible for most folks to remember simple ones let alone complex passwords nowadays with so many logins to consider. LastPass can even save notes for a site. So you can save things to it like what security questions were answered and how they were answered. Some are case sensitive, so be careful how you notate that if you do.

Protip: Contacts.

Take some time and login to whatever appropriate site you need to for this. Either the People app on your Windows machine, Google Contacts, or iCloud if you’re on Android or iOS respectively. Log in and trim up that contact list. Combine duplicates. Assign nicknames to give yourself more search results. Then export it. Even if you’re on iOS you can export it to Google directly. I’ve had the two lists synced up for years now. I’ve seen a handful of friends on Facebook asking for friends to send them their numbers. How is this still a problem for people? The information is freely interchangeable between iOS and Android. Even Windows Phone! Save. Your. Contacts. Also, some people still live in a world where contacts are listed “A Josh Cell”. Put people with multiple phones under the same contact and specify what type of phone that is. Mobile? Work? Home? Same for email addresses. If you list it as mobile, your phone will know to prioritize it for text messages. If you want quick access to Josh’s cell phone, save that one number as a favorite. iOS allows you to pull one number for a contact and do another for their others. So under favorites you have a list of contacts and you can order this one exactly how you’d like. I can’t say how Android handles this, but I know it allows favorites too, but I want to say it does this on an individual basis, not a phone number basis. Been a year since I mess with it. Regardless, all of this allows Google Assistant or Siri to better help you when trying to call or text someone.

By Josh Hearne

Red Five standing by…Josh is a more gadget, science and space centric nerd, focusing on the physical, tangible aspect than the media and fictional. A big Neil DeGrasse Tyson and Carl Sagan fan, he’s more at home watching COSMOS than Gundam or Dragonball. That said, Star Wars is easily his favorite series, in all its forms. Also a bass player, he enjoys music, nerdy or not. Winter is his favorite season, Orion is always visible then and the cold nights offer often clear views of the nebula within.