Choosing Password Management Software
If there’s one problem we all experience, it’s having too many online accounts and passwords to remember. To solve this problem, we’ve developed a very bad habit: using the same passwords all the time. But there’s a much better solution: using a kind of software called a password manager. By Marc-André Gagnon, information security specialist. The way a password manager works is that you enter all your passwords into a database that itself is highly secure—a kind of digital vault. There are two kinds of password managers: local and cloud-based. Local password managers Local password managers save your passwords in a local database on your own computer. Your information never leaves your computer, and you are responsible for backing up your database manually at regular intervals. The two big players in this category are KeePass and Password Safe. Both of these software packages are open-source and free. KeePass for Windows was audited by the European Commission's EU Free and Open Source Software Auditing project (EU-FOSSA) in 2016, and no critical vulnerabilities were found in it. This represents a good guarantee that the source code is free of any major flaws or “back doors”. Because both KeePass and Password Safe are open-source, there are dozens of clones and derived versions of them, for all platforms (Windows, Linux, iOS, Android). But you have to be careful, because these clones do not provide any guarantees against vulnerabilities. If you’re concerned about security, use only the official versions. Local Password Manager Price Platforms KeePass free Windows (Linux/OSX: use the KeePassX clone) Password Safe free Windows Cloud-based password managers Cloud-based password managers save your database of passwords in the cloud. They represent an interesting compromise, in terms of ease of use and security. If well implemented, cloud-based password managers are considered secure and offer some additional benefits: they support all browsers; they let you access your passwords on all your devices at any time; they let you share certain passwords with other users, such as your spouse or your children; they let you monitor attempts to access your account, define trusted devices, and so on; some of them let you define an emergency contact who will be able to access your password database if anything happens to you. Like all other cloud-based services, cloud-based password managers charge an annual fee (although LastPass does offer a worthwhile free version). Cloud-based Password Manager Price Allows two-factor authentication? Platforms LastPass free or $US 24 per year Yes Internet Explorer/Edge Mozilla Firefox Google Chrome Apple Safari Opera 1Password $US 35.88 per year No Chrome Firefox Safari Opera Dashlane $US 39.99 per year Yes Internet Explorer Chrome Firefox Safari Can the software provider (or a hacker) access my passwords? The provider cannot read your database, because it is encrypted with your master password. All of the encryption and decryption operations are performed locally on your own computer, and your master password is never transmitted to the provider in any way. If this complex technology is properly implemented in accordance with best practices, it is considered impossible for the provider or potential hackers to decrypt your passwords without your master password. Essential advice Choose a master password that is complex and unique. Try to have 15 characters or more, including letters, numbers, and special characters. This password is going to protect all your others, so you can’t afford to be lazy! One good method is to use the first letter of each word in a sentence that will be easy for you to remember. For example, you could set your master password as “ta12aitb, ok?” and remember it with the sentence “There are 12 apples in this bag, OK?” For more details on this method, I recommend anarticle by Bruce Schneier. You’ll have to remember your master password, because there is no way to recover it. Some cloud-based password managers may offer options to make it easier to recover, but these options are still limited, because the provider can’t decrypt your information and doesn’t know your master password. Activate two-factor authentication For cloud-based password managers, two-factor authentication involves associating your account with your smart phone or other smart device (there are other options as well). Once you activate two-factor authentication, you will be allowed to access your database only if you enter your master password AND you demonstrate that you have physical access to the smart device that you have associated with your account. Thus, even if your password is compromised (by a virus, for example), the attack will be blocked by a second factor. I think this is the best way to make your account secure with the least effort. By the way, that’s true not just for your cloud-based password manager but for all your other cloud-based accounts—Google, Apple, Facebook, Microsoft, Amazon, etc.!Cyber safety: do you know how to protect yourself from fraud?
You’re about to renovate your home. You’ve talked about the project with a contractor over several emails, and you’re anxious to get this thing off the ground. Soon enough, the contractor pops up in your inbox again, this time advising you that there’s been a cancelation and you can get started earlier than expected. As per your initial agreement, the service provider asks you to front a portion of the funds to procure supplies. You transfer the money as requested. Days go by and the contractor never shows. You contact the business and you’re totally flabbergasted by the response—the contractor’s email address had been hacked, it was a scam. This unfortunate event, which was widely covered in the media, is the true story of a woman living in Bristol, England. Every year, millions of people are scammed online in all kinds of ways, some of which are sophisticated enough to fool even the shrewdest among us. In many cases, banks and law enforcement find themselves unable to help victims get their money back. Beyond fiscal damages, there are health risks to consider as well, given that these crimes can trigger their fair share of anxiety and frustration. So it’s best to be careful when sending confidential information online, or when making any kind of financial transaction for that matter. Here are some quick tips that could end up saving you from a whole lot of fuss. Back to basics As a refresher, here are some basic rules to follow. Learn how to create secure passwords here. For your personal computer, it’s recommended that you install antivirus software and keep it updated. You can download antivirus software for free online. Don’t shy away from asking an expert to help you make the right decision for you. Also, make sure that you’re on a trusted site when you’re entering your personal information or making transfers online. Double-check the URL in the address bar to make sure that it’s legit. Ideally, you’d visit a trusted site by typing in the URL yourself or via your favourites, as opposed to clicking a link contained in your email or on a webpage. If you’re not sure whether a site or an email is the real deal, make a phone call to the person or organization you’re dealing with so you can have peace of mind. Remember—it’s relatively quick and easy for scammers to generate fake sites that are identical to their official versions. So stay on alert, and if you have any doubts, trust your gut and don’t go any further. Another item to check—make sure that the closed padlock icon (or the full key icon) is displayed next to the URL of the site you’re visiting so you know that the communication between the site and your browser is encrypted, and therefore secure (the URL will begin with https). Lastly, share your personal information (driver’s license number, birthday, and so on) only when absolutely necessary, especially over email and social media. Giving away this kind of info can make the work of scammers much easier later, when they use it for fraud or even identity theft. Regarding the latter, the consequences for the victim can be long and drawn out, including financial losses and a negatively effected credit report. Then there are all the corrective measures they’ll have to undertake with various institutions, and the stress associated with all that. Incidentally, the quizzes going around social media, which on the surface appear harmless, are an excellent means of collecting personal information if you’re a fraudster. Remember that financial institutions will never ask for your personal information via email. Lastly, it’s recommended that you be careful when using a public Wi-Fi connection. It’s easy for a hacker to create wireless access points to steal your personal information or infect your computer with a virus. Keep yourself cyber safe by only using trusted Wi-Fi connections that are password protected. When it’s too good to be true... One of the basic rules of the road when it comes to reducing your risk of being scammed is: when it seems too good to be true, get out! 419 scams are some of the most notorious scams on the web. Just take the Nigerian prince scam for example, where a prince offers to share a large inheritance with the victim in exchange for a few thousand dollars so he can flee the country. Don’t think anyone’s foolish enough to fall for it? Well they are. Every year, several variations on this scam cost web users around the world billions of dollars. There are even sites out there that catalogue some of the most infamous ones. When you’re offered a prize and you haven’t entered a contest, when someone wants to give you something for free or return an overpayment for an online purchase—watch out. If you think you’ve been the victim of fraud, please report the incident as soon as possible to the Canadian Anti-Fraud Centre (CAFC), even if that means swallowing your pride…Your mobile content is precious—protect it.
According to the2017 CEFRIO survey, 62% of adults in Québec own a smartphone. These devices we use to communicate, navigate, take photos, make financial transactions and even gather data on our health also tend to carry a ton of other valuable information, not to mention documents. That said, not only is it totally normal to want toprotect your device from physical damage, it’s become a downright necessity with all the sensitive information the thing contains. If your phone falls into the hands of someone who’s less than honest, you could fall prey to fraud or even identity theft. Here are some tips to protect the data on that precious phone of yours—share it with your parents, friends and workmates. Don’t make it simple for scammers When your phone is unlocked, most of your apps, photos and other personal data also become more easily accessible . . . and more easily shareable! That’s why it’s so strongly suggested that you keep your device on auto-lock. Selecta solid passwordfor added security. We know that you know that 1-1-1-1 and 1-2-3-4 are not exactly unhackable password choices… The auto-lock setting may annoy several amongst you given how common it is to check our phones several times over the course of a day. The fingerprint scanner and facial recognition options are slightly less annoying, but remember that their effectiveness varies with the device and technology you’re using. It’s also best to limit your app downloads to known ones that are available on Apple’s App Store, Amazon’s Appstore or Google Play. Apps coming from other sites are not regularly verified and are therefore more likely to come with viruses. Before you install any app, take a few minutes to make sure that it’s regularly updated and beware of ones with very few comments on the download page. Update your apps, close them when they’re not in use and delete any you’re no longer using. Finally, don’t forget to download and install software updates on your phone—it makes it harder for hackers to gain access to your device. Also, remember that hackers like to useBluetoothto pirate phones and access your personal information. So make sure you always turn Bluetooth off to make your device undetectable, unless you need to use it, of course! Refrain from activating Bluetooth in busy public spaces, which are common scenes of cybercrime. In general, it’s always good to exercise caution when connected to a public network whose security settings you can’t control. You have the right to privacy Would you let a stranger follow you wherever you go? That’s what ends up happening, though, when you don’t take the time to configure the location services on your smartphone. Only authorize access to your location for apps that absolutely require it. The same goes for access to your camera, microphone and contacts. Limit the damage when you lose your phone By the late 2000s,surveyswere already indicating that the majority of respondents would rather lose track of their wallet than their mobile device. Does the same go for you today? Losing a phone comes with all kind of fuss. The consequences become more dire if your phone falls into the hands of a dishonest person. Besides auto-locking your phone, it’s also recommended that you activate the option that allows you to erase your device’s content remotely. On iPhone, for example, youcan erase your deviceon iCloud.com if you activatedFind My iPhoneprior to the event. In the event your phone is stolen, this precaution will at least prevent the thief from accessing your personal data. Getting rid of your phone? Last July, a young Ontario woman who thought her iPhone was garbage-worthy traded it in for a new one in-store in exchange for a rebate of a mere few dollars. Her phone was refurbished and resold to a man living in Dubai. The young woman was unpleasantly surprised when the new owner contacted her to compliment her on her personal photos. Remember this story when you’re thinking of repairing, exchanging or selling your phone—back up your personal data and then erase it completely. Regularlybacking up your contentusing your computer or the cloud is a good reflex to develop. What to do when you become a victim of cybercrime Unfamiliar service charges on your monthly invoice? Seeing messages or emails that you didn’t send on your phone? You might be the target of cybercriminals. If, despite taking all the necessary precautions, you do fall prey to cybercrime, act fast. In such a case, or if your device is lost or stolen, inform your service provider immediately and contact theCanadian Anti-Fraud Centreif need be.Cryptojacking – When your computer mines cryptocurrency without your knowledge
In the past few months, we’ve seen a lot of news about cryptocurrency, including harried headlines about extreme fluctuations. All this can be attributed to an unending speculative bubble and possibly also the fear of government regulation. This partially explains why bitcoin’s value took such a spectacular plunge, falling from CA$25,000 to just over CA$10,000 between December 17 and today. Beyond the technical challenges that these headless currencies bring to the table, the fluctuations in exchange rate parity likely played a key role in the resurgence of attempted pirating, theft of digital wallets and personal data, and other fraudulent acts. If we’re to believe the predictions of certain industry leaders, more major heists could be coming. So far this year, we’ve already witnessed the record theft of $60 million in bitcoin from NiceHash, a violent attack on a British couple for their virtual wallet, and Coincheck reporting more stolen assets than MtGox did in 2014. Given that bitcoin could recover and hit $60,000 sometime this year, security has become a big issue for this type of investment and for cryptocoin mining as well. However, with a little common sense and caution, the risk is minimal. What is mining? Unlike the coins and banknotes we carry in our pockets, which are issued by central banks, cryptocurrencies are virtual. They can be transferred across the network and are secured by alphanumeric strings called “hash.” To create virtual currencies, protect them and keep them functional, the mining process uses software that connects computers to a mining pool, making it possible to leverage the power of several devices at the same time. The processors work 24/7 to keep the currency going. The transactions (blocks) are then correctly added and recorded on the blockchain, which is a public documentthat lists all transactions—and it’s also a real headache for financial institutions and governments. Miners contribute their computers’ processing power to the network and are paid in cryptocurrency. Day after day, these profits add to the amounts already in circulation. Mining is rarely done alone because it uses a lot of power and is not very profitable. Instead, pools or farms do most of the work. There is power in numbers, and in mining it increases both the processing power and speed (i.e. hash rate). More calculations = more blocks added = more profits. ¯\_(ツ)_/¯ When hackers target miners Clearly, mining isn’t totally safe and provides an opportunity to attack honest individuals whose computers are connected. In fact, it is becoming increasingly common for the CPU (processer) of a computer to be “taken hostage” so that it can be used for mining, without the computer’s owner even knowing about it. For instance, this can be done with Coinhive. This simple script discreetly mines Monero (one of the many forms of crypocurrencies out there). You’d never even know it was there. If your computer lags x 1000 and your electricity bill skyrockets, you might inadvertently be making cryptocurrency. And the worst part is that you won’t see any of the bitcoins that your computer is generating. According to a handful of experts, we can expect this CPU-borrowing trend to increase in 2018. After Youtube, The Pirate Bay and several government sites, we could even see a broader range of websites and platforms used for cryptocurrency mining. Currently, none of the available browsers offers protection against this type of activity, but there are solutions like No Script extension for Chrome, Firefox and Opera. You can also turn to traditional ad blocking services like 1Blocker, uBlock Origin and Adblock Plus. These can help relieve stress, since they minimize the chances that someone will get rich off your back. Helpful definitions courtesy of bitcoin.org: Hash: One of the essential components of BTC security is the SHA 256 hash function. It’s a mathematical function that uses a compilation of data (words, numbers, characters) to create a unique output value called a “hash.” Block chain: The block chain is apublic record of Bitcoin transactionsin chronological order. The block chain is shared between all Bitcoin users. It is used to verify the permanence of Bitcoin transactions and to preventdouble spending. Block: A block is arecord in the block chain that contains and confirms many waiting transactions. Roughly every 10 minutes, on average, a new block including transactions is appended to theblock chainthroughmining.Stay connected
Here are a few helpful articles during the confinement period. Helix, what does it offer exactly? Helix offers more than just entertainment. It adapts to your connected life to brighten it and make it easier in many ways, while allowing you to manage your services yourself. Discover everything Helix has to offer!... Helix offers more Wi-Fi calling, the perfect solution for flawless reception quality At a time where we’re spending a lot of time at home or where teleworking is starting to become the norm for companies and slowly winning over every generation, having impeccable mobile phone reception everywhere in your house is a necessity... The ideal solution Advice and Tips for Avoiding Internet Fraud In today’s environment, when most of us spend many hours on the computer for telework or entertainment, it’s important to remember best practices to avoid fraud and traps online... Advice and Tips Did you know that you’re in full control of your Videotron services? In the middle of this confinement period, where you have to stay at home as much as possible and limit non-essential travel, you have the ability to change or pay for Videotron services by yourself... How to be in control Tips for a Safe Return : Are you coming home from Florida, a trip down south or from studying abroad? We are with you as you are subject to the mandatory 14-day self-quarantine... How to adapt returning home from abroad Keeping busy to keep seeing the bright side : The COVID-19 pandemic that’s keeping use home is no reason to go around in circles... How to entertain yourself at home Teleworking : During this isolation period, the majority of employees who can still enjoy working are doing it from home – this is our case in the Videotron Web department. Some of us are available part time due to our family responsibilities, while others are giving more than they’ve got... Make the mostourof your workday from home. Rebooting your router When one or several of your devices is lagging, a simple device reboot, starting with your router, can help solve most problems... 5 solutions to enjoy the best home Internet speeds. Phishing attempts on the rise : The Canadian Centre for Cyber Security has unfortunately noticed an increase in phishing campaigns regarding the COVID-19 among businesses and individuals (our customers)... Vidéotron remains on alert and has taken action to stop these campaigns. Changing TV Channels 101 Say goodbye to the same old routine! Did you know that you can switch the channels in your cable TV plan whenever you’re craving something new?... Modify your channels directly on your TV in a few steps. Messaging apps: Messaging apps are incredibly popular. In fact, WhatsApp, Skype, Messenger and the like have been downloaded billions of times... What are thedifferencesand which is best for you? Audio app : While the status of traditional on-air radio is increasingly precarious, each day brings new applications and other online platforms designed for sharing audio content... Everything you need to know to listen to what you want. Kids & Screens: That’s what most of us say when we don’t want our kids to use our mobile devices... A few pointers to ensure kids use screens responsibly. Mobile phone during the pandemic : We’re all confined during the COVID-19 pandemic, your already useful phone is proving to be a valuable tool to keep you informed and connected to your work, family and friends... Make time fly, without going over your data Videotron is committed to supporting you every day and simplifying your life during these unprecedented times. Learn more.Phishing attempts on the rise
The Canadian Centre for Cyber Security has unfortunately noticed an increase in phishing campaigns regarding the COVID-19 among businesses and individuals (our customers). The Canadian government remains on alert and has taken action to stop these campaigns. At Videotron, we are monitoring the situation closely and we remain vigilant to protect our employees and our customers. Here is a reminder of good practices to recognize phishing attacks: Do not respond to emails requesting urgent or immediate action and announcing an imminent consequence, do not follow the links provided, do not open an attachment and do not provide any personal information. Even if you know the company that purportedly sent the email, avoid clicking any links. Instead, enter the official Web address in your Web browser or check the hyperlink in the suspicious email by hovering over the link to verify the address. Check the quality of the writing: Phishing emails often contain spelling mistakes. Update your software, especially Adobe Flash Player, Adobe Reader, your antivirus software and operating system. Before making an online transaction, always check the reliability of the company’s website. Also, know that Videotron would never send its customers: A link to a website asking to give information such as customer number, password and other personal information, both by email and by text message; A redirect link to an external site (which is not a Videotron site). For further information, consult the page related to the subject on our site by clicking here. Thank you for your collaborationCloud accounts, a user’s manual
Personal devices are evolving so fast, it’s enough to make you dizzy. But getting a new product doesn’t necessarily mean having to learn everything all over again. Written by Michel Baril, your Pro. Cloud solutions are a great example. You’ve probably already heard that they can help you make better use of your devices. That’s true, but many people still aren’t clear on how they work and, more concretely, how can they help. Here’s some handy information to help you understand what cloud services are all about. 1. Your cloud is yours only! The first thing you need to know is that when you use a cloud service, the only person who can access your data is you. It’s important to let that sink in. A lot of people are afraid that once their information is sent to the cloud, it will be accessible to everyone on the Internet. But the fact is that no one knows your password but you—not even the cloud service provider’s staff! So don’t forget this important nugget of information: you are the only person who can access your information. 2. What exactly is the cloud? In the IT field, the term “cloud” refers to storage space reserved just for you. Think of it as a bank account for saving your information. To access it, you need a device (computer, tablet, smartphone, etc.) and an Internet connection. Most cloud services require an email address (to use as your ID) and a password. To understand how the cloud system works, let’s go back to our banking analogy. When you want to access your bank account, you need a debit card (which is like a user name) and a PIN number (which is like a password). 3. What is the cloud used for? The cloud’s main function is to make a copy of your information so that nothing is lost if your device is misplaced or stolen. Services like AppleiCloudor Google Drive have features that enable automatic backups. In fact, whenever your device is connected to Wi-Fi, its contacts, photos, notes, reminders, appointments, search history and more are all saved in this virtual storage space. That way, even if you lose your device, you can still access most of your personal information via websites like icloud.com or google.com/drive. 4. How does syncing work? To get a better understanding of what we mean by “syncing devices,” let’s imagine that phones, tablets and computers are all ways of accessing the Internet and your accounts, much like an ATM at the bank. No matter where you go, you still have access to the same amount of money. The same is true with the cloud! Syncing your devices allows you to access the same contacts, photos and other data on all your devices. This means that if you make a change on one device, it will be automatically applied to all the others and saved in the cloud. Did you buy a new phone? Simply connect your new device to your cloud account and all your information will be available to you. How do you know if these features are enabled? Open the settings on your various devices and go through the backup options.Beware of Ransomware
By Marc-André Gagnon, information security specialist. How much would you be willing to pay to recover your term paper? Your family photos and videos? Your business documents? Those are the questions you’ll have to answer if you fall victim to ransomware, a type of computer virus that is striking more than ever before. Ransomware uses industry best practices to block access to your data by encrypting it. That means you can’t access your files without decrypting them—and you’ll need a decryption key to do it. The creator of the virus may (or may not) provide you with the decryption key in exchange for a ransom, which is usually paid using virtual money (i.e., Bitcoin). In dollars, you can expect to pay anywhere from $500 to $1,000 for a typical ransom. Ransoms charged to businesses are much higher, reaching $10,000 or more. You usually have 24 to 72 hours to pay, and the ransom amount may increase as time passes. It’s easy to see how this kind of extortion is very lucrative for fraudsters. Figure 1 - Ransom message used in the WannaCry attack Don’t let your guard down Like with any virus, there are lots of ways your computer can become infected with ransomware, including: Email containing an infected attachment or link Software downloaded from a non-official site (e.g., BitTorrent) Legitimate websites that are temporarily compromised may prompt you to download malware (e.g., a fake Adobe Flash update) Being on the same network as an infected computer, especially if your device doesn’t have the latest updates Malicious apps downloaded from Google Play Store or Apple App Store Windows and Android platforms are targeted most often, though there are some variants for Apple OSX and iOS. What does this mean for you? Remaining vigilant is essential, as is having an enabled, up-to-date virus checker. There are no more excuses, especially since Microsoft offers Windows Defender for free. What to do if you get infected Before you do anything else, disconnect your USB key, hard drive and network cables, and turn off your WiFi. The idea is to prevent the ransomware from encrypting the data on your synched drives (Google Drive, OneDrive, iCloud, Dropbox, etc.), peripheral devices and other devices on your network. If you have a corporate workstation, or if you are simply at the office, let the tech support team know right away. Encrypting information takes time, so if you have just been infected, you may be able to limit the damage by shutting down your computer. Do not pay the ransom. There’s no guarantee that you will get your data back. Don’t forget that you’re dealing with a dishonest fraudster, so don’t expect great after-sales service! In fact, some types of ransomware don’t even allow decryption after payment. They’re bluffing! If you can, bring your computer to a repair centre to see if some files can be recovered. Some ransomware is worse than others. At the end of the day, the only 100% viable strategy is to reinstall and restore your backed-up data. You have backed up your files, haven’t you?
