Make a Diff 12/13
Slide 3 - Intro - Definitions
Slide 4 - Why? Consequences of Bad Online Privacy - Examples
- List of Websites that Have Been Hacked & How
- Rise in Journalists Hacking Attempts
- Doxing Definition
- Example of Property Theft/Blackmail - Darkode
- Example of Impersonation of An Account with 2FA
- Example of Information Gathered in NSA hacks
- Example of Extortion
Slide 6 - Basics
- DHS on Talking to Family
- DHS on Talking to Older Americans
- Last Pass - "How to Improve Cyber Security Awareness in your Family"
- Take their phones --> Preferences --> General --> Security, set App specific guidelines
Slide 7 - Passwords
- xkcd on password strength - choose random words! (or have manager choose for you
- Make your password long! Good Thread on Cracking 8-Char Passwords
- Don't use same password across multiple sites
- LastPass Free! More complicated :(
- 1Password Less complicated! Not free :(
- Am I An Idiot for Still Using A Password Manager?
- Five Best Password Managers
- Always use it when available.
- Always use an authenticator over SMS when available.
How to Get Gmail or Google Inbox 2FA
- Use gmail or google inbox? (yay!)
- Go to https://myaccount.google.com/…/signin…/two-step-verification
- Turn on authenticator app and follow the instructions
- If you already had 2FA for your phone, change it to authenticator app!
- Select revoke all trusted devices at the bottom. You'll have to reauth on your phone, other devices you use with your new 2FA.
- See Password Managers For Begineers
- See LastPass for Begineers
Why not use SMS for 2FA?
- NIST (National Institute of Standards and Technology) no longer recommends it. For a complete list of recommendations: https://github.com/usnistgov/800-63-3
- It's pretty easy to swap a SIM (the core of your phone that proves your phone is yours). If someone goes to a phone shop as you they can get the shop to issue a new SIM encoded with your phone number.
- End of SMS-based-2-FA
Slide 8 - Social Engineering
- Social Engineering: Attack vector relying heavily on human interaction and often involves tricking people into breaking normal security procedures.
- Phishing: Popular form of social engineering where a hacker sends you a professionally or cleverly designed email pretending to be a website, service, or family member, including a website link for you to follow.
- Do Not Track (Movie)
- HTTPSEverywhere - Chrome extension by the Tor Project (Open Source)
- Example of Phishing for Passwords - Podesta
- Podesta Cont.
Slide 9 - Data
Slide 10 - Stretch Goals
- Tor Project
- Why You Should Start Using a VPN (and How to Choose the Best One for Your Needs)
- Tails OS
Slide 11 - Reality
- Make a plan
- Make it easy
- Make it fun
- No condesending
- Start small
- Spend money
- Normalize it