It's that time of year again! And I'm here again with another tech support article. Last year, my parent's car busted a serpentine belt. This year I made sure the belt doesn't freeze by taking the car out more. I'm also growing a beard, so the beard trimmer can have the winter off. And my old college laptop's still kickin' after that keyboard replacement. In fact, I got it to run a working Hackintosh VM which I used to bypass an iPad I found in the trash bin.
This year was a different kind of roller coaster ride. This time, it's in the online security realm. From scammers, to dubious actors, and everything in between, I got caught up in some of the craziest situations I never imagined myself be in the middle of. That led me to compile a few easy-to-do "first-aid" things-to-do when you get yourself into weird online scenarios.
First tip would be to use better passwords. Using the same weak passwords on multiple accounts for long periods will increase the chance that your passwords will end up in a breached dataset for bad actors to crack easily and/or sell for a lot of money. I know it's such a pain to update all your passwords, but I follow a simple set of rules to keep myself sane when it comes to passwords: 1) use high-entropy passwords, 2) never reuse passwords, 3) change passwords regularly, and 4) use a good password manager.
The next is to enable multi-factor authentication (MFA) on all accounts that are capable. The minimum you should use is a time-based one-time password (TOTP). It's a second, time-limited password that only you can generate (assuming you did not share the secret key). And the nice thing about TOTP over other forms of MFA is that you just need a smartphone with an authenticator app installed (e.g. Google Authenticator). Setup usually only requires having the authenticator app scan a QR code when enabling MFA. No fancy dongles to plug, no additional software to install, and no internet required for the authenticator device.
Another good piece of advice is to regularly close down online accounts that you no longer use. And if the service follows General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA), they'll usually expose a portal for users to delete their data, even if the user isn't from the EU or California. While it's usually fine to keep unused online accounts around in case you ever need them again, having your information on an unused account sitting on some server that could be a target of a data breach doesn't sound like a good idea to me.
And the last tip, and possibly the most important, is to train everyone in your family about the hazards of being online. Because you see, the weakest link when it comes to online security isn't a weak password, or not having MFA enabled, or having an online account to begin with. The weakest link is the account owners themselves unknowingly disclosing personal information. Social engineering, specifically phishing, is still the easiest way to get information, money, and/or access. It will be a hard conversation, especially when you have family members who fail to see the value of their personal information and/or adamantly refuse to believe they can fall victim.
There are a lot more things to know, entire courses even, on how to stay safe online. I've just listed down a few common and easy-to-do ones. They're all not perfect by any means (e.g. passwords and MFA codes can be phished, security question answers can be infered from data gathered from social media, online services can retain historical data after closing acounts) but can be avoided when complemented by other best practices.
That's this year's issue of "Yet Another Tech Support Holiday". If you have any more to add, I suggest you write about it and share that knowledge too!
PS: Back in the early years of social media, there used to be apps that simulated "slam books". These apps would have the user answer 10-20 seemingly random questions, usually questions about the user. The app would then post the answers on the user's feed, and encourage their friends to do the same. I remember avoiding these apps specifically because the questions eerily sounded like security questions - questions that are asked for things like regaining access to online accounts when you forget your password, or that additional question during login.