2396418896_51925d92be_b

Defense Against The Dark Arts (Of Data Theft): Two-Factor Authentication

With many high profile digital security breaches in the news lately such as Target’s credit card snafu and the hacking of Snapchat, accessing anything on the internet can seem like a perilous activity. Fortunately, there is a simple step (or two) that you can take to immediately and drastically decrease your chances of having data compromised. It’s called Two-Factor Authentication, and it’s already been adopted as a standard security measure. By learning about and utilizing Two-Factor Authentication (hereafter abbreviated “2FA”), you will add a layer of security to your online activity that is nearly impossible to circumvent.

You actually already use 2FA whenever you make a transaction at an ATM. You prove your identity to the ATM by inserting your debit card (the first factor), and then entering a PIN. If one of these two factors is missing, the ATM will not allow access to your account. 2FA on the Internet works in much the same way. You’re already familiar with logging into your accounts with a username and password, but with 2FA, there is an additional code you must enter after you authenticate with your password. The code is generated in one of two ways. You can run an app on your smartphone such as Google Authenticator or Authy which provide a new code for each of your accounts every 30 seconds. If you don’t want to use a third party app, many accounts can have a code sent via SMS to your cell phone (you don’t even need a smartphone for this). So as long as you have your phone with you, you’ll be able to access your account, and anyone who does not have access to your phone will be prevented even if they know your username and password.

Now you may ask: What happens if I lose my phone, it breaks, or it becomes stolen? Well, when you set up 2FA, you’ll be asked to write down one or more backup codes. The backup codes should be kept in a safe place like your sock drawer. They will work should you need to log into your account without having access to your phone.

How do I set up 2FA and which accounts should I use it with? Many accounts now support some form of 2FA, including, most Banking & Investment accounts, GMail, Yahoo, Facebook, Twitter, Evernote, LinkedIn, eBay, Dropbox, Apple, and WordPress just to name a few. If you’re not sure if a service has 2FA, go into your account settings and look under the Security section, you may be surprised how many services have added this protection.

Many people find this extra layer of security to be a major hassle. I will admit that looking at my phone and entering a 6-digit code every time I want to log into Gmail or Twitter can be annoying. Most services allow you to whitelist a trusted device for a predetermined amount of time so that you don’t have to keep entering the codes on that device. Additionally, I would argue that the aggravation of having to enter an extra authentication code for each log in pales in comparison to the aggravation of having your bank account or credit card compromised. So until one-swipe fingerprint logins are a reality, I’ll stick with 2FA for every account that supports it.

 

mintcom

Mint.com – Complete Personal Finance Solution

I used to keep track of my personal finances in spreadsheets, by logging into my Bank’s website to check balances and transactions. If I had the patience, I would export bank records as a CSV file and import them into my financial spreadsheet for tracking and analysis. This worked OK when I had one bank account but the exporting and importing always took a lot of time and because of that I rarely kept up with it. I didn’t have an accurate picture of where my money was going and I was overspending left and right. Over the years I collected a few more banking and credit accounts and realized that logging into multiple accounts to check balances on a daily or even weekly basis was a tremendous waste of time.

mintchart

I learned about Mint.com, which claimed to offer a solution, and signed up for an account. After creating an account, Mint asks you to set up access to all of the accounts you can access online. You’ll log into each of these services once through Mint and then they’ll be saved so you don’t have to log in again. Mint then pulls read-only transaction data from all your accounts, organizes them into categories, and performs analysis for you. You’ll get a breakdown of your assets and liabilities, income and expenses in simplest terms, with all the bells and whistles for in-depth analysis if that’s your thing. Information can be read in a table of transactions or displayed in graphs and charts for easy interpretation. You can search for transactions across all of your accounts. A very useful feature if you frequently use more than one account.

banklist

Mint supports every large banking institution and almost all small private banks (all of the local banks in my local area are supported). This means you can still use Mint with your hometown local bank (which I highly recommend anyway). You can add your credit card accounts, paypal, home mortgage, car loan, student loans, and other debts. Mint also supports most retirement accounts such as 401K’s and IRA’s so you can keep track of your long-term investments and their yields. Incorporating all of these accounts will really give you the full picture of your financial situation and will force you to re-prioritize your financial strategy to stay on track and get rid of debt. Since you’re getting a list of all your transactions across all accounts, Mint is also an ideal method for detecting fraudulent transactions. When I first signed up, one of the first things I saw was that I had been paying for renter’s insurance for 4 months after having bought a house. I contacted the company and they gave me a full refund (since I also had my homeowner’s policy with them). Without Mint this would likely have gone unnoticed.

Mint is a completely free service. When you log in you’ll see suggestions on how you can save money, usually advertisements for rewards credit cards or investment products. Mint makes money from these companies through referrals. For a detailed explanation of what Mint will and won’t do with your information check out this page. I find their information security policies and website encryption to be on par with those of major banks. Keep in mind that since Mint collects read-only data, if someone were to obtain your Mint account information, the most they could do is your balances. Your money would still be safe. Mint also allows you to view all of the devices that access your account to make sure there is no unauthorized access.

mintcategories

My favorite feature of Mint is the automatic sorting of transactions into categories. Any time you make purchases with a credit or debit card, Mint will automatically categorize the purchase based on the vendor information. This can always be changed by the user, so if you disagree with Mint’s assessment, you can re-categorize the transaction. Forexample, Mint mistakenly categorized my bar tab at “Hair of The Dog” in Manhattan as a “Pets” expense. For transactions such as cash withdrawals or transfers, you can enter your own category or note about the transaction. These categories are helpful because they allow you to see where your money is going and to make adjustments to your budgets where needed. Importantly, Mint also allows you to manually enter transactions and accounts that you can’t access online. Do you keep cash in your mattress? Does your friend owe you $50 for concert tickets? Keep track of it all on Mint. You can create budgets for certain transaction categories (Entertainment for example) and have Mint notify you via email when your remaining budget is getting low. A goal setting feature helps you save for a long term goal  such as a house, car, retirement, or dream vacation. Mint has apps for iOS and Android devices so you can get your financial information quickly, anywhere in the world. And if you’re one of those people who don’t trust the cloud, you can download your transaction data from all of your accounts in a single CSV file from Mint’s website.

Keep in mind that Mint is meant for personal, not business finance. I will be writing another review of a similar service geared specifically toward small businesses in the coming weeks. Until then, sign up for Mint and give it a try with your personal accounts. You will be surprised with how helpful the results are.

Evernote – My Favorite App!

evernote

If you aren’t using Evernote, you really must give it a try. I signed up for an account in 2010 but used it maybe once or twice until just recently. In the last couple of weeks it has revolutionized my productivity (and is mostly responsible for me finally getting this website together). The purpose of this application is to help you organize and document anything in your life that needs organization or documentation. Wow, that’s broad. Specifically it allows you to create and keep track of notes. OK, you say, big deal, I can do that with any number of different apps or opt to be old school and write things down in a Moleskine.

moleskine

Hang on, I swear, there’s so much more! Let’s say you’re in the car and cant write/type. Evernote can record spoken notes with built-in text to speech technology, on any of your devices. Not sold yet? You can also attach files of any kind to your notes, take picture notes in the app, or even use a Google Chrome extension called Evernote Web Clipper to clip parts of websites and turn them into notes. Did I mention that all of these notes are searchable and that you can add custom tags to find things even easier? Also, when you take a picture of something with text printed on it, Evernote actually recognizes the text and all the words  in the picture become searchable. You can also geo-tag notes and view a map of where they were created.

Evernote is cloud-based which means that all of your notes are stored on a server and accessible everywhere. You can also save items offline for when you don’t have an internet connection (but your edits won’t update on the server until you reconnect). You can share notes with other people through Email, Facebook, Twitter, LinkedIn, and by publishing directly to the web with two clicks. The note editor itself is basically the same as a Word Processor such as Microsoft Word and allows you a large degree of control over formatting. You can easily write papers or compose other projects in Evernote with the added advantage of being able to access the project from anywhere and being able to add content whenever an idea strikes you. One feature I find myself using all the time are the check boxes that you can add to your note with a single click. The types of people I see benefiting the most from using Evernote are students (I WISH I had this when I was in College), scientists/professors, engineers, and entrepreneurs. This will really improve your productivity because there’s no social media aspect to distract you. Just using it has significantly stimulated my creativity and allowed me to compartmentalize and keep track of concurrent ideas.

Here is a brief list of ideas and suggestions for how Evernote might be of use to you:

  • Artists: Snap picture notes of inspirational material or experiences for later use.
  • Engineers: Add your CAD drawings to notes and send to colleagues for feedback or collaboration.
  • Entrepreneurs: Organize your ventures into different notebooks and keep to-do lists. Take picture notes of business cards or people for networking. Take pictures of all your receipts and tag them according to business name for when tax time rolls around. Show the capabilities of Evernote to potential business partners to impress them with your knowledge of technology.
  • Geologists: Take a picture of the outcrop or your paper notebook and add speech to text notes. Have the outcrop location recorded and mapped automatically. Make a new note at each outcrop and tag them all with the same project or trip name for easy organization.
  • Musicians: Record with the sound recorder and write down lyric ideas on the same note.
  • Students: Write all your papers in Evernote and keep them offline as well. Send someone the paper for quick feedback with a few clicks. Record a professor giving a lecture and have it turned automatically into text (not sure what the limitations on this would be I’ll have to test it). Take picture notes of entire pages in books for use in a paper or research. Take picture notes in a museum, add a recording of the curator’s lecture for extra credit :)
  • Travelers: Geo-tag your notes so you can relive your trip when you get home.

Back-up your data!

deaddrives1The term “Data Backup” can be daunting to folks who are not entirely comfortable with computers in the first place. A good way to conceptualize this idea is as a separation between your computing device (laptop, desktop, tablet) and your work (or data). At any given moment we should be comfortable with the possibility of the complete loss of our computing device through theft, natural disaster (Hurricane Sandy anyone?), damage, hardware failure, or other random misfortune. I say comfortable, not happy, because the loss of these devices will cost us hundreds, sometimes thousands of dollars, which will most assuredly not make us “happy”. We should be comfortable though, because our data will be backed up in other, secure locations and accessible to us at all times. Here’s how:

There are two main types of data that I see clients collect. The first includes text documents, PDFs, bills, statements, contact lists, and any other file in which the primary information is text. I like to refer to this type of data as “Digital Paperwork” because all of these things were once on paper and have now been completely moved to computers. Digital Paperwork for most people will not exceed 1GB (Gigabyte) in total size. The second type of data includes photos, videos, music, and other types of creative/business files which I’ll call “Large File Data”. This could be your family videos and pictures (which, if not yet digitized, should be as soon as possible), your business databases, or other files such as large 2D/3D designs, GIS data & maps, slideshows & presentations, and disk image files (the largest of all). I’ve had clients with well over 1TB (1,024 Gigabytes) of personal photos, videos, and music alone. The strategy you use to back up your data will depend on several factors: size, type of data, back-up budget, and the amount of time you’re willing to spend.

dropbox

For data in the <1GB range (typically Digital Paperwork), the three best options for backup are (in order of personal preference) Dropbox, Google Drive, and Box. Dropbox will give you 2GB of storage for free, with the ability to earn more free storage for referrals or very simple tasks (I’m up to 16GB on my account and I pay nothing, which is why I prefer Dropbox). Google Drive and Box both give you 5GB free storage and at the moment there is no way to increase that amount without paying extra. Even though I say these are good backup options, these services are much more useful than merely as data backup. I will go into the other features of these services in future posts, but for now I’ll explain the general idea behind them.

Once you sign up for an account you’ll be asked to download and install the client application (same process for all three services). Once you do this and follow the configuration directions (which are extremely straightforward and easy to follow) you will end up with a new folder on your computer called “Dropbox” or “Google Drive” or “Box”. In addition, there will be an icon on the top status bar of Macs and on the bottom Quick Launch bar of PCs that will allow you to access program settings and the folder where your files are kept. All three programs also have versions of apps for iOS devices (iPhone, iPad, iPod touch), Android Devices, and Windows Phone Devices so that you can access your files anywhere on the go.

Now, simply move all of your important Digital Paperwork into the newly created folder and your files will automatically be securely encrypted, and then uploaded to a server. The files now exist simultaneously on your computer’s hard drive as well as the company’s server. In the event that your computer is physically destroyed or otherwise made unavailable, you can access your files from any device with an internet connection. In the event that you lose your connection or the company’s server is down, you still have all of the files on your computer. If both of those situations occur at once, well, you’re out of luck. Unless of course you’ve been keeping copies of your files in both a Dropbox and a Google Drive folder at the same time. Now both companies’ servers would need to be offline, and your computer would need to be unavailable for your files to be inaccessible. Keeping your files in two backup folders of course requires some housekeeping (manually copying the files over from one to the other every so often).

crashplan

For “Large File Data”, the above services are not the best choices. Dropbox will charge you $499 per year to back up only 500GB of data. This is just not cost effective. Using a service like Dropbox will also only back up items that are in the Dropbox folder so if you forget to put something important in there and your computer crashes, you are out of luck. A much better option for huge amounts of data is an online backup service like Crashplan. For a fee (sometimes as low as a few dollars per month) you can subscribe to an online backup service which will automatically upload and back up any folders that you select on your computer. The program will run in the background constantly or at specified times and upload your data a little bit at a time, running periodic checks to see if your data has changed at all (requiring the new data to be backed up). The software usually also supports local backups to an external or secondary hard drive which is nice because then your data exists in three places, gets synchronized automatically, and is accessible even without an Internet connection.

crashplanproeA third option suitable for either type of data is external portable storage such as an external hard drive or small USB flash drive. The main reason I don’t like this solution is because you still need to either remember to back things up manually, or use a software solution to do it automatically. On the other hand, devices like external hard drives and USB flash drives are extremely useful for transferring large amounts of data, and it’s a good idea to have one on hand for temporary backup purposes or for moving lots of data. If you want some suggestions on what to buy, stay tuned for my hardware recommendations page which is coming soon! Even if you back up onto external storage, there is still a risk of the backup device failing or being stolen or destroyed along with your computer. Another option I havent mentioned yet is enterprise level hardware-level backups (otherwise known as RAID, or Redundant Array Internal Disks). This can work in conjunction with a service such as Crashplan mentioned above. Systems like this are expensive and most useful for users that require extreme speed as well as redundancy in their backups and isn’t typically the best choice for an individual or small business (unless the business works with large files regularly). With the incredible bandwidth of most Internet connections these days, it makes all the sense in the world to involve one or more of the cloud-based storage backup solutions mentioned above in your data protection plan. If you’re interested in learning more or need help implementing a data protection solution, please contact me!