Online security tools: The holiday gift that shows you really care
- 05 December, 2018 23:00
In an era of conspicuous consumption, many folks have shifted from material gifts to offering experiences or digital goods. Here’s a digital gift suggestion: Give the gift of security. With free and inexpensive options that pay huge dividends to the recipient, you can be the savviest and most beloved person in the house.
Why give the gift of security? If a friend or relative uses two-factor authentication and a password manager, they dramatically reduce the odds of a hack or breach. Signing up for password-breach notifications and using password management lets them quickly change secrets for exposed accounts. In all, it can save your friends and family from a lot of grief from what seems like an inevitability these days.
Give a password management app or subscription
Database breaches of user accounts come at a terrifying pace these days. Billions of accounts across hundreds of major services have had their information leaked. Weak passwords and weak storage of password at those services have allowed malicious parties to crack them open, leading to a person’s account and password at one service used to break into accounts elsewhere.
The best current password advice is to create a unique, long password for every site and service you use, and rely on a password-management app to generate, store, and fill them in for you.
The best of these systems live in an ecosystem with native apps for mobile and desktop devices and a web app for access away from that hardware. I’ve used and recommended 1Password, and many clever people I know swear by LastPass.
Between browser plug-ins in macOS and the new iOS 12 support for third-party password management directly in apps and Safari, your friends and family can generate new passwords and fill them in while rarely even needing to learn the complexity of the main apps if they choose not to.
Both products offer free trials, and LastPass has a free tier with minimal but useful features that includes native apps.
However, the sweetest deal for families are the aptly named family plans that both services offer. LastPass offers a 6-user family plan for $4 a month and 1Password’s deal is 5 users for $5 a month plus $1 a month for additional family members. (Plans are billed annually.) This includes some central management features, as well as password sharing among members.
Your ongoing support costs: You may have to talk people through some tasks to get them up to speed.
Bonus gift: Tell your recipient they can also call or email you if they get a suspicious message, especially if it claims to have recorded them privately via their computer’s camera—and that they’d stolen their password. A spate of these scams appeared recently and used old passwords from long-ago breaches to scare people into thinking they were legit.
Add a second factor to complement a password
Password breaches are made worse by accounts protected only by a password. Many sites and companies, from Apple to Zendesk, let you layer a second element to block logins from people who only have your password. That extra element is typically a code delivered to something you have in your possession, like a text message to a phone or via an app installed on a device.
This “second-factor” authentication was once the province of corporations, and is now available widely for average people from major consumer services. It’s a great bulwark against account hijacking.
However, it can be tricky to set up and use for someone who hasn’t before. That’s partly because there are many differences among two-factor systems, which adds a learning curve. People can be locked out of their accounts, too, if they don’t set up a two-factor login correctly or if they lose some recovery information provided at setup.
A great gift is to walk through friends and family in setting up two-factor authentication on all the services they use, pairing that with a password manager to store information about the account setup, including recovery codes or one-time use codes used to regain access if the second factor stops working. (That’s rare, but it can be reset.)
I also heavily recommend using Authy to manage authenticator codes that can be generated via an app. While Google pioneered this with its free Authenticator app, Authy is far easier to use and manage; lets you create secure backups; and can securely sync across multiple devices and platforms. It’s a perfect complement to 1Password or LassPass, and simplifies logins. (Authy is free to end users, and the product makes its money providing services to developers.)
iOS 12 and macoS 10.14 Mojave dramatically improved filling in text-based codes, too.
Some services, like Facebook and Google, let their smartphone apps act as a second factor, too, so you don’t have to install any extra software or receive a text to confirm a login.
Your ongoing support costs: You’ll probably have to explain this a few times to people you get set up, and potentially help them recover accounts from which they’re locked out from time to time, if they can’t figure out how to enter the second factor.
Sign them up for account breach notifications
A very generous Australian security expert, Troy Hunt, operates a free service called “Have I Been Pwned?”, which riffs on hacker speak: Pwned is when your device or account has been taken over. The service tracks database breaches that become available to hackers or are posted generally on the Internet.
It doesn’t store stolen passwords or try to determine them, but you can visit the site, enter your email address, and see if it appears in any breach that’s occurred to date among billions of exposed records.
You can also sign up for notifications of new breaches, and that’s a free gift you can offer to friends and family. Sign them up with their permission, and explain to them what to do if they get an email warning of a breach. You can also work with them to look at the list of services in which their email is already exposed to change the passwords using 1Password or LastPass for all those accounts.
Your ongoing support costs: Reassuring friends and families that they’re safe when they get an email.
Install free or paid anti-malware software
I had mixed feelings about anti-malware software until my intelligent then-10-year-old clicked a notification that said Flash on his computer was out of date and installed a virus. (We’d accidentally left Parental Controls disabled.)
We had a talk about trusting random messages, but we also installed the excellent and free Avast software, which I also recommended in a recent Macworld anti-malware software round-up as the best free option. It quickly removed the offending items and now protects our two children’s computers.
It’s easy to install on friends and relatives’ machines, and requires no ongoing maintenance or fees. This is especially useful at blocking malicious attempts, more than detecting unknown viruses.
For a step up, I recommend Sophos Home Premium, our top anti-malware software pick, because it has active anti-ransomware monitoring. Ransomware encrypts users’ files and demands a ransom paid in Bitcoin to unlock them.
A few mild ransomware exploits have affected Mac users through hijacked software downloads, but it’s an active and enormous threat to Windows users. More naive users, like my younger child, might also go through the steps to install ransomware masquerading as something else, including entering a password for the installation, that would bypass the normal protections Apple has in macOS.
Sophos is $35 a year (currently a sale) and protects up to 10 computers in a family grouping. It also offers central management and control.
Your ongoing support costs: You will almost certainly get calls about pop-up messages and warnings from the software.
Other security gifts, free or inexpensive
While the big worries are handled above, there are a few quick hits you can also give or give instead to help out those you love:
- Help them set up online backups at a service with strong security (starts at $5 a month). With CrashPlan out of the home-backup market, Backblaze is the best, most affordable, and more securely operated choice for Mac users. It’s $5 a month, $50 a year, or $95 for two years for unlimited file storage.
- Turn on FileVault on their Macs (free). This feature encrypts the entire contents of a Mac startup volume at rest without slowing things down, and makes a disk drive so much garbage if a computer is stolen while shut down. However, when setting it up, macOS generates a recovery key in the event a password is forgotten. Help make sure that recovery key is written down and stored—you may want to keep a copy if you have that kind of trust relationship.
- Set up a VPN account (about $3 to $7 a month). A VPN encrypts all data entering and leaving a device, particularly useful for insecure networks, like at libraries and coffeeshops. Your relatives and friends may know some of their data is at risk on these open Wi-Fi networks, but not what to do. You can pick among VPN services we recommended earlier this year in our Apple-device-friendly VPN round-up. Some come with monthly bandwidth limits, while others allow unlimited data. A single subscription usually works across all of someone’s devices. They’re easy to install and can be set up to activate automatically on unknown networks.
Finally, if all else fails with them securing their data, your dear compadres and relatives could benefit from a credit freeze, which helps prevent identity thieves from opening credit cards and taking out loans using stolen personal data. A new U.S. law went into effect in mid-2018 that requires the three major American credit bureaus to offer free credit freezes, which prevent banks and others from pulling a credit report. These freezes can be turned off when your loved one has an actual need to obtain credit, and then back on afterwards.