Here are 5 things you should know.
1. Enabling “2-Factor Authentication” is literally your best defense against hackers and bots.
If you are not using 2FA for critical accounts, then it will only be a matter of time until your account is compromised. In a somewhat recent study by Google, they found that accounts using some kind of Authenticator app (like Duo, Google Authenticator, etc…) “helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.”
How are your accounts stolen?
Within days of Disney+ launching, “thousands of the streaming service accounts were already up for sale on various hacking forums” [source]. This wasn’t because the platform was hacked, the accounts were compromised because people reused their username/password from other accounts that have had a data breach across multiple accounts. This is called credential stuffing, which is the process where ” You just take a set of user names and passwords that have leaked in previous breaches, throw them at a given service, and see which ones stick.” In fact, there have been so many data breaches that there is now a resource floating around the darknet called “Collection 1” which contains 773 million leaked user account records [source]. There is a good chance that one or more of your accounts are on that list, and it is only a matter of time before someone tries logging into one of your accounts. (You can check to see if your account is in one of these breaches by visiting the website havibeenpwned.)
But credential stuffing isn’t the only way that you might have a breached account, if you handle any kind of sensitive information personally or for work, then you are likely going to be the target of phishing or spear-phishing attacks (if you have not already been). According to recent 2019 stats, “76% of businesses reported being a victim of a phishing attack in the last year,” and “30% of phishing messages get opened by targeted users” which means that if your account was not caught up in a large data breach, there is a real possibility that your account may be stolen directly by an adversary [source]
What is 2FA?
Two-factor authentication (2FA) is a really simple concept: you have to provide two different ‘tokens’ from different bands to prove that you are who you say you are. This means you can’t just supply two passwords (those are both ‘something you know’), instead, you should supply something you ‘know’ (a password) and something you ‘have’ (your phone.) A really common form of 2FA is where you put in a password and then you follow that up by entering in a 4-5 digit pin code that is sent to you via SMS. However, a stronger form of this would be to use an Authenticator app (like Duo, Google Authenticator, etc…) as SMS has proven to be insecure.
How effective is 2FA?
Google paired with “researchers from New York University and the University of California, San Diego to find out just how effective basic account hygiene is at preventing hijacking.” [source] In this study, they determined how digital hygiene behaviors could impact the success rates of automated bots, bulk phishing attacks, and targeted attacks. What they found wasn’t surprising: the more security the account had, the harder it was to get into the account. According to the study they found that “an SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.”
This effectively means that the attacker would need to have access to both your username/password, as well as your phone. In theory, this is perfect security. However, in reality, adversaries are adapting to try and phish both the password and the SMS code. Still, experts claim that this is likely one of the best things you can add to protect your account. Even if you don’t’ do it everywhere, turn it on for the following:
your main email
your work account
your social media
I should say as a disclaimer though: if a skilled attacker really wants to get into your account then they are likely going to be successful. But, 2FA will slow them down considerably.
2. If you ever lose a valuable metal item like a ring or a set of keys, there is a worldwide organization of volunteer metal detectorists that will come to you and help you find the item.
It’s a wonderful organization called Ring Finders. They have finders in countries all over the world and have recovered over 6000 items so far.
3. Here is how you can properly set goals. Lots of new year’s resolutions will get abandoned because they are not set up for success.
S.M.A.R.T. is a popular acronym/method that significantly improves your chances of achieving your goal.
Specific – instead of saying, “I want to lose weight this year”, set a specific weight. “I want to lose 25 lbs by 2021”
Measurable – 25 lbs is the goal and you can see your progress along the way
Achievable – 25 lbs is something one could do without significant risk to their health (depending on their weight)
Realistic/Relevant – Can you do it? Is it worth the time?
Time oriented – “I want to lose 10 lbs by month 6, 15 by month 8, 25 by 12”.
4. Greyhound will help runaways between 12- 21 years old, with a ticket to return home.
Greyhound works with the National Runaway Safeline to make sure runaway kids have a ticket home to get back to their families or legal guardians. To be eligible for a Greyhound ticket home, the child has to call the NRS helpline, be between 12 and 21 years old, be named on a runaway report and be willing to be reunited with their family (and vice versa). They also provide a free ticket for the parent or legal guardian if the young person is under the age of 15.
5. The difference between correlation and causation (a very serious modern-day issue).
INTRO: We live in a world surrounded by data, a lot of which is unfortunately poorly interpreted and can cause more confusion and harm than good. Sometimes this is done on purpose, sometimes by accident simply by lack of knowledge.
Correlation is when one variable’s behavior appears to follow the behavior of another variable. Often indicated by a straight-line-graph of eg. ‘the amount of cows owned by a farmer’ vs ‘the farmer’s wealth’.
Causation is when one variable directly influences another variable and causes its outputs to act in a certain manner. This is also often indicated by a straight-line-graph eg. “the amount of cigarettes smoked per day” vs “the chance of getting lung cancer”
Both of the examples above are examples of causation: If a farmer has a lot of cows he will tend to be wealthier since he probably makes a profit from having those cows etc. It has been scientifically proven that smoking cigarettes increases the chance of lung cancer.
As we see, here one variable does influence the other, but this is not always the case even if there seems to be a correlation.
Take ‘then a number of pirates’ vs ‘the world’s population’, if you were to graph those values over time you would notice that clearly as the number of pirates decreased the human population increased. Is that because pirates killed so many people that when they were gone the population could start to grow? Well NO. There is simply more factors we aren’t taking into account, the population of humans naturally increased over time as civilization thrived, and parallel to this the population of pirates ‘naturally’ fell. One variable did not influence the other, even though you can show a correlation between them.
Think about these examples :
‘size of your TV’ vs ‘academic performance’ (wealthier people TEND TO perform better academically than people from less wealthy families. They also tend to have larger TVs.)
‘number of gears on your bike’ vs ‘life expectancy’ (bikes with more gears tend to be more expensive, meaning wealthier people can afford them. Wealthier people TEND TO live longer)
Do you understand how if we make the variables more complex it might be hard to notice if it’s correlation or causation, especially if you know little about the topic at hand?
Please spread this message to make more people aware of the difference.
Also, can we please once and for all stop using the phrase “You can’t argue with data”, well actually you can and even should, especially with wrongly interpreted data, how about we instead say “You can’t argue with CORRECTLY INTERPRETED (and correctly collected) data.”