00:14:51 Alan German: No Q&A tonight - BUT, we are looking for questions and shares for the 15th! 00:24:33 Timothy: I still have both sizes of Floppies and many have been backed up on CD's. 00:24:58 Tristan: This is another backup software that can be used for local backups or backups to cloud services. https://www.duplicati.com/ 00:25:40 Stephane: In addition to backup the installation software, you also need to backup license key used to unlock software in case you need to reinstall software 00:25:57 Alan German: @Tim - Presumably, you also have the drives. Are the CD's also backed up to HDD just in case you can't read the CD? 00:26:20 Chris Taylor: For free backup, see my article "Finding a Backup Program" - https://opcug.ca/Reviews/BackupPrograms.htm 00:28:08 Timothy: Multiple copies of the CD's. 00:28:29 Chris Taylor: I have a new article that will be coming out soon in the newsletter on "Password Strength". Some of the old advice no longer is recommended! 00:29:00 Alan German: @Chris - So, what's new? 00:31:06 Chris Taylor: @Alan - NIST no longer recommends complexity in passwords (length rules!). They also don't recommend forcing periodic password changes (unless, of course, you suspect your password was divulged. 00:33:35 Greg: Are these add-ons free ? 00:34:22 Tristan: This is a nice little tool for your whole network and a fun Raspberry Pi project. https://pi-hole.net/ 00:35:47 Tristan: Here is an excellent free Password Manager, though can get even more features for a very small fee. https://bitwarden.com/ 00:39:42 Natalie: I just got a message that 3 of my e-mail addresses were recently compromised. Big aggregate hack, so no idea about the origin. 00:40:39 Chris Taylor: I know there are issues with saving passwords in Google Chrome, but an interesting "feature" is that they can alert you if your credentials have appeared in a data breach. DOES ANYONE HAVE AN OPINION ON THIS???? 00:41:01 Alan German: Scams can also arrive as text messages on smartphones 00:41:37 Alan German: Scam info. at: https://opcug.ca/fraud-watch/ 00:44:51 Tristan: This site will let you know if your email has ever shown up in any known data breaches. https://haveibeenpwned.com/ 00:45:20 Chris Taylor: @Natalie - if it was just a notice that your email address appeared in a data breach, the best you can do is go to all sites where you used those email addresses to login, and change your password. Also important, if the site has security questions that can be used to reset your password,, change the answers! Record the answers in your password vault 00:47:02 Natalie: @Chris: For the e-mail breach, the issue for me is that I use those addresses for many subscriptions, etc. So many things attached to them! 00:48:04 Timothy: @Alan - I do have 1 computer that can still read 5.25 floppies. When that goes..... well that's the problem that all backups will face being on what the medium that the data is stored on. You get to a point when you have to decide if its worth while to keep old data and old programs. Another problem is if you use software that encrypts data when backing up, you need to save that software as well. 00:48:35 Tristan: For site logins the best advice is to use a different long password (12+ characters) for each one. Use a password manager to store them, so you only need to remember to one password to access the others. 00:49:53 Chris Taylor: @Natalie - I get that! But if they don't identify the site where the breach occurred, there is not much in the way of options. Of course, if you have an extremely strong password at sites, you probably don't have to be worried that the attacker will be able to crack your password. If your passwords are at least 20 characters long, I wouldn't worry about them. 00:50:44 Tristan: Two-factor whenever available is a good second line of defense as well. 00:52:12 Chris Taylor: @Tristan - yes, 12+ is pretty good. But if you are using a password manager, why not go longer? :-) And yes, 2-factor will stop most attacks dead in their tracks. Google says that, internally, they have had ZERO successful phishing attacks since they started making 2-factor authentication a requirement for employees 00:52:40 Tristan: Though it is a real head scratcher why most of the banks don't have authenticator based two factor yet. 00:53:21 Chris Taylor: @Tristan - I agree wholeheartedly! 00:53:22 Tristan: Yes, I agree 12 would be the bare minimum. Personally I use 50 random characters, or the most a site allows. 00:54:08 Liliane: anti-virals for Mac users? 00:54:21 Natalie: Is SMS text for 2-factor authentication safe? Keep seeing different opinions. 00:54:58 Natalie: Sorry, I meant SMS code sent via text to cell. 00:55:04 Tristan: It is better than nothing, but not as secure as an authenticator app. 00:55:27 Tristan: SMS can be intercepted by a savvy hacker. 00:57:08 Alan German: @Liliane - FYI, most members of the "IBM-" PC Users' Group may not know the answer; however, some members do use Apple products... 00:57:22 Tristan: For app based authenticators there is Authy, Google Authenticator, Microsoft Authenticator, etc. All the main ones are free. 00:57:44 Greg: I found the free VPN add-ons very suspecious. 01:02:20 Tristan: The DNS provider Quad9, also will block known malicious sites. It is pretty easy to setup on your router, for your whole home. Also helps prevent some snooping from your own ISP provider. https://www.quad9.net/ 01:03:23 Natalie: I have no choice with certain sites - they send me a code if I want 2-factor authentication. 01:04:18 Tristan: All authenticators use the same standard. So even if it says for Google Authenticator, you can use any of them. 01:07:34 Tristan: This is what authenticators use, if you wish to read a bit on how it works. https://en.wikipedia.org/wiki/Time-based_One-Time_Password 01:08:43 Natalie: I've slap come across several in-person services requiring forms to be filled in online (e.g. Covid screening) that I can't print or download. Need to fill in online & it gets sent to them online using their system. I tried getting info on their security protocol & got nowhere. I get pegged as annoying or paranoid! 01:08:56 bea: should you delete the SMS codes once you use them 01:11:19 Tristan: For those Covid forms, if you have a work phone use that number. At least then the spam calls go there. 01:11:21 Tom Trottier: SMS codes expire 01:11:37 Tom Trottier: no need to discard 01:11:54 Tom Trottier: except they are just garbage... 01:12:38 Natalie: It just astounds me how many places don't care about security & some of the data is sensitive health-related stuff. 01:13:05 Tom Trottier: OpenDNS can also be used to limit website access 01:13:41 Natalie: RBC has security Qs as part of login. 01:14:14 Natalie: Air Miles has a 4-digit password. Useless!! 01:14:59 Tristan: The security Questions are not great. Most can be figured out by going on facebook. 01:15:10 Tom Trottier: Put in random garbage! 01:15:48 Tom Trottier: Quad9 alternative - more control https://www.opendns.com/ 01:17:07 Tristan: If you are really ambitious can setup your own home enterprise level firewall using something like OpnSense or pfSense. 01:19:32 Tom Trottier: block categories + 25 domains for free 01:19:40 Ma Vo: any opinion on Mozilla's VPN? 01:20:03 Ma Vo: about a year 01:21:07 Liliane: would a browser like duckduckgo be a help 01:21:24 Natalie: What about Kaspersky's VPN that comes with their software? So many opinions about the company & the Russian link. 01:21:31 Stew Bruce: Proton VPN has a free tier that works well 01:21:33 Ma Vo: isn't duckduckgo not a search engine? 01:22:02 Tristan: It's more for privacy than security. 01:22:37 Stew Bruce: On Android, DDG is a browser as well as a search engine 01:22:55 Tom Trottier: You CAN make your own VPN using your computer for when u r away 01:23:45 bea: what about bitdefender vpn 01:23:57 Tristan: VPN is only for security if both ends are under your control. 01:24:38 Tom Trottier: bitdefender Is ok 01:25:40 Stew Bruce: Proton VPN is one of the few that is not based in a "14 Eyes" country. 01:25:46 Tristan: It's perhaps a sad comment on society, but the best security is trusting no person or organization. 01:26:45 Tristan: IT security is thus moving to new forms called zero trust. 01:27:14 Tom Trottier: Switxerland? 01:27:35 Stew Bruce: @Tom yes Swiss 01:28:05 John Fleming: Norton 360 includes vpn that is from Surfeasy, an Ontario company. 01:28:11 Natalie: If download an app that wants access to media files, camera, contacts, etc. & then block that access, is there an issue? 01:28:11 Timothy: I have McAfee VPN. The Ontario Lottery Corp will not allow you to use VPN as they need to know if you order tickets from within the province. 01:28:24 Liliane: how about nordvpn 01:28:39 Tom Trottier: China, Russia don't like VPSs... 01:28:43 Tom Trottier: VPNs 01:30:22 Tom Trottier: WFC is very nice to find programs trying to access the internet 01:31:47 Tom Trottier: Or just use TOR 01:32:05 Tom Trottier: PLUS VPN... 01:33:06 Tom Trottier: TOR very slow - plus some nation states monitor the nodes... 01:34:44 Tom Trottier: Main VPN use is video in foreign lands... 01:35:17 Tom Trottier: due to copyright 01:36:36 Natalie: As an aside, my insurance company offers identity theft coverage (inexpensive), to help with the aftermath. 01:38:20 Alan German: Q&A next week - December 15th. Send questions and shares to SuggestionBox@opcug.ca 01:38:33 Tristan: Thank you for a great session! 01:38:33 Natalie: Thanks! 01:38:44 Greg: Great presentation Tom ! 01:38:45 Edward Morawski: good presentation! 01:38:47 Wayne H: Excellent presentation with info I never knew about. Thanks Tom 01:38:51 Allison: That was great, Tom! 01:38:51 Liliane: Thanks very much!! 01:38:56 Timothy: Good presentation. 01:38:59 bea: Thanks 01:39:00 Tom Trottier: 😃 01:39:01 John Fleming: Thanks from BC 01:39:08 jason: Tom (and Chris) rock! 01:39:14 Gail: thank you, Tom! that was great ! 01:39:30 Bob Gowan: Great info, thanks\ 01:39:41 Timothy: Isn't chris rock an actor?