Using location-based services (LBS) can be a tremendous help in some cases, like navigating an unfamiliar city. However, it is important to know and understand some of the risks that can come along with using LBS. In this episode of Security Matters, we will outline some of the most important things to consider when deciding if–and when–to use location-based services.

If the Internet made online banking easy, the proliferation of mobile devices and apps have made connecting to your bank even easier. Mobile phones and devices now let you connect to your money from virtually anywhere. While banking online from your computer has risks, connecting from a mobile device has its own unique challenges.

Here are some important things to remember when using a mobile telephone or portable device to conduct online banking.

-First, password-protect your mobile device. Most phones and tablets allow you to set a password that must be entered in order to use the device.

-Download your bank’s official app. Whether you’re on an iPhone or the latest Droid, most banks allow you to download their application directly from their website. If an app looks suspicious to you, don’t download it. If in doubt, call the financial institution directly or visit a local branch for assistance.

-If your phone is stolen or lost, immediately notify your bank. They can help assist you in changing your mobile banking profile.

-Monitor your accounts regularly. Any suspicious activity should be reported to your bank as soon as possible. The great thing about mobile banking is that you can monitor your account quickly and easily. If you check your account often, you’ll be able to spot any potential fraud sooner rather than later.

-Don’t disclose sensitive information via text message or email. Delete any text or email that contains anything like account numbers, passwords, or confirmation codes.

-Finally, remember to logout of your mobile banking app when finished. While most banks log you out automatically after a period of time, always be proactive and double-check that you’ve logged out when done using the service.

Mobile banking is easy and convenient. But as with everything online, it also comes with unique risks. Protect yourself–and your money–by banking cautiously!

To learn more about online security and privacy, visit our website at: www.securitymatters.iu.edu

In our last episode, we learned why security questions are important. Today we’re going to look at what makes a good security question, and which ones to avoid.

Here are five security questions you shouldn’t answer.

-What is your birthday?
-What is your mother/father’s maiden or middle name?
-What is your high school mascot?

What’s so bad about those questions? Well, let’s do an experiment. Log in to your Facebook account. See how many of those above questions you can find answers to on your Facebook page. Do you list your birthday on your profile? Are you friends with your Mom? Is your high school education listed? Is there a photo of your car tagged in someone’s album?

In today’s digital world, finding information is becoming all too easy. That’s because we’re becoming all too comfortable with sharing even the most mundane details of our lives with nearly everyone in the world. If you’ve posted your high school alma mater, someone can find out the mascot. If someone’s posted a picture of your car, someone will be able to find out the color, make, and model. Answering questions like the ones we just covered is a poor decision. Don’t do it! But even if you’re forced to, there are still ways to protect yourself.

Some websites, for example, don’t give you a choice of security questions to answer. They may force you to reveal your high school mascot. If that’s the case, find clever ways to disguise the answer. Let’s say your high school team was the Colts. Rather than using Colts, try something like this: “C@l+$”. The word is identifiable—and memorable—to you, but because you’ve used symbols in the answer, it becomes tough to crack.

If you get to create your own security questions, here are a few good ones:

-What was the last name of your fourth grade teacher?
-What was the name of your second pet?
-Where did you celebrate New Year’s Eve in 1999?

Those questions don’t have easy-to-find answers, and you can create your own as long as the answer isn’t obvious. As we learned in a previous episode, guessing the answer to a security question can allow the potential theft of your password. For more tips on protecting yourself, visit www.securitymatters.iu.edu

Sarah Palin was convinced her Yahoo email account was safe. She’d been running as John McCain’s vice presidential candidate for a few months, when her email account was hacked. Most of us would be scared to death if people could find out what we write and say to those people in emails. But a politician with ambitions of the White House? Talk about a recipe for disaster!

Palin’s account was hacked quite easily. A hacker simply reset her security question, which allowed him to change her password. So what exactly is a security question? Thanks for asking!

When you sign up for an email account, bank account, or a website that requires registration, you’re often asked to answer a few security questions. Those questions are designed to help verify your identity. So when you lose your email password, for example, you can reset it by answering the question you filled out.

That’s exactly what happened to Sarah Palin.

After discovering Palin’s Yahoo email address, the hacker was able to request that her password be reset. He entered her birthday, ZIP code, and then answered the security question Palin had chosen to accompany her account. According to reports, Palin’s security question asked the place she had met her husband. The answer? The high school they both went to.

All of that information was available online. A simple Google search revealed the answers to all of those questions within minutes. And in fact, that’s exactly how long it took this hacker to gain access to all of Palin’s most personal and private email exchanges.

It’s illegal to hack into someone else’s email account. But that doesn’t mean people aren’t trying to do it at this very moment.

Think of all the data you have stored in your email inbox. Birthdays, passwords, social security numbers, bank account credentials. Chances are, you have a ton of data in your inbox that could easily be used against you if someone were to access your account.

The Sarah Palin case illustrates why security questions are important, and the answers even more so. For information on choosing the right security questions, check out our website, at www.securitymatters.iu.edu

Today we’re going to talk about password strength. But before we do, let’s do an experiment. Ready? Count to six. Do you know what you just did? You just cracked the world’s most popular password!

That’s right. In a study of some 32 million passwords that had been breached, 1-2-3-4-5-6 was the overwhelming favorite. That means there are literally millions of people who use those six numbers—in order—as their primary password! That barely edges out words like “password” and “iloveyou” as popular choices. Those are terrible passwords! So what makes a good password? Here are some tips to help you out.

-A good password is at least eight characters long. Those eight characters should be a combination of upper and lower-case letters, numbers, and symbols that don’t have significant meaning. Using birthdates and anniversaries are too obvious. Pick combinations that you can remember, but are tough for others to guess.

-A good password is one that doesn’t contain a word. As we learned in the last episode, dictionary attacks search for words within your password to help crack it. Words are easy to remember, but also easy to guess.

-A good password is one that you can remember. Passwords that are so complex that you can’t remember them aren’t good, because it means you’ve likely written down or stored the password somewhere near your computer. That makes for an easy target to steal.

-A good password is only used in one place. The password for your Bank of America account should be different from your email account. Never use the same password across multiple sites. You use different keys for your house, office, and car. Websites should be treated just the same!

-A good password is changed regularly. If you can’t change them all every month, at least change them a few times each year.

To sum up, a good password is long and uses multiple characters. It is easy to remember but tough to steal. And a good password is changed often.

For more tips and information on passwords, visit our website, at www.securitymatters.iu.edu

Here’s a riddle for you: What can be short or long, tall or small, and made up of a bunch of characters? You guessed it! It’s a password. From upper-case letters to numbers and symbols, passwords are defined by the characters you use to make them.

Over the next few episodes, we’re going to talk about passwords and security questions. These basic questions allow you to access your most confidential and private data. And yet, most people don’t give much thought to their passwords to begin with. That allows hackers to figure out your password, which is just like giving a stranger access to everything you have online.

Before we get into making a good password, we’re going to talk about how hackers actually get your password to begin with. There are four main ways they use.

-The first is the most obvious: They steal it. Ever enter your PIN code at the grocery store in front of other customers in line? It’s the same concept. Anyone can look over your shoulder and watch you type it in. Some simply write down their passwords and leave it right next to their machine!

-Guessing. Study after study shows that people often use incredibly easy-to-guess passwords. Men often choose four-letter obscenities as their passwords. Women, on the other hand, are far more likely to use the names of a loved one or a birthdate or anniversary.

-Brute force attack. This is a process in which a computer program runs through every possible combination of letters, characters, and numbers to crack a passcode. Modern technology allows this to be done fast. A six-character passcode can be cracked in as little as 13 minutes by a high-performance computer.

-Finally, there’s a dictionary attack. This method is a bit smarter than a brute force attack. As its name indicates, a dictionary attack uses a program that tries every word it knows to see if it matches anything in your password. Even adding a number at the end, like “Indiana812” does little to strengthen your password.

Today we’ve covered some of the ways hackers can steal your passwords. Now that you know the basics, we’ll walk you through other important things to know about protecting yourself online.

Look for those episodes on our website, at www.securitymatters.iu.edu

We’ve talked a lot about Facebook recently, and for good reason. It’s the largest social networking site in the world. But LinkedIn is growing at an even faster rate. Consider LinkedIn a professional version of Facebook. While it’s a great place to connect to other business contacts, it’s not the place to share a lot of personal information. Whether you’re a new or existing member, we’ll talk today about some of the most popular privacy features.

Log into your LinkedIn account. In the upper-right-hand corner, you’ll see your username as a link. There’s a little blue arrow to the left of it. Click on that link and select “Settings” from the drop-down menu. Toward the bottom of the page you’ll see the word “profile” in a menu down in the left-hand corner. That’s where we’ll begin.

-Look under the “Privacy Controls” menu and select “Turn on/off your activity broadcasts.” The box is probably checked, which means your connections can see whenever you change something on your profile. But what if you’re already employed and looking for a different job? Do you want your current employer to know? Unchecking the box will keep your updates private.

-Ever looked at someone else’s LinkedIn page? You may be surprised to find out that person may be able to tell. Click on the “Select what others see when you’ve viewed their profile” option in privacy controls. Here you can choose to display your name and headline, a vague post about your industry and location, or simply as anonymous. Choose the option you feel most comfortable with.

-Next let’s select who can see your activity feed to determine who sees the actions you’ve taken on LinkedIn. We recommend using “your connections” since they are the only people or groups you’ve linked with.

-Our final tip will fall under the “Helpful Links” section. You should see an option that says “Edit your public profile.” Click on that. On the far right side of the page, you’ll see a sidebar where you can customize your public profile. These settings control what others can find out about you or your company. This includes searches on sites like Google and Yahoo.

You can determine which options you want people to be able to see when looking for you. We recommend making your profile public, but restricting the information you’re broadcasting. Select “Basics” for example if you only want people to see your name industry, location, and number of recommendations. From there it’s up to you to decide how much you want to share.

LinkedIn is a great resource, but remember to think of it as a virtual workplace.

For more information on online privacy and security, visit our website, at: www.securitymatters.iu.edu.

As the economy continues struggling, many people are in the challenging phase of finding a job. As they go through the interview process, many don’t realize that the company they’re interviewing with might have already found your Facebook page. A study in 2009 found that 45 percent of companies used Facebook to check out a potential hire. With the use of social media growing by the second, it’s important to realize what you’re saying online and who can see it. Here are a few tips to keep in mind whether you’re employed, looking for a job, or looking for a better job.

-Don’t post anything you wouldn’t want a potential employer to see or read. The photos of your spring break vacation were fun in college. But to a human resources director, they may be a sign of immaturity and bad judgment. Even if your privacy settings restrict who can see your photos or posts, you have no control over what your friends can do with them or where they can post them.

-Consider keeping a professional-looking photo as your profile picture. If your privacy settings are restricted, employers can likely still see your main profile picture on Facebook, LinkedIn, and Twitter. Think about the image you want to project to the world. When someone searches for you on Facebook, what do you want them to find? That’s what a prospective employer will see, so make a good first impression.

-Don’t post revealing or potentially embarrassing photos online.

-If you’re employed already, be extra cautious about what you write and post. Calling in sick while you post about your relaxing day at the beach can be a recipe for disaster. Imagine trying to explain that one to the boss! Which reminds me…

-Think carefully about adding your boss or co-workers as Facebook friends. Unless you are really close friends outside of the workplace, consider politely declining their friend request. It’s okay to keep your work and private lives separate.

Online security isn’t just about protecting your data, it’s also about being cautious about the data you create and post in the first place. Remember: don’t post or share anything you wouldn’t sign your name to publicly. Once something is online, it’s safe to assume that it will be there forever. For more tips on online privacy and security, visit our website, at www.securitymatters.iu.edu

The holiday season is upon us, and that means millions of people will be shopping for gifts online. Though online shopping peaks between Thanksgiving and Christmas, you can be a safe shopper year-round. Here are some tips to remember:

-Always use a credit card. Never use a wire-transfer or a non-credit card method to buy anything online. Laws allow you to challenge any disputed item that shows up on your credit card bill, and most credit card companies have what’s called a “zero liability” policy that doesn’t hold you accountable for charges made if your card is lost or stolen.

-Make sure you’re using a secure site when paying for something. The site you’re visiting may not have an “https” in the URL, but you should see one when you go to check out. As an example, when you shop at Amazon, you only see www.amazon.com in the URL. But when you go to pay for the items in your shopping cart, you’re taken to a secure version of the site. You can see that the checkout page begins with “https,” a sign that you’re on a secure site.

-When in doubt, do some research! If looking at a website that seems sketchy, pause for a second and do some research on the company before you buy. The Better Business Bureau offers a list of accredited businesses on its website. You can also Google the company. You may find customer reviews and experiences that could help you determine if the site is legitimate. If in doubt, don’t buy.

-Finally, don’t click on links directly from e-mails. Businesses love to send e-mails touting their latest sales. But so do scammers! If you get an e-mail from the Gap advertising 30% off, don’t click directly from the email. Instead, type in the Gap’s web address directly into your browser and then search for the deals. This helps prevent you from clicking on a link from a phishing email.

Online shopping is fun and convenient. Just make sure you’re doing it safely and securely, and you should be fine.

For more tips on online security and privacy, visit our website at www.securitymatters.iu.edu

In our last episode, we learned what the privacy settings on Facebook mean. But as a quick reminder, we can let everyone on Facebook see our information, only our friends, or even just specific people through customization. Today we’re going to actually look at what information we have, and how to change who sees it. You may be amazed at what you’re sharing right now!

Let’s go online and log into a Facebook account. In the upper-right hand corner, click on “Account,” then select “Privacy Settings.” Here you have control over your basic default privacy settings. That means every time you post something, whether it’s a picture or a status, these audiences will be able to see.

You should see three options on your screen: Public, Friends, and Custom. As a general rule, if you click “Public,” and apply those settings, everyone on Facebook will have access to everything you’ve posted publicly. If you click “Friends,” only people you’ve confirmed as friends will have access to your content. And lastly, we have the option to customize.

We recommend using the “Friends” option, so that those people you have confirmed friendships with can see your information.

Underneath those three options are more specific items you can control. Want to keep strangers from posting on your wall? Select “edit settings” for “How you connect” and make sure that Friends is selected for those people allowed to post on your wall. Explore each of the options to see the various choices you have. You can see that Facebook has given you a ton of options to control who, when, and where you connect with.

Facebook privacy settings can be tricky to navigate. Just remember: customize your settings whenever possible. That way you have the most control over your information. And check your privacy settings every few months, as Facebook often updates its privacy options.