Copyright © 2017 Wellness Mama · All Rights Reserved

1

Episode119:CyberSecurityTipstoKeepYour

FamilySaferOnline

Copyright © 2017 Wellness Mama · All Rights Reserved

2

Child:WelcometomyMommy’sPodcast.

Katie:Hi,andwelcometothe"HealthyMomsPodcast."I'mKatiefromwellnessmama.com,andtoday'sepisodeisnotstrictlyaboutphysicalhealthbutitmaybeoneofthemostimportantepisodesyoulistentobecauseit'saboutcybersafetyandsecurity,andespeciallyhowtokeepyourselfandyourkidssafeonline.Inthewakeoftherecentdatabreaches,it'simportanttoknowwhatwe'refacingwhenitcomestoonlinesecurityandhowtostaysafe.Andtoday'sguestPatrickMcFadyenhasabackgroundanddegreeincomputerscience.He'sworkedinthetechandsecurityindustriesforyears,anditturnsoutthatmanyofusareunknowinglydoingthingsthatmakeusvulnerableonline.I'veworkedwithPatrickpersonallytoimprovemyowninternetsecurityandtodayhe'ssharinghisstrategiesandadviceforkeepingyourfamilysafeonline.Ifyouhavefollow-upquestionsrelatedtothisepisodemakesuretochecktheshownotesatwellnessmama.fm.tofindouthowtocontactPatrickwithyourquestions.SoPatrick,welcometotheshow.Patrick:Thankyouforhavingme.It'sapleasuretobehere.Katie:Ithinkthisisgonnabeawesome.It'sdefinitelyadeviationfromthenormalforusbutIthinkit'sreallyimportantformomstoknowbecausemomskindofkindaarethekeytotheonlineworldforalotoftheirkids.AndIknowyouandIhavehadconversationsabouthowalotofusaredoingthingswithoutrealizingthattheymayputusatriskonline.AndIknowoneoftheseispasswords,andyouhavealotofdataandalotofresearchhere.Solet'sstartwithaneasyone,whatdoweneedtoknowwhenitcomestoourpasswordsonline?Patrick:Well,there'ssomeveryobviousknowledgeaboutpasswords,youknow,longerisbetter.Aphraseisbetterthanasingleword,butwecangoalotmorein-depthandactuallygivesomeverygoodinformation,somequantifiableinformationthatwillhelptogivealittlebitofbackground.It'simportanttoknowthatmostcompaniesshouldn'tactuallybestoringyourpassword,whattheyshouldbestoringiswhat'scalledapasswordhash.Andit'sjustaveryfancy,elaboratemathematicalequationthattakesthelettersandnumbersyoutypeinandchangesthemintojustanumber,anditdoesthesamethingeverytime.Sothecompaniesshouldneveractuallyhaveyourpassword.Ifyou'veeverreceivedanemailfromacompany,ifyou'verequestedyourpasswordbe,youknow,recoveredandtheysendyouyourpassword,thatisamajorredflag.Theyshouldnothavethatinformationbecauseifsomeonebreaksintotheirsystemstheyjustgetyourpasswordflatout.Soifyou'veevergottenanemailorhaveacompanythatsendsyouapasswordthatyoucanread,youshoulddefinitelydistanceyourselffromthecompanyandworkonlettingthemknowforone,andfindabettersolutiontowhateverthatcompanywasprovidingyou.Asfaraspasswordsgoingeneral,tohaveaverysecureone,youwantlongerthaneightcharacters.Mostpasswordsontheinternet,peoplerunstatisticsontherecoveredpasswordlistthathavebeenbreached.Eightcharactersisthevastmajorityofthem,sodon'tuseaneight-characterpassword.Togiveyouanidea,ifyouuseaeight-characterpasswordthat'sonlylowercaseletters,there'satotalof217billionpossiblecombinations.Andwhilethatmaysoundlikealot,thatnumberofguessescanbedoneinlessthanasecondonmodernhardware,soitisabsolutelynotasecurelengthortypeofpassword.

Copyright © 2017 Wellness Mama · All Rights Reserved

3

Whatyou'relookingforisapasswordthatisstronginlengthandentropy.Sothelengthisprettyobvious,longerisbetter,butentropyisjustasimportant.Entropyishowdiversethecharactersare.So,forinstance,thepassword12345678hasalmostnoentropy,youknow,everycharacterisdirectlyrelatedtotheonebeforeit.Youwantonesthatareveryrandom.Togiveyouanideaofusinghighentropyandusingyourfullkeyboard,that'sanimportantpoint,uselowercase,uppercase,numbers,andspecialcharacters.Iknowyou'veallgonethroughapasswordsubmissionorcreationonlineandtheyalwayshavetheweirdrequirementsofyouhavetohaveatleastone,youknow,uppercaseandonenumber.Justtogiveyouanideaofthedifference,ifyou'retalkingaboutaneight-characterlengthpassword,thedifferencebetweenonlyusinglowercaselettersandusingthefullkeyboard,likeIsaid,217billionpossiblecombinationsforlowercase.Whenyouuptothefullkeyboarditbecomes6.7thousandmillion,millionpossiblecombinations.Sothatshouldillustratethevastdifferencebetween,youknow,usingonlythelowercasesetoflettersandthefullkeyboard.Now,ifyoulookatthelength,thedifferencebetweena30-characterpasswordandan8-characterpasswordonlyusinglowercaseis217billionto2.93million,million,million,million,million,millionpossiblecombinations.IknowthisisallalittledifficultovervoiceandIapologize,butthatshouldgiveyoutheballpark.Soit'sveryimportanttouselotsofentropyandasufficientlength.Katie:Thatmakessense,sotogobacktothatonestatistic,yousaidittakesunderasecondforcurrenttechnologytogetthrough217billioncombinations,isthatright,becausethey'rebasicallyjustusingalltherandomizedpotentialcombinations.Solike,evenifyouthinkyou'rebeinglikesupercreativebyspellingaworddifferently,itdoesn'tmatter.Patrick:That'scorrect,currentpasswordcrackingsystemsaremeasuredinterahashespersecond,whichisonetrillionguessespersecondiftheyhaveyourpasswordhash,andmostofthesegomultipleterahashes.So,that'swhat…youreallywanttohaveaveryrobustpassword.Katie:Andwhatabout...soImean,mostofusarejugglinglike...IknowIprobablyhave200differentonlinepasswordsthatIhavetodealwithatanygiventime,andforalotofyears.Idon'tdothisnow,thankstoyouradvice,butIwouldjustusethesamepasswordforeverything.Imean,ifwe'retalkingaboutmemorizing200passwordsandtryingtorememberalltheselikehighlycomplex30-characterpasswords.DoyouhaveanyadviceforthatbecauseIknowthatthat'swhereitgetsconfusingandthat'swhyIthinkalotofpeopledefaulttojustasamesimplepassword?Patrick:Absolutely,andit'scompletelyunderstandable.Iusedtodothattoo,Iwouldhavethesamepasswordor,youknow,thesamepasswordwithaslightdifference.Thebestsolutiontothisistouseapasswordmanager.Thetechnologybehindthesecurrentlyhasbecomeverygoodandtheyarerobustanduser-friendly,whichisveryimportant.There'safewoptionsyouhaveasfarasmanagersgo.Ifyouwantsomethingonlinethatissync-ablebetweendevices,soifyouneedtologinonyourphoneandyourcomputerormultiplephones,thesearegreatasolutionforthose.IhavethemostpopularfourcurrentlyandthoseareLastPass,Dashlane,1Passsword,andRoboForm8.

Theseareallwebapplicationsthatyoucanlogintoandyouareabletoretrieveyourpasswordvault.Andmostofthemhavepluginsthatletyouauto-filltheusernameandpasswordsformsononlineformfields.Therearesomeoptionsforlocalsystems,theseareKeePassandRoboForm8alsohasalocaloption.Thisisa

Copyright © 2017 Wellness Mama · All Rights Reserved

4

fileyouhaveonyourcomputeroronaUSBdrivethatyoulogintoandopenwithyourmasterpasswordandthenthatgivesyouaccesstoyourpasswordvaultonwhateverdeviceyouhavethatconnectedto.ThisismypreferredsolutionjustbecauseIdon'tlikegivingthatinformationtoathirdparty.Butthesecompaniesaretrustworthyandhavehandledanybreachesthatthey'veencounteredveryresponsibly,andthetechnologyissetupsuchthatasimplebreachwillnotresultinthelossofyourpasswords.Katie:Thatmakessense,andsothese…becauseI'veusedacoupleofthesebefore.Andsotheybasicallylikeallowyoutocreatebasicallyarandomizedpassword.Correct…likeitcouldbethat30charactersorevenlonger?Patrick:Yes,theseutilitieshaveeitherbuilt-in,orKeePassactuallyhasapasswordgeneratoryoucanuseonline.JustGoogle,"KeePasspasswordgenerator,"anditwillgiveyouoptionsforyourlengthandwhatcharactersetyouwouldliketoinclude.Thisisbyfarthestrongestwaytostoreyourpasswordsandcreatethem.Humansarenotoriouslybadatbeingrandom.It'sincrediblydifficult,wejustaren'tgoodatit,computersactuallyare.Soideallyuseapasswordmanagerwithaverystrongmasterpasswordforthat.It'sonlyonepasswordyouwillneedtomemorizeor,youknow,record,andthat'sthebestwaytodoit.Ifyoudon'tfeelcomfortablememorizingit,whatyoucandoiswritedownpartofitinyourwalletand,youknow,keepitthere.Don'tkeepthewholethingtogether,forinstance,ifyouwantedtoput…youcoulduseaphonenumberofsomeoneyouknowandputalistofphonenumbersinyourwallet,andoneofthemis,youknow,partofyourpasswordthathelpsyougetin.Therearealotoflittletricksyoucandothatwillhelpyourememberstrongpasswords,whichiswhatyouwanttodo.Katie:Gotit.Andsobasicallythenyoujustremembertheonesinglepasswordandthenyou'llhaveadifferentuniqueandlongpasswordforeachonlinethingthatyouwillloginto.Andofcourse,Iwannamentiontoolikewe'llhavelinkstothem,onesyoumentionedintheshownotesbecauseIknowthere'salotofcompaniesthatlikeimpersonatepasswordcompaniesandyouhavetobecareful.SotheonesthatIknowthatyousaidwecantrustthosewillbeintheshownotesjusttomakesureyoudon'taccidentallyGoogleyourwayintoadangerousone.Butwouldyousayingenerallikehowmuchsaferdoyouthinkitistouseapasswordmanagerversusjusttryingtothinkofyourownpassword?Patrick:It'savastdifference,notonlyarethepasswordcrackingsystemsoutthereveryfastandhavealotofprocessingpower,they'reveryintelligentaswell.ThishasbeenactuallyafieldofstudyinComputerScienceforyears.Andsothepasswordcrackerswillknowtolookat,okay,Iwilltrytheword'dog'andnowI'lltry'dog'withazeroinsteadofan'O'andallthepermutationsofthat.They'vebecomeverysophisticated,robustandintelligent,sohavingapseudorandompasswordisbyfaryourbestoption.Katie:Okay.Andjusttohighlight,areanyoftheseactuallylikeunhackableorarejusttheylikehighlyreduceyourodds?Patrick:Nothingontheinternetisunhackable,that'sasufficientlymotivatedorganizationwithsufficientresourceswillbeabletobreakintoanything.Thatbeingsaid,LastPassIknowforsurehashadabreachinthepastbuttheystorethepasswordhashesandvaultsinseparateplacesandtheyhavestepsthat...andtrickswithcomputingthehashthatmakeitincrediblytime-consumingtotrytocrackthatpassword.Katie:Thatmakessense,sowhatabout...I'msuretherearepeoplelisteningwhoforwhateverreasondon'twannauseapasswordmanager,arethereanybetterwaystodothisifyou'renotgonnauseapassword

Copyright © 2017 Wellness Mama · All Rights Reserved

5

managerbutstilltrytohavemoresecurepasswords?Patrick:Yeah,therearesometricksyoucando,lengthisbyfarthemostimportant,becausewhenyou'retryingtoguessapassword,whenyou'retryingtocrackoneyoudon'tgetanyfeedback.It'seitherayesorano.Soyoutryacombinationforthathashandyoueitherknowyesitmatchesornoitdoesn't.Sodefinitelymakethepasswordsaslongasyoucanpossiblyrememberandusespecialcharacters.Don'tuse,forinstance,anexclamationpointattheendora1infront.Anythingthatsimplisticisgoingtoweakenthatpassword.Alsohereisalistofthe10mostcommonpasswordsfromlastyear,ifyouareusinganyofthese,pleaseimmediatelyjustchangethem.Theyare:123456,123456789,Q-W-E-R-T-Y,12345678,1111111,1234567890,1234567,passwordalllowercase,123123,and987654321.Soanyofthesepasswordsoranythingclosetothemshouldnotbeused.Lookforsomethinglong.Youcanusewordsifyou'dlike,perhapsmisspellthem,thattypicallyhelps.Includespecialcharactersandmakethemaslongandrandomasyoucaninawaythatyoucanstillrecordthem.Soforinstance,ifyou'vedevelopedarandomstring,youcansometimeswritethatdowninaninconspicuousplaceandthenpadyourpasswordoutwith,youknow,amisspelledwordortwotogiveitthelengthrequirement.Katie:Thatmakessense,andwhataboutnamesandbirthday'sbecauseIknowthat's...atleastI'vedonethatinthepastuntilIlearnedtostopdoingit,butjusttolikepickakidsnameoryournameandabirthdayorananniversary,isthatsecureorcansomeonefindthatdata?Patrick:Thatisabsolutelyinsecure,anypubliclyaccessibleinformationshouldneverbeused.Andthisleadsintosecurityquestions.I'msurewe'veallseenthoseand,youknow,justputin...okay,theoldstreetIlivedon,youputitin,youdon'tthinkanythingaboutit.IfanyoneremembersbacktoIthinkitwasthe'08electionwhenSarahPalin'sYahooaccountwashacked,thatwasdonethroughsecurityquestions.SomebodyGoogledhername,lookedatherWikipediaentryandfoundalltheinformationtohersecurityquestions,andresetherpassword,resettheemail,andjustgotherinformation.Youshouldreallytreatsecurityquestionsasanotherpasswordfield,orattheveryleastfilltheminwithcompletelyrandomanswersthatyoucanstillremember,soyouknow,"Whowasyourfirstgradeteacher?""ToyotaCamry,"youknow,somethingthat…attheveryleastdothat.Buttrytotreatitlikeanotherpasswordandstorethoseinyourpasswordvault.Mostofthemwillgiveyouasectionundereachsiteforadditionalnotesandthat'sagreatplacetoputthose.Katie:Thatmakessense.SoIknowsinceyoukindacoachedmeonthis,allofmysecurityquestionsarenowrandomlygenerated35tolike45characterthingsthat,Imean,Iwouldneverrememberbutthey'restoredinanonlinething.Whatabouthavinganofflinebackup,becausethat'sonethingI'vealwaysthoughtof,likewhatifsomethinghappenstothepasswordmanagerIcan'tgetintoanything.Isthereanysafewaytodothat?Patrick:Soyoucanuseoneofthe...likeKeePassorRoboForm8forthatbackupandyoucanstorethatonaflashdrivethatyou,youknow,putinasafeinyourhouseorsomewhere,youknow,hiddenorrelativelysafe.Thosewillbeencryptedsoit'snottheendoftheworldiftheygetoutbutit'sagoodideatokeepthemsafe.Ifyoudothatyouwillneedtomanuallyeditandupdatethatkeyvaultasyougo...asanychangesaremadetoyourotherone,butkeepinganofflinebackupisnotabadidea.Katie:Thatmakessense,andIknowitseemslikeweareprobablytalkingforlikeareallyalongtimeonareallysimplethingbutmostpeopledon'tthinkaboutthefactlikeevenplaceswhereIshopforkids'clothingmycreditcardisstoredthere.Solikepasswordsareabigdealwhenyoulookatthefactthatlikeifyouare

Copyright © 2017 Wellness Mama · All Rights Reserved

6

savingyourpasswordinAmazonoranywhereforlikeonestepcheckout,thenifsomeonehacksthattheyhaveaccesstoalotmoredatathanjustwhateverthey'vegotteninto.Andespeciallywithemailscanlikeifsomeonehacksintothattheycanuseittogetintoalmostanythingelse,right,ifyouuseyouremailasabackup.Patrick:Absolutely,thetopofyourprioritylistshouldabsolutelybeanythingthatholdshealthinformation,ifit's,youknow,loggingontosomesortofhealthrecordsitethatyouuseoranythingrelatedtohealth,youremail,becauseifsomeonecompromisesyouremailaccountthentheycanstartsendingoutpasswordresetrequestsandstartcompromisinganyaccountthatislinkedtothatemail.Andalsoanysitethathaslikeyourfinancialinformation,orcreditcarddata,pleasegobackandlookthroughit,updateit,andgivethemrobustpasswords.Katie:Yes,super-goodadvice.Whatabouttwofactorauthentication.Iknowthat'satermthat'scomeupalotrecentlyandisthatsomethinggoodtodo,andifsoexplainwhatitisandhowitworks.Patrick:Sotwo-factorauthenticationisawayofsupplementingtheauthenticationprocessanditisabsolutelysomethingpeopleshouldbeusing.It'sagreattooltouseanditinvolvesanytimethere'saloginrequestwithyourcredentials,thesitewillcontactyouthroughsomeotherformofcommunication.Andthatwillallowthemtotakeanothersteptoverifyingthatitisyou.You'veprobablyseenthis,mostemailclientswill,ifyouhaven'talready,willnotifyyouandpesteryoutodothis,whichyouabsolutelyshould.TherearebetterwaystodoitbetterthanjusttheSMSsthatmostpeoplearefamiliarwith.ThereareauthenticatorsouttherelikeAuthyandIthinkLastPasshasanauthenticatorappaswellthatwillchooseanotherformofcommunicationotherthantextmessage,whichisunsecure.It'snotencrypted,it'splaintext,andyoucangetitvery,veryeasily.Thatbeingsaid,ifyou'reusingforinstanceKeePassforyourpasswordmanager,Iwoulduseadifferentcompanyforyourauthenticator.ItjustmakesalittlemoresensetospreadthatoutbecausethatwayifsomeonecompromisesyourKeePassaccounttheydon'tcompromiseyourtwo-factorauthentication.Soevenifthoughtheyhavealotofyourpasswordsyoudefinitely...youstillhaveagraceperiodtochangethem,toresetwithoutthemimmediatelybeingabletocompromiseyouraccounts.Katie:Gotit,thatmakessense.SoIfeellikewehaveaprettygoodgraspofpasswords,andhopefully,Imean,ifyou'relisteningandyouaren'tdoingthosethingslikeseriouslypausetheepisodeandgodothat.It'sthatimportant,Iknow,Ihaveseenfirsthandwhathappenswhenpeoplehavetheiremailshackedandit'snotpretty.SolikeI'mgladthatyouarehighlightinghowimportantthatis,andIthinkanotherareathatpeopleoftendon'trealizehowseriousitisit'sjustwhenitcomestoemailsecurityandallthewaysthattherecanbevulnerabilitiesthere.Socanwegointokindofemailsecurityandsomethingsthatareimportanttoknowaboutthat?Patrick:Yeah,absolutely.Thisisprobablysomethingyou'veheardamilliontimesifyouworkatacompany,yourITpersonhas,youknow,probablygottenupsetaboutit,andthat's,youknow,clickingattachments.Andit'stheclassicone,youshouldneveropenanattachmentthatyoudidn'taskforandthat'stheruleyoushoulduseacrosstheinternet.Ifyoudidn'tgolookingforsomething,donotacceptit.Ifyougetapopuponawebsitethatsays,youknow,"Hey,doyouwanttoupdate."No,no,yougoandyouupdate,orifit'snotfromthebrowseritselfortheprogram,youneverwanttoopenanythingoracceptanythingthatyoudidnotaskfor.Thisevenappliestoalotofthescamphonecallspeopleget,wheretheywillgetaphonecallclaimingtheIRSiscallingthemaboutoverdueunpaidtaxesandthere'sanarrestwarrant.Ifyouevergetacall,oracreditcardcompany,simplyhanguponthemandthencallwhatevercompanyororganizationtheywereclaimingto

Copyright © 2017 Wellness Mama · All Rights Reserved

7

be.Neveracceptorgiveinformationtoanythingonlineor,youknow,throughphonethatyoudidn'tspecificallygolookingfor,that'sprobablythebestwayyoucanstaysafe.Katie:Yeah,that'sgoodadviceacrosstheboard.Let'stalkalittlebitmoreaboutonlinescamsbecauseIknowthese,atleastfromwhatI'veseenarebecomingalotmorepopularandwidespread.Iknowwe'veevengottenafewcallsthatpeoplewereclaimingtobe,youknow,thepolicebecauseIwaslateforjurydutythatInevergotnoticeof,orwhatever.They'vegottenreallycreativewiththis,sowhataresomegeneralrulestounderstandthere?Iknowlikeforonethingthegovernmentisusuallywillingtosendyoumailcorrespondencefirst,butevenifnotyoushouldnever,never,nevergiveoutanyinformationespeciallyyourSocialSecuritynumberoverthephoneoronline.Butwhatarethosethingsthatweneedtoremember?Patrick:So,onlineespecially,thereisamorecommononethatifyoumistypeFacebookorGoogle,you'llgettakentoawebpagethatlookslike,youknow,thebluescreenofdeathorsomeothererror,andit'llhaveapopupsaying…claimingthatMicrosoftWindowshasdeterminedthatyourcomputerisinfected,youneedtocallthenumberandtalktothemaboutremovingthevirusesfromyourcomputerorsomethingalongthoselines.Theseareallscams,Microsofttechsupportwillnevercontactyouaboutviruses.Theydon'thavethatinformationnortheresourcestohandlethatonthisscale.Soifyoueverseethatpopup,don'tcallit,it'sgonnabeascam.Katie:Yeah,thatmakessense.Iknowarecentonethatsomeoneinourextendedfamilyhadhappenedis,IthinkshereceivedanemailorsomethingsayingherYahooemailhadbeenhacked.ButitwassenttoherYahooemailandtherewaslikeanumbertocallandshedidn'tknowthis,soshecalledthenumberandtheywerelike,"Yes,wecanhelpyouunhackitfor$250."Anditwasthiswholething,andwehadtoexplaintoherthatitwasascamandittookawhileactuallytogetthroughtoherthatlikethisisnotactuallyreal,likethey'retryingtohack,youhavenotbeenhackedyet.Butitisscary,peoplearegettingreallycreativeespeciallywiththeonesthatspoofsites,Ithinkthat'simportant.Ialsohaveseensomecomethroughthatitlookslikeit'sfromforinstanceFacebookorAmazon,butifyouactuallylookattheemailaddressitselfit'snot,it'sfromlikesomethingthatisveryclosebutnotactuallyit.Soisthatagoodrule,itsoundslikeshouldweactuallychecktheemailaddressesorjustlikenotclickonanythingjustalwaysgotothesiteitself?Patrick:So,notclickingonthemisbyfarthesafestwaybutthatissomethingthatyoushouldbepreparedforhavingclickedonthings.There'sgonnabeadayyouhaven'thadyourcoffeeandyouarelookingatyouremail,youclickit.Trytoavoidthat,ifitallpossible,buttakeaminutebeforeyoudoanythingandthinkaboutit.ThinkaboutwouldMicrosoftbecallingmeaboutavirusonmycomputer?Thatseemsalittlefar-fetched,youknow,wouldtheIRSbecallingme?Probablynot,lookatwhat'sbeingrequestedandthinkaboutwhythiscompanywouldwantmetodothat.Andifitseemslikeitcouldbeavalidreason,thenclosethattabonyourbrowser,orhangup,andthengolookupwhatthecorrectnumberisandcallthecompany.It'salittlemoreworkandyouhavetodealwiththeautomatedphonesystemsbutit'scompletelyworththesecuritytodothat.Katie:Thatmakessense.AndIthinkanotherthingthatI'dlovetodelveintoisjustonlineuseingeneralandonlinebrowsing.BecauseIthinkmostofusifwedon'treallyhaveabackgroundonthis,ourdefaultisjusttogotoGoogleorgotoourbrowserandjustsearchforwhateverweneed,orlikeIknowthatpeopledon'toftenthinkaboutwhattheirinternet...youknow,whatthey'redoingwhentheyareontheinternet.Theyjustbrowseortheyclickonlinks,theygotoYouTube,orwhateveritmaybe.Soarethereanygoodrulesofthumb,justforsafeinternetusageingenerallikebrowsersthatarebetterorworseorthingswecanbedoingjustto

Copyright © 2017 Wellness Mama · All Rights Reserved

8

protectoursecuritywhilebrowsingtheinternet?Patrick:SoasfarasbrowsersgoEdge,Chrome,Firefox,Safari.Thoseareall...likethebigones,they'resafe.Youknow,makesurewhereveryoudownloadthemyougototheofficialsite.Thisiskindof,youknow,don'tgotoshadylinks.It'saverysimilarmindsetof,youknow,gofindwhatyou'relookingforthroughGoogleoragoodsearchenginebutifyou'reonasite,don'tnecessarilytrusteverylinkyoufindontheinternet.Youknow,youcanhoveroverthelinkandatthebottomofyourbrowseritwillgiveyouapreviewofwherethatlinkwilltakeyou.Andwhatthelinkactuallyreadsonyourscreenmaynotbewhereittakesyou.YoucanedittheHTMLsothatitdisplaysadifferentaddressthanwhereitwillleadto.Soyouknow,hoveroveranylinksyouseeandseeiftheylooklegitimate.Youcanalsouseincognitoorprivatemodewhileyou'rebrowsingandthatwillpreventyourcomputerfromrecordingcookiesforthesessionorforthetabsyou'veopenedandthehistory,andwillblockalotofthetrackingthatcanhappen.Itwillnotmakeyouinvisibleontheinternet,that'skindofamyththatthenameimpliesandit'ssomethingtobeawareof.

Katie:Gotit,whatabout...canyouexplainthedifferencebetweenhttpandhttpsonawebsite?BecauseIknowwewentthroughalotofworktomakesureWellnessMamawashttps.Butcanyouexplainlikebasicallywhatthatisandwhyitmatters?Patrick:Absolutely,sohttpisthehypertexttransportprotocolandhttpsisthesecureversionofthat.Whatthismeansiswheneveryoumakeanhttpconnectiontoawebsitesoyouvisitawebsitethatishttp.Anyinformationyoutransmittothatwebsiteorreceivefromthatwebsitewillbeunencryptedinwhat'scalledplaintext,soit'sjusthumanreadabletoanyoneonthenetworkbetweenyouandthatwebsite.Thisisclearlynotidealifyou'resendingusernamesandpasswordinformationtowebsites,soifyoueverfindaloginpage,orwheneveryougotoaloginpage,lookatthetopleftandmostbrowserswilltellyouinoneortwokindofways.Chromeforinstance,willhaveagreenlocksymbolanditwillsaysecureifyouareusinghttps.Thismeansthatit'ssafetoputinsensitiveinformationandyoucanfeelprettysafeinsendingthatinformationout.That'ssomethingtobeawareofontheinternetandsomethingtogetinthehabitofchecking,youknow,ifawebsite'severaskingforinformation,besuretocheckthat.Becauseevenwebsitesthatareverywell-intentionedmayhavemadeamistakesomewhereandhaveforgottentoimplementhttps.Andthat'ssomethingtobeawareofandmostofthewebismovingtowardshttps,whichisagreatstepanditmeanslessworkandworryforamajorityofpeopleandconsumersoutthere,whichisgood,butoccasionallyyou'llrunintothis.Sobeawareofitandkeepaneyeout.Katie:Gotit.AndanotherthingI'vethoughtaboutismostofuswilluseourcomputersbutreallylikewe'reattachedtoourphone.It'slikeourphonesgowithuseverywherewego.Thereisawholefascinatingfieldofpsychologyemergingabouthowliterallylikeourphonesarechangingourbrainandthat'sobviouslyatopicforanotherday,butaretherespecialthingsweneedtoconsiderorbeawareofwhenwe'reusingsmartphonesformostofouronlineactivitythesedays?Patrick:Sure,thesesmartphonesareoftenveryoverlookedasfarassecuritygoesbecauseit'sjustmyphone,right?Likeit'smyFacebookmachineandmytextmessagingmachine.Theproblemcomesinthatsmartphonesholdanenormousamountofdataaboutyou.Theyholdbasicallyeveryoneyouknow,allyourcontacts,yourFacebookfriendsifyouhaveFacebookinstalled,youknow,anysocialmediahasawholebunchofdataassociatedwithit.Sowhatyouwouldideallyliketodoismakesurethatfulldiscencryptionorwholedeviceencryptionisenabledonyourphone.Bydefault,onmostcurrentphonesitshouldbe,bothandroid

Copyright © 2017 Wellness Mama · All Rights Reserved

9

andiPhonehavebeenupdatedintheirmorerecentreleasestohavethisenabledbydefault.Thisisaveryimportantaspecttohavebecauseifsomeonestealsyourphonetheywon'tbeabletogetintoitevenifyouhaveapasscode.Ifyourphoneisnotfullyencryptedyoucangetalotofthedataoutofthephonewithoutthepasscode.Andthisisanimportantpointbecausehavingsomeone'sphonetojustselltoapawnshopisonethingbutstealingsomeone'sphoneandgoing,I'mgoingtotakealltheinformationand,youknow,youcanruinsomeone'slifejustbytakingtheirphone.Sousefulldiscencryption,Googleonline.Googlethisbecauseit'simportantandthere'reguidestocheckingandenabling.Usestrongpasscodes,passcodesonphonesarenotassecureasapasswordwouldbe.Soifyouhavethatoptiongoaheadanduseitbutuseatleastsixdigitsonapasscodeandpleasedon'tuse11111,123456,samerulesapply.Youknow,youwantdecentlengthanddecententropyonanypassphrasethatyouhave.Katie:Whatabout,Iknowalotofphonesnowareusinglikethumbprintsorsomeareevenusingfacialrecognition,andIknowlikeourlawyerhashadhisopiniononthese,butI'mcurioustohearyoursandthenI'llalsosharekindofwhathesaid.Patrick:Thisisaveryinterestingaspectoftechnologythat'sdeveloping.Biometrics…they'reverypeculiarbecauseapasswordistechnicallysomethingyouknow.Afingerprintissomethingyouhave,andthisisaveryweirddistinctiontomakebutit'simportant.Imean,youleaveyourfingerprintliterallyeverywhereyougoandit'seasyorit'sdoabletotakesomeone'sfingerprintandactuallyunlocktheirphonewithit.Gettingahighqualitypictureofsomeoneisrelativelyeasy,therearewaysto,youknow,foolthebiometricfacescanthat'scomingout.Apple'snewfacialIDis…it'srobustanditworkswellfromeverythingI'vereadonit,butit'snotimmune.Also,aweirddistinctionisforlawenforcement.Ifyouareeverarrestedor,youknow,underinvestigation,ajudgecanissueawarrantforyourfingerprintoryourfacebecausethatissomethingyouhave.Whereasajudgecannotorderawarrantforsomethingyouknow.That'sundertheFifthAmendmentofnottestifyingagainstyourself.I'mnotsayinganyoneoutthere,youknow,listeningtothepodcastisacriminalbutthat'safactandit'sinteresting.Ifthatseemsweirdtoyouorinteresting,Googlethatbecausethereisalotofreallycoolarticlesonthem.Katie:YeahandIknowwecanputsomelinksintheshownotesaswell,thatwasprettymuchwhatthelegalteamhadadvisedaswellwasthatbecauseyoudon't...basicallyanythingprotected,likeyousaid,ifit'sknowledgethatyouhave,it'sprotectedbytheFifthAmendment.SoifyouareforinstancegoingthroughTSAandtheyforsomereasonrequesttogetontoyourphoneyoucanrefuseifit'sinformationthatyouhavebuttheycouldlegallyforceyoutouseyourfingerprint,ortheycouldputthephoneuptoyourfaceforfacialrecognitionbecausethat'ssomethingthatyouhavethat's…soIthinkthat'sanimportantdistinction,hopefullyonethatnoneofuseverhavetofaceorknowbutsomethinggoodtoknownonetheless.Soforphonesthat'skindathething,we'llputsomelinksaswellaboutfulldiscencryptionbecauseIthinkthat'ssomethingalotofpeoplemiss.AnotherquestionIwantedtoatleasttouchonbecauseIhearthetermtossedaroundalot.I'mguessingeverybody'shearditbutprobablydoesn'treallyknowwhatitis,isnetneutrality,socanyoukindofgiveusaprimeronthat?Patrick:Sure,netneutralitybasicallymeansthatinternetserviceproviders,youknow,Comcast,Spectrum,Verizon,AT&T.Whoever,youknow,yourISPis,can'tcontrolwhatcontentgoesthroughorhowfastthatcontent.SonetneutralitysaysthatISPs,internetserviceproviders,musttreatalldataequally.Theycan'tprotecttheirowninterestsbyshuttingoutcompetition.It'sjustequalityofthedatathat'spassingthroughtheinternet.

Copyright © 2017 Wellness Mama · All Rights Reserved

10

Katie:ThatmakessenseandIthink,yeah,that'soneofthosethingsthat'seasytohearasoundbiteona,youknow,anewschannelorsomethingandthinkingthatyouunderstandeithertakeafirmpositiononewayortheother,butit'samuchmorecomplexissue,wecanhavesomelinksintheshownotesaswellonthat.ButIwannaalsotieinalotofthisbecauseifyoulookatit,thisisallstuffthatprettymuchourgenerationhashadtolearntonavigate.Likeourparentsatourageswerenotfacingthesesamesecurityconcernsonline,whichmeansforourchildrenespeciallythesethingsaregonnabecomereallyimperativetoknowandtounderstand,andwe'rejustnowlearningIthinkalotofthethingswearegonnaneedtobeabletoteachourkids.Therecentdatabreachesofthecreditagencies,Ithinkbroughtalotofpeoplerealizationthatevenyourchild'screditforinstance,canbehackedevenifthey'veneverusedit.Andonthatscopeyoucandothingslikefreezingyourchildren'scredittokeepthemsafe,butthesameappliestochildren'sinternetusagebecausealotofus,theinternetissuchapartofourlives.It'seasytojustgiveyourchildrenkindofunfetteredaccesstotheinternet,buttakingintoaccounteverythingwejusttalkedaboutthatdefinitelydoesn'tseemlikethebestapproach.SoIwantedtolikekindadialthisalldowntofromafamilyandachild'sperspectivehowcanwetakestepstokeepourkidssafeonline?Obviouslyrealizinglikeeveryaspectofparenting,youcanneverkeepyourchildtotallysafebutyoucandoalotofthingstohelpmitigatealotofthethingstheywouldencounter.Sowhenitcomestochildrenandtheinternetwhataresomegoodguidelinesthatwecanstartwith?Patrick:Well,firstoff,thisinformationisfromresearchI'vedone.Thisisnotfirsthandknowledge.Idon'thaveanychildrenyet,sothisissomestepsI'vegatheredaround.AndKatie,youmayevenhavesomegoodsuggestionshere.FromwhatI'velookedupandreadabout,oneofthemostimportantthingstodoistousedeviceswithyourchildren.So,youknow,ifyourchildhasaniPad,sitdownwiththem,youknow,onceeveryweek,month,youknow,acoupledays,howevermuch,youknow,wheneveryoucangetthetimetodoit.Sitdownandjustwatchthemusethedevice,seewhattheydo,askthemquestions,engage,andlikeusethesameservicestheyareusing.Iftheyareplayingalittlegame,sitdown,playwiththem,watchitforawhile,makesurethatitdoesn'thaveadsthatpopupthatcan,youknow,startmicro-transactionsand,youknow,that'sapotentialwayforyoutoincursomeharmfromyourchildusingtheirdevice.Makesurethey'renotGooglingaroundforunnecessarythings,oryouknow,thatthey'restayingandtheyknowwheretostayontheinternet.That'simportant.Letthemwatchyoubrowsearound.Doittogether,makeitafamilyevent,andletthempickuponyourhabits.Andyouknow,theseimpliesthatyoushouldhavegoodhabits,whichyoushould,soworkonthatandletthemsee.Youwillneverbeabletopreventyourchildfromgettingintotroubleontheinternet.Theinternet'stoobig,therearetoomanydevices.It'sliterallyeverywherethesedays,youneedtobeabletoteachthemwhattodoandsettheexample.Youknow,useagoodpasswordmanager,usestrongsecuritypractices.Youknow,don'tgotoshadywebsites.Ifyouhavethesehabitstheywillpickitupandwhenevertheygetoldenoughmakesureyoutalktothemaboutpasswords,hopefullyyou'reusingapasswordmanagerforthemwhenthey'reveryyoungforanyaccountstheymayhave.Andanyaccountsthattheywanttoget,makesurethey'rerestrictedandnotfulladminprivileges.Andyouknow,keepthemfairlyasrestrictedasyoucanwhilethey'reyoung,butastheyage,backthoserestrictionsoff.Givethemthetoolstomakemistakesbutmakesurethatthosemistakesaresmallsotheycanlearnfromthemistakeswithoutsevereconsequences.Katie:Yeah,that'ssuchagoodpoint.Ithink,likeIsaid,thisisawholenewworldthatparentsofourtimetodayaregonnahavetolearnhowtonavigate.BecauseIeventhinkwhenIwasakid,mymomtookpictures

Copyright © 2017 Wellness Mama · All Rights Reserved

11

inthescrapbooksbutitwasn'tlikeshecouldsharethattoallofherfriendsthatsheknewinheronlineworld.AndIthinkthat'ssomethingthatmyhusbandandIhaveputalotofthoughtintoishowdowewannaintroduceourkidstotheonlineworldandhowdowewannateachthemresponsibilityinthat.Andforusthatmeant…andthisisnotajudgmentofanyonewhodoesitdifferently,butthatmeansthatwedon'tputthemonlineuntiltheyconsent.AndIknowthat'skindofliketouchypointforalotofpeoplebutIlookbackandthinksomeofthethingsthatareinmyscrapbookfromwhenIwastwoyearsoldIwouldnotreallywantonline.Andwehavetoassume,Ithinkit'sagoodrule…oratleasttoassumethatanythingthatgoesontheinternetmayormaynotbeabletobetakenofftheinternet.Youhavetoassumethatonceit'soutthereitcouldpotentiallybeoutthereforever,andIknowI'veheardalotofparentsjokinglyornotsojokinglysaylike,"Ohman,I'mgladsocialmediadidn'texistwhenIwasincollegeorI'dprobablywouldhavegottenintoalotofmoretrouble,"orthosekindofcomments.Butthesameappliestoourkids,andsothat'swhyourgeneralrulehasbeenwedon'tevenonourownpersonalFacebookpagesorInstagramputpicturesofourkids'facesorusetheirnames.BecauseinoureyeswewantthemtobeabletoconsenttoiforwhentheywannausesocialmediabecauseprobablyweknowlikefutureemployeesorcolleaguesoranyonethattheyencountercouldpotentiallyGooglethemandfindthisinformationthattheymayormaynotwanttoshare.Thepointbeingwefeellikeit'snotourplacetoshareit,butIthinkthatwhatyousaidiskeythatobviouslywecan'tprotectourchildrenfromtheinternet.Technologyisnotgoingaway,it'sgonnabeapartoftheirlivesbutmodelingforourselvesusingtheinternetsafelyandalsogivingthemindependenceatanappropriateageandteachingthembeforewedo,thewaystostaysafe.IthinkIsaythatsamecorrelationwithfoodalot,thatweoftenunderestimatekidsandhowtheyactuallycanmakereallygooddecisionsifwegivethemtheknowledgetodosoandtheindependencetodoso.Andthat'salwaysthehardpartisgivingthemtheindependence.SoIthinkthat'sanimportantpointandIthink...likeIsaid,Ithinkthisisgonnabeawholenewworldthatourkidshavetofacethatwedidnotattheirage.Andourparentscertainlydidnotatourages,soI'mgladthattherearepeoplelikeyououttheregivingtheinformationofhowtonavigateitsafely.AndIthinktheremightbealotoffollow-upquestionstothisepisode.Soifthereare,Iknowthisislikeaprettycomplextopic,soiftherearewemayhavetodoaroundtwooneday,butyoumentionedalotofthings,there'llbelinksintheshownotestoalotofthoseincasepeoplehavefollow-upquestionsortheycancontactyouthroughtheshownotesaswell.Butdoyoukindofwannajustgiveusagoodconclusionoflikedo'sordon'tstorememberwhenyouareonline?Patrick:Yeah.Andwe'llstartwithpasswordsandthemainthingstorememberarepasswordmanagersareagoodthing.Takethetime,andresearchthem,investigateandchooseoneandstickwithit.Useitforallyouraccountsandrememberthatevenifyourpasswordmanagerisholdingyourpasswords,thosepasswordsstillneedtobestrong.Theyneedtobelongandtheyneedtohavehighentropy,theyneedtobeveryrandom.Sorememberthatandthat'llhelpyoualot.Enabletwo-factorandalsotreatsecurityquestionslikethey'reanotherpassword.Anddon'tuseanypubliclyavailableinformationforyourpasswords.Withyourchildren,remembertositdownwiththem,usetheinternetwiththem.Showthemandteachthemgoodpracticesthatwillhelpthemastheygrowbecausetechnologyisnotgoinganywhereandthiswillonlybecomemoreimportantastheygo.OnesuggestionIfoundwastohaveacentralchargingstationinyourhome.Youknow,inthelivingroomorahallwaynotinthebedroom,andthat'swhereanyiPhones,iPads,tablets,anythinglikethat,theyleavethereatnightandthat'swhereyouchargethem.Soifyouwanttouseityouhavetoleaveitthereatnight.AndIknowyou'vetalkedaboutsleepalotonyourpodcastandhavingphonesinthebedroomwhileyou'resleeping,thisisagoodwaytokindofkilltwobirdswithonestone.AndIwouldsuggestthat.

Copyright © 2017 Wellness Mama · All Rights Reserved

12

Katie:Yeah,Ithinkthat'sagreatpieceofadvice,especiallyIknowI'veseensomerecentnewsstoriesofpeople'slikepillowscatchingfirebecausetheytriedtosleepwithit.It'ssomethinglikeatechnologydeviceunderneaththatorlikeweevenjustknowitwiththeirstudiesthatbluelightisharmfultoyourmelatoninatnightanditcanreduceyoursleep.Andwhatparentwantstheirchildtosleepless?SoIthinkthatchargingstationislikeasuper,simplethingthatyoucanimplementthatalsoallowsyoutojustkeepaneyeontheirtablets,ortheirdevices,andtheironlineactivity,andtomakesurethatyou'reteachingthemthosehabitsastheygo.AndIthinkthat'sjustasuperimportantpoint.Butwe'vecoveredsomanythings,likeIsaid,Ithinkwemighthavetodoaroundtwooneday,allthelinkswillbeintheshownotes.Butthankyou,Patrick,somuchforyourtimeandbeinghere.Please,youguyslistentotheadvicehe'sgivenandstaysafeonlinebecauseitisacrazyworldoutthere.SoPatrick,thankyou.Patrick:Thankyouverymuch.Katie:AndthankstoallofyouforlisteningandIwillseeyounexttimeon"TheHealthyMomsPodcast."

Ifyou'reenjoyingtheseinterviews,wouldyoupleasetaketwominutestoleavearatingorreviewoniTunesforme?Doingthishelpsmorepeopletofindthepodcast,whichmeansevenmoremomsandfamiliescouldbenefitfromtheinformation.Ireallyappreciateyourtime,andthanksasalwaysforlistening.