account-based literacy a new focus in library computer instruction
DESCRIPTION
Presented at the 2013 Connecticut Library Association conference.TRANSCRIPT
Account-Based Literacy
A New Focus in Library Computer Instruction
@decirella - Account-based Literacy - CLA April 30, 2013
David CirellaNew York Institute of Technology, Manhattan Library
@decirella
cirella.org
Account-Based Literacy Goals
Provide patrons with knowledge to:Keep their privacy safeKeep their online accounts safeKeep their data safe
@decirella - Account-based Literacy - CLA April 30, 2013
Account based literacy?
@decirella - Account-based Literacy - CLA April 30, 2013
CharacteristicsOnline services that require some
contribution on the part of the user
Creating an accountEntering personal informationContributing content
@decirella - Account-based Literacy - CLA April 30, 2013
Characteristics
Creating an accountUsername, email, password
Entering personal informationName, address, email, phone number, hobbies,
likesContributing content
Personal photos, text, videos, comments, location
@decirella - Account-based Literacy - CLA April 30, 2013
The Services
@decirella - Account-based Literacy - CLA April 30, 2013
The Services
eBooks – Overdrive, Amazon, Barnes & NobleShopping – Amazon, Zappos, eBayEntertainment – Netflix, Hulu, AmazonSocial Networking – Facebook, Twitter, LinkedinOnline Storage - Dropbox, Evernote, Box.netEverything Else = Google, Apple
@decirella - Account-based Literacy - CLA April 30, 2013
What Do These Have in Common?Apple, Facebook, Yahoo mail, Tumblr, Twitter, Microsoft, Evernote, Nationwide insurance, Zappos, State of South Carolina, Dropbox,
Sony, Sega, Citigroup, last.fm, Hotmail, AOL, Gawker Media, Monster.com, Comcast, MSN, SBC Global, Verizon, TJ Max, BellSouth, Living Social, Overdrive, Amazon, Google, Pinterest, Peoples, Bank of America, Ebay, Paypal, Flickr,
and Live.com
@decirella - Account-based Literacy - CLA April 30, 2013
All require the creation of a personal account &
the contribution of personal information
What Do These Have in Common?
Apple, Facebook, Yahoo mail, Tumblr, Twitter, Microsoft, Evernote, Nationwide insurance,
Zappos, State of South Carolina, Dropbox, Sony, Sega, Citigroup, last.fm, Hotmail, AOL, Gawker
Media, Monster.com, Comcast, MSN, SBC Global, Verizon, TJ Max, BellSouth, Living Social, Overdrive, Amazon, Google, Pinterest, Peoples,
Bank of America, Ebay, Paypal, Flickr, and Live.com
@decirella - Account-based Literacy - CLA April 30, 2013
These are the services our patrons want to
learn and use
These serivces have already been breached
@decirella - Account-based Literacy - CLA April 30, 2013
2011 breach of Sony's PlayStation network resulted in 100 million accounts being exposed
@decirella - Account-based Literacy - CLA April 30, 2013
Password hashes belonging to 6 million LinkedIn users were leaked, more than 90 percent of passwords were cracked in just six days.
@decirella - Account-based Literacy - CLA April 30, 2013
LivingSocial.com, a site that offers daily coupons on restaurants, spas, and other services, has suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users
@decirella - Account-based Literacy - CLA April 30, 2013
Why?
We are increasingly living onlineWe are sharing increasingly personal parts of
our lives onlineWe are being pulled into these services from
all directionsWe will forever be tied to our actions,
usernames, and content online
@decirella - Account-based Literacy - CLA April 30, 2013
Why?
@decirella - Account-based Literacy - CLA April 30, 2013
Two-thirds of online American adults (67%) are Facebook users
http://pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx
More than 71% of social networking users ages 18-29 have changed the privacy settings on their profile to limit what they share with others online.
http://pewinternet.org/Reports/2010/Reputation-Management.aspx
Why?
@decirella - Account-based Literacy - CLA April 30, 2013
Why?
@decirella - Account-based Literacy - CLA April 30, 2013
Reputation management has now become a defining feature of online life for many internet users, especially the young.
http://pewinternet.org/Reports/2010/Reputation-Management.aspx
Why?
Data is fragileData is deeply personal
Data stored by a third party is not as important to them as it is to youIt may not be profitable for facebook to keep your
photos safe forever
@decirella - Account-based Literacy - CLA April 30, 2013
Why Us?
We are educatorsWe can teach cutting edge technology Libraries are a place of last resort
We owe it to our patrons to arm them with the tools needed to protect themselves
@decirella - Account-based Literacy - CLA April 30, 2013
Why Now?
All mainstream services operate on an account-based model
Account-based services motivate many to start using computers
Motivate many to seek out instruction
@decirella - Account-based Literacy - CLA April 30, 2013
Why Now?
MobileNon-traditional computer users adopting
mobile, tablet, ereader- platforms
Area of heaviest intergration is mobile
@decirella - Account-based Literacy - CLA April 30, 2013
Why Now?
Cyberbullying78% of teens now have a cell phone, and almost
half (47%) of them own smartphones. That translates into 37% of all teens who have smartphones, up from just 23% in 2011.
95% of teens use the internet.
http://pewinternet.org/Reports/2013/Teens-and-Tech.asp
@decirella - Account-based Literacy - CLA April 30, 2013
Why Now?
An average PC can try on average 8.2 billion password combinations each second
Leaks over of over 100 million real-world passwords allows programmers to write faster cracking algorithms
(http://arstechnica.com/security/2012/08/passwords-under-assault/)
@decirella - Account-based Literacy - CLA April 30, 2013
Now what?
@decirella - Account-based Literacy - CLA April 30, 2013
Account-based Literacy Training
Three Goals 1. Protecting accounts (reputation)2. Protecting privacy3. Preserving data
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Accounts
Avoid password reuseUnique passwords must be used with each
account Avoid cascading account breaches in the event of
a compromise
@decirella - Account-based Literacy - CLA April 30, 2013
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them.
@decirella - Account-based Literacy - CLA April 30, 2013
https://research.microsoft.com/pubs/74164/www2007.pdf)
Protecting Accounts
Use strong passwords.Avoid simple words found in the dictionaryUse uppercase, lowercase, numbers, symbolsPasswords that are longer in length are also less
vulnerable to attack.Ideally 20 characters or more with po0RspEllEng
grAmm.eeRthe
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Accounts
Pass phrase not password
puppy@Grandmas4vacation
23 characters longNumbers, symbols, mixed caseEasy to remember, hard to guess
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Accounts25 Worst Password of 2012 password 123456 12345678 abc123 qwerty monkey letmein dragon 111111 baseball iloveyou trustno1 1234567
sunshine master 123123 welcome shadow ashley football jesus michael ninja mustang password1
@decirella - Account-based Literacy - CLA April 30, 2013http://www.cnn.com/2012/10/25/tech/web/worst-passwords-2012
Protecting Accounts
2 Factor AuthenticationUse your password and temporary passcode
delivered to your mobile phone
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Accounts
Password Keepers- lockersSoftware/services that store all your passwords
under one “lock” and keyEnables the easy use of very strong, complex,
unique password without burdenBrowser and mobile integrationlastpass
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Accounts
Account recoveryHow easy are the account recovery answers?
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Privacy
Hierarchy of privilege regarding personal informationConsider what the service iswhat information is needed how it’s likely to be used
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Privacy
Privacy SettingsDifferent for every serviceLimit or expose information
@decirella - Account-based Literacy - CLA April 30, 2013
Protecting Privacy
Data mining / Account linkingThird-party data miners link online accounts
together into a coherent, single profile
@decirella - Account-based Literacy - CLA April 30, 2013
Preserving Data
Danger of data loss Keep personal backup copies of any data held in
online servicesMake backup copies of others data that you want
to keep (photos you appear in but are not part of your account)
@decirella - Account-based Literacy - CLA April 30, 2013
Preserving Data
MobileDevices that exclusively rely on account-based
services but have no simple backup option.Data created in mobile apps is often held online
and accessed by user accounts. Patrons must be aware of and use data export tools to keep local backup copies of all valuable data.
@decirella - Account-based Literacy - CLA April 30, 2013
Implementation
Get patrons thinking about these issuesDevelop good habits Not zero sum- every little bit helps
@decirella - Account-based Literacy - CLA April 30, 2013
Implementation
Appropriate for inclusion in all types of computer instruction
Relate to specific services and applicationsAll types of users
@decirella - Account-based Literacy - CLA April 30, 2013
Implementation
Public LibraryIntegrate related topics: internet basics, social
networking, and job searching Connect with youth and parents as relating to
cyberbullyingAcademic Library
Integrate with dropbox, google doc instruction, blackboard, turn it in
@decirella - Account-based Literacy - CLA April 30, 2013
Recommended Security Resources
http://security4lib.org/https://isc.sans.edu/http://www.h-online.com/http://www.schneier.com/blog/http://www.us-cert.gov/http://www.grc.com/securitynow.htm
@decirella - Account-based Literacy - CLA April 30, 2013
Thank You
@decirella - Account-based Literacy - CLA April 30, 2013
@decirella
cirella.org
Account-Based LiteracyA New Focus in Library Computer Instruction
CLA April 30, 2013