account-based literacy a new focus in library computer instruction

Account-Based Literacy

A New Focus in Library Computer Instruction

@decirella - Account-based Literacy - CLA April 30, 2013

David CirellaNew York Institute of Technology, Manhattan Library

@decirella

cirella.org

Account-Based Literacy Goals

Provide patrons with knowledge to:Keep their privacy safeKeep their online accounts safeKeep their data safe


Account based literacy?


CharacteristicsOnline services that require some

contribution on the part of the user

Creating an accountEntering personal informationContributing content


Characteristics

Creating an accountUsername, email, password

Entering personal informationName, address, email, phone number, hobbies,

likesContributing content

Personal photos, text, videos, comments, location


The Services


The Services

eBooks – Overdrive, Amazon, Barnes & NobleShopping – Amazon, Zappos, eBayEntertainment – Netflix, Hulu, AmazonSocial Networking – Facebook, Twitter, LinkedinOnline Storage - Dropbox, Evernote, Box.netEverything Else = Google, Apple


What Do These Have in Common?Apple, Facebook, Yahoo mail, Tumblr, Twitter, Microsoft, Evernote, Nationwide insurance, Zappos, State of South Carolina, Dropbox,

Sony, Sega, Citigroup, last.fm, Hotmail, AOL, Gawker Media, Monster.com, Comcast, MSN, SBC Global, Verizon, TJ Max, BellSouth, Living Social, Overdrive, Amazon, Google, Pinterest, Peoples, Bank of America, Ebay, Paypal, Flickr,

and Live.com


All require the creation of a personal account &

the contribution of personal information

What Do These Have in Common?

Apple, Facebook, Yahoo mail, Tumblr, Twitter, Microsoft, Evernote, Nationwide insurance,

Zappos, State of South Carolina, Dropbox, Sony, Sega, Citigroup, last.fm, Hotmail, AOL, Gawker

Media, Monster.com, Comcast, MSN, SBC Global, Verizon, TJ Max, BellSouth, Living Social, Overdrive, Amazon, Google, Pinterest, Peoples,

Bank of America, Ebay, Paypal, Flickr, and Live.com


These are the services our patrons want to

learn and use

These serivces have already been breached


2011 breach of Sony's PlayStation network resulted in 100 million accounts being exposed


Password hashes belonging to 6 million LinkedIn users were leaked, more than 90 percent of passwords were cracked in just six days.


LivingSocial.com, a site that offers daily coupons on restaurants, spas, and other services, has suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users


Why?

We are increasingly living onlineWe are sharing increasingly personal parts of

our lives onlineWe are being pulled into these services from

all directionsWe will forever be tied to our actions,

usernames, and content online


Why?


Two-thirds of online American adults (67%) are Facebook users

http://pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx

More than 71% of social networking users ages 18-29 have changed the privacy settings on their profile to limit what they share with others online.

http://pewinternet.org/Reports/2010/Reputation-Management.aspx



Why?


Why?


Reputation management has now become a defining feature of online life for many internet users, especially the young.

http://pewinternet.org/Reports/2010/Reputation-Management.aspx

Why?

Data is fragileData is deeply personal

Data stored by a third party is not as important to them as it is to youIt may not be profitable for facebook to keep your

photos safe forever


Why Us?

We are educatorsWe can teach cutting edge technology Libraries are a place of last resort

We owe it to our patrons to arm them with the tools needed to protect themselves


Why Now?

All mainstream services operate on an account-based model

Account-based services motivate many to start using computers

Motivate many to seek out instruction


Why Now?

MobileNon-traditional computer users adopting

mobile, tablet, ereader- platforms

Area of heaviest intergration is mobile


Why Now?

Cyberbullying78% of teens now have a cell phone, and almost

half (47%) of them own smartphones. That translates into 37% of all teens who have smartphones, up from just 23% in 2011.

95% of teens use the internet.

http://pewinternet.org/Reports/2013/Teens-and-Tech.asp


Why Now?

An average PC can try on average 8.2 billion password combinations each second

Leaks over of over 100 million real-world passwords allows programmers to write faster cracking algorithms

(http://arstechnica.com/security/2012/08/passwords-under-assault/)


Now what?


Account-based Literacy Training

Three Goals 1. Protecting accounts (reputation)2. Protecting privacy3. Preserving data


Protecting Accounts

Avoid password reuseUnique passwords must be used with each

account Avoid cascading account breaches in the event of

a compromise


The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them.


https://research.microsoft.com/pubs/74164/www2007.pdf)

Protecting Accounts

Use strong passwords.Avoid simple words found in the dictionaryUse uppercase, lowercase, numbers, symbolsPasswords that are longer in length are also less

vulnerable to attack.Ideally 20 characters or more with po0RspEllEng

grAmm.eeRthe


Protecting Accounts

Pass phrase not password

puppy@Grandmas4vacation

23 characters longNumbers, symbols, mixed caseEasy to remember, hard to guess


Protecting Accounts25 Worst Password of 2012 password 123456 12345678 abc123 qwerty monkey letmein dragon 111111 baseball iloveyou trustno1 1234567

sunshine master 123123 welcome shadow ashley football jesus michael ninja mustang password1

@decirella - Account-based Literacy - CLA April 30, 2013http://www.cnn.com/2012/10/25/tech/web/worst-passwords-2012

Protecting Accounts

2 Factor AuthenticationUse your password and temporary passcode

delivered to your mobile phone


Protecting Accounts

Password Keepers- lockersSoftware/services that store all your passwords

under one “lock” and keyEnables the easy use of very strong, complex,

unique password without burdenBrowser and mobile integrationlastpass


Protecting Accounts

Account recoveryHow easy are the account recovery answers?


Protecting Privacy

Hierarchy of privilege regarding personal informationConsider what the service iswhat information is needed how it’s likely to be used


Protecting Privacy

Privacy SettingsDifferent for every serviceLimit or expose information


Protecting Privacy

Data mining / Account linkingThird-party data miners link online accounts

together into a coherent, single profile


Preserving Data

Danger of data loss Keep personal backup copies of any data held in

online servicesMake backup copies of others data that you want

to keep (photos you appear in but are not part of your account)


Preserving Data

MobileDevices that exclusively rely on account-based

services but have no simple backup option.Data created in mobile apps is often held online

and accessed by user accounts. Patrons must be aware of and use data export tools to keep local backup copies of all valuable data.


Implementation

Get patrons thinking about these issuesDevelop good habits Not zero sum- every little bit helps


Implementation

Appropriate for inclusion in all types of computer instruction

Relate to specific services and applicationsAll types of users


Implementation

Public LibraryIntegrate related topics: internet basics, social

networking, and job searching Connect with youth and parents as relating to

cyberbullyingAcademic Library

Integrate with dropbox, google doc instruction, blackboard, turn it in


Recommended Security Resources

http://security4lib.org/https://isc.sans.edu/http://www.h-online.com/http://www.schneier.com/blog/http://www.us-cert.gov/http://www.grc.com/securitynow.htm


Thank You


@decirella

cirella.org

Account-Based LiteracyA New Focus in Library Computer Instruction

CLA April 30, 2013

account-based literacy a new focus in library computer instruction

Education

account based literacy

based literacy cla

decirella account

personal account

facebook usershttp

online accounts safekeep

mainstream services

characteristicsonline