Elizabeth Warren's mission to break up Facebook gets help -- from Facebook

Facebook turns to Twitter to explain outages

Facebook is developing technology that could soon make it possible to read your mind. CEO Mark Zuckerberg detailed how the firm is researching a 'brain-computer interface'
Mark Zuckerberg wants to build a ‘brain-computer interface’ that can read your THOUGHTS, report claims

Mark Zuckerberg wants to build a ‘brain-computer interface’ that can read your THOUGHTS, report claimsDonie O’SullivanCNN Business

Washington DC (CNN Business) – Facebook, the world’s largest social network, relied on Twitter on Wednesday to explain that its apps were experiencing outages around the world.

Some users of Facebook (FB) and other platforms owned by the tech giant, including Instagram, Messenger and WhatsApp, experienced problems accessing the services. Many people went on Twitter to vent their frustration.

In the future, Zuckerberg said the interface would let users interact with augmented reality environments using just their brain - no keyboards, touchscreens or hand gestures required
In the future, Zuckerberg said the interface would let users interact with augmented reality environments using just their brain – no keyboards, touchscreens or hand gestures required

The outages began Wednesday afternoon and appeared to affect people in multiple areas, including the US, Central and South America, and Europe, according to tweets and the outage-tracking site DownDetector.com.

Elizabeth Warren’s mission to break up Facebook gets help — from Facebook

“We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re working to resolve the issue as soon as possible,” Facebook tweeted.

Facebook@facebook

We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re working to resolve the issue as soon as possible.42.9K5:49 PM – Mar 13, 2019Twitter Ads info and privacy29.4K people are talking about this. Despite some early online rumors that the outages were the result of a distributed denial-of-service (DDos) attack — a type of hack in which attackers flood a company’s network — Facebook said in another tweet that “the issue is not related to a DDoS attack.”

Advertisements
Facebook performs U-turn after removing Sen. Elizabeth Warren's ads calling for break up of social media giant and Amazon and Google because they have 'bulldozed the competition and used private information for profit'

Facebook says the future is private messaging, not public posts

Facebook temporarily removed several ads by senator Elizabeth Warren calling for the break up of large tech companies including the social media giant. Pictured: Warren talking about her tech company proposals on Saturday at the SXSW conference in Austin, Texas
Facebook temporarily removed several ads by senator Elizabeth Warren calling for the break up of large tech companies including the social media giant. Pictured: Warren talking about her tech company proposals on Saturday at the SXSW conference in Austin, Texas

“The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.” – CJR Editors mingram@cjr.org via mailchimpapp.net 

On Wednesday, in what seemed like a major shift, Mark Zuckerberg wrote that he wants to reorient Facebook around private, encrypted, and ephemeral messaging, rather than public sharing. This could have significant implications not just for regulators, who have been trying to get Facebook to crack down on offensive and violent content, but also for the future of news and information—including misinformation.

In the past, Zuckerberg has said that his aim was to connect people and make it easier for them to share. And in part because of how Facebook’s advertising engine works, the focus has been on making as much of that sharing as public as possible. But Zuckerberg seems to have changed his views. “As I think about the future of the internet, I believe a privacy-focused communications platform will become even more important than today’s open platforms,” he wrote. “The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.”

More than ever before, Zuckerberg seemed to admit there have been downsides to Facebook’s emphasis on public sharing, including “child exploitation, terrorism and extortion.” He may have been pushed to this realization by the ongoing firestorm of criticism Facebook has received—not just because of the 2016 elections, but also owing to its role in promoting violence in Myanmar, India, and elsewhere. This new commitment to privacy, however, comes with trade-offs, since a more private Facebook is less subject to public scrutiny—and that could make misinformation more difficult to track.

In focusing on the private and ephemeral, Zuckerberg appears to be embracing the model he borrowed (or stole) from Snapchat, which pioneered self-destructing posts in 2011 and turned down a $3 billion acquisition offer from Facebook two years later. Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.

“The future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever.”

More than ever before, Zuckerberg seemed to admit there have been downsides to Facebook’s emphasis on public sharing, including “child exploitation, terrorism and extortion.” He may have been pushed to this realization by the ongoing firestorm of criticism Facebook has received—not just because of the 2016 elections, but also owing to its role in promoting violence in Myanmar, India, and elsewhere. This new commitment to privacy, however, comes with trade-offs, since a more private Facebook is less subject to public scrutiny—and that could make misinformation more difficult to track.

In focusing on the private and ephemeral, Zuckerberg appears to be embracing the model he borrowed (or stole) from Snapchat, which pioneered self-destructing posts in 2011 and turned down a $3 billion acquisition offer from Facebook two years later. Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.

Is Facebook making changes because they are better for users, or because they make life easier for Facebook?

If hateful or violent content will soon appear in private rather than public messages, does that mean the company is no longer liable for the spread of that content?

The latter question has already come up in India, where much of the violence driven by WhatsApp has been fueled by messages posted in private groups.

When it comes to journalism, Facebook’s reorientation seems to take it even further away from being the kind of public distribution outlet many media companies have come to rely on. Although the fruit Facebook offered to publishers may have been poisoned, the reach—and, in some cases, ad revenue—it provided has become a staple of many media business models. Will private sharing mark the end of Facebook’s supposed commitment to helping journalism?

Here’s more on Facebook’s announcement and the reaction to it:

Since then, Facebook has implemented Snapchat-like features in WhatsApp, Instagram, and Messenger.
The latter question has already come up in India, where much of the violence driven by WhatsApp has been fueled by messages posted in private groups.

When it comes to journalism, Facebook’s reorientation seems to take it even further away from being the kind of public distribution outlet many media companies have come to rely on. Although the fruit Facebook offered to publishers may have been poisoned, the reach—and, in some cases, ad revenue—it provided has become a staple of many media business models. Will private sharing mark the end of Facebook’s supposed commitment to helping journalism?

Here’s more on Facebook’s announcement and the reaction to it:

  • Soiled culture: Recode founder Kara Swisher wrote on Twitter that it’s a bit rich for Zuckerberg to suddenly get religion about privacy. “I love that he declares this privacy thing might matter after being a big part of the soiling of online culture with sloppy public sharing tools,” says Swisher. New York Times writer Jon Herrman made a related point, noting that Zuckerberg is now arguing against the very norms of behavior—open, transparent, public—that he promoted for the past decade or so.
The goal, say experts, is to test the West’s defenses. The U.S. and other intelligence agencies have responded by moving into the Ukrainian networks to pick up the signals. “Getting intelligence ahead of time is important,” says Dymtro Shymkiv, the former head of Microsoft in Ukraine and President Petro Poroshenko’s chief adviser on cyber between 2014 and 2018. “Some of the viruses and malware in the energy blackouts in Ukraine were later found in the U.S. and Israel.”

Ukraine: How the Eastern European country became a test bed for Russia cyberweaponry

Illustration by John W. Tomac for POLITICO
Illustration by John W. Tomac for POLITICO

As Russian hackers face down Western spies, the Ukraine has become a live-fire space for hackers LAURENS CERULUS

KIEV|AIWA! NO!| — To see the warfare of the future, head to the top floor of a nondescript office tower on a potholed street on the scruffy outskirts of Ukraine’s capital. There, next to a darkened conference room, engineers sit at dark gray monitors, waging war with lines of code.

“Attacks are happening every day,” says Oleh Derevianko, founder of the Ukrainian cybersecurity firm that employs them, Information Systems Security Partners. “We never thought we were going to be the front line of cyber and hybrid war.”

There may be no better place to witness cyber conflict in action than Ukraine today. Open warfare with Russia, a highly skilled, computer-literate pool of talent and a uniquely vulnerable political, economic and IT environment have made the country the perfect sandbox for those looking to test new cyberweapons, tactics and tools.

“Ukraine is live-fire space,” says Kenneth Geers, a veteran cybersecurity expert and senior fellow at the Atlantic Council who advises NATO’s Tallinn cyber center and spent time on the ground in Ukraine to study the country’s cyber conflict. Much like global powers fought proxy wars in the Middle East or Africa during the Cold War, Ukraine has become a battleground in a cyberwar arms race for global influence.

Derevianko’s outfit works closely with the Ukrainian government and its U.S. and European allies to fend off onslaughts against the country’s networks. On the other side of the virtual front line: Not just sophisticated Russian-affiliated hacker groups like Fancy Bear, Cozy Bear and Sandworm — the group behind “NotPetya,” the most devastating cyberattack to date — but also hosts of other governmental, nongovernmental and criminal players testing out their capabilities on the country’s networks.

“They’re not only testing destruction but also testing your reflexes” — Oleh Derevianko, founder of Information Systems Security Partners

Activity has spiked ahead of presidential elections in March, says Derevianko. Since November, hacker groups have been shelling Ukrainian magistrates, government officials, attorneys and others with emails that contain attachments with malware and viruses — sometimes disguised as Christmas greetings, or as messages from the prime minister’s office — in what Derevianko describes as “mass phishing.”

Russian hacker groups are repeatedly attempting to get into the country’s systems, Ukraine’s national security service told POLITICO. Critical infrastructure and election systems are under constant stress, it said.

“They’re not only testing destruction but also testing your reflexes,” says Derevianko.

Russia’s playground

The war in eastern Ukraine has given Russian-affiliated hackers the opportunity to perfect their ability to launch cyberattacks with a series of major intrusions in Ukraine over the past few years.

“The annexation of Crimea and war in Donbas, it has created a volatile political environment,” says Merle Maigre, the former head of NATO’s cyberdefense center in Tallinn who is now executive vice president at the Estonian cybersecurity firm CybExer.

Even as Russian tanks crossed the physical border into eastern Ukraine in the spring of 2014, Russian-affiliated hackers were sending malicious code onto Ukraine’s IT systems, providing political chaos as a smokescreen.

Three days before the presidential election in May 2014, hackers broke into Ukraine’s Central Election Commission and disabled parts of the network using advanced cyberespionage malware, according to a report by the International Foundation of Electoral Systems funded by the U.S. and U.K. and seen by POLITICO. The Central Election Commission was hit again later that year, when hackers took down its website ahead of a parliamentary vote in October.

Large-scale attacks followed the next year, and again in 2016. The targets, this time, were companies running Ukraine’s power grid. In 2015, hackers used so-called BlackEnergy malware, dropped on companies’ networks using spear phishing attacks that tricked employees into downloading from mock emails. So-called KillDisk malware later destroyed parts of the grid.

The resulting blackouts — the world’s first known successful cyberattack on an energy company at scale — affected about 230,000 Ukrainians for up to six hours. A year later, in December 2016, hackers relied on even more sophisticated tools to successfully turn off the lights in large parts of the Ukrainian capital yet again.

But the widest-reaching attack — and the world’s most financially damaging to date — took place in 2017, when hackers combined code tested in the power grid attacks with malware known as “Petya” and a security vulnerability initially discovered by the U.S. National Security Agency called EternalBlue.

Danish shipping behemoth Maersk was crippled by a 2017 malware attack | Leon Neal/Getty Images
Danish shipping behemoth Maersk was crippled by a 2017 malware attack | Leon Neal/Getty Images

The resulting malware — “NotPetya” — compromised the software of a small tech firm called Linkos Group, providing it access to the computers of utility companies, banks, airports and government agencies in Ukraine. It also crippled multinationals like the Danish shipping giant Maersk, logistics giant FedEx, pharma company Merck and other major corporations.

The NotPetya attack — which cost an estimated $10 billion to clean up — was “as close to cyberwar” as we’ve come, says Geers. “This was the most damaging attack in history, of a scale and cost that would far exceed a missile fired from the Donbas into Kiev.”

Cyber sandbox

The free-for-all environment of a country at war has turned Ukraine into a magnet for players of all types looking to test their cyber capabilities. In addition to hostile Russian hackers, the country has attracted cybersecurity firms looking to get close to the action, Western intelligence agencies seeking to understand the nature of modern conflict and criminals looking to make a buck.

“Donbas is basically lit up with malware. That’s intelligence services trying to figure out what Russia is going to do next in Donbas, trying to figure out what [Russian President Vladimir] Putin is up to,” says Geers, the Atlantic Council’s cybersecurity expert. “The U.S., China, Russia, Israel, Turkey, Iran — it’s coming from everywhere.”

In addition to the ongoing military conflict, Ukraine offers a tempting target because so many of the country’s computers run pirated software, which doesn’t receive standard security patches. And, because it is well integrated with Western European internet networks, the country offers a backdoor to hack the rest of Europe.

Russian President Vladimir Putin | Mikhail Klimentyev/AFP via Getty Images

Russian President Vladimir Putin | Mikhail Klimentyev/AFP via Getty Images

Constant attempted attacks by hacker groups such as Fancy Bear, Cozy Bear and Turla are putting critical infrastructure and election systems under constant stress, Ukraine’s national security told POLITICO.

The goal, say experts, is to test the West’s defenses. The U.S. and other intelligence agencies have responded by moving into the Ukrainian networks to pick up the signals.

“Getting intelligence ahead of time is important,” says Dymtro Shymkiv, the former head of Microsoft in Ukraine and President Petro Poroshenko’s chief adviser on cyber between 2014 and 2018. “Some of the viruses and malware in the energy blackouts in Ukraine were later found in the U.S. and Israel.”

Ukrainian authorities, he says, exchange cyber intel for help in fending off the hackers.

“Whenever we identified malware, we uploaded it to special services where manufacturers of anti-virus could analyze it,” says Shymkiv. His cyber team sometimes worked with expert communities on platforms like Hybrid Analysis or ANY.RUN, a technique known as “cloud-based sandboxing,” where researchers can access the data and get in touch with those affected by malware, he says.

“U.S. counterparts, they are requesting a lot of information and interacting very productively” — Roman Boyarchuk, head of Ukraine’s State Cyber Protection Center

Washington has invested heavily in cyber resilience in Ukraine since 2014. USAID alone freed up a pot of $10 million (€8.9 million) for cybersecurity defenses, and a sizeable part of its much larger budget to support Ukraine goes to securing IT systems in the country.

U.S. companies, such as tech giant Microsoft, have also beefed up their presence in the country. Hardware leader Cisco has a strong foothold that includes its renowned cyberintelligence unit Talos. And U.S. cyber firm CrowdStrike, known for bullishly calling out state-sponsored hacks, is also active in the country, as are many others.

The U.S. and Europe are also investing in seminars and training for Ukrainian cybersecurity staff, and are involved in day-to-day assistance via the International Foundation for Electoral Systems (IFES), an international organization backed by democracies worldwide to help out with holding elections, and other channels.

“U.S. counterparts, they are requesting a lot of information and interacting very productively,” says Roman Boyarchuk, the head of Ukraine’s State Cyber Protection Center, the authority tasked with fending off attackers from government networks. American and European cybersecurity authorities regularly ask for more details about his agency’s analysis of major threats, he says.

Hackers are ramping up their activity ahead of Ukraine's March election | Tomohiro Ohsumi/Getty Images
Hackers are ramping up their activity ahead of Ukraine’s March election | Tomohiro Ohsumi/Getty Images

Activity has increased ahead of Ukraine’s national election in March, experts say, as smaller groups and individual hackers and criminals look for financial gain.

“They’re scanning the networks and sending a lot of malware in order to find the breaches, the vulnerabilities,” says Boyarchuck, of the national cyber emergency team. “They are taking control, recording this control, putting it into databases and selling it.”

The hackers then find buyers for these credentials or access into confidential networks. Large data sets are sold on dark web marketplaces to anyone willing to pay the price.

“Everyone is buying it,” says Boyarchuk. “Corporate competitors, state actors, anybody.”

Fears of contagion

For Kiev’s cyber helpers, the goal is not just to help out a developing country under pressure. As Ukraine becomes ever more integrated with the West, there’s a strong fear of contagion. A successful cyberattack in Kiev, they fear, can easily slip the country’s borders and infect computers across the globe.

That’s become especially true following Ukraine’s shift toward the West, which triggered Russia’s aggression. The country’s 2014 Association Agreement with the EU came with a “deep and comprehensive free-trade agreement” in place since 2016 that has strengthened economic ties. And with the increase in trade has come added data flows and interactions in its internet networks.

The 2017 “NotPetya” attack was a painful example of the risks that come with this kind of entanglement: An attack starting in a small tech firm in Ukraine spread to companies and government agencies across the world, grinding the business of international heavy-hitters to a halt.

“We provided them with political support, we’ve supported Ukraine in providing guns and ammo. Now we’re moving to cyber” — Edvinas Kerza, Lithuania’s vice minister of national defense

NotPetya “was when everybody realized how vulnerable we are when Ukraine gets hit,” says Maigre, the former head of NATO’s cyberdefense center. “It easily blows over to Europe and beyond.”

For the EU, in particular, the attack underlined the urgency of beefing up Ukraine’s cyberdefenses.

Since then, European countries have set up bilateral assistance deals. Estonia, for example, is heavily involved in helping Ukrainian authorities set up a secure electoral IT system. Lithuania is also active, according to Edvinas Kerza, the country’s vice minister of national defense.

“We provided them with political support, we’ve supported Ukraine in providing guns and ammo,” says Kerza. “Now we’re moving to cyber.”

The EU’s eye is now on securing the upcoming presidential election at the end of March.

March's vote in Ukraine could provide valuable insight on cyberweaponry for the EU | John MacDougall/AFP via Getty Images
March’s vote in Ukraine could provide valuable insight on cyberweaponry for the EU | John MacDougall/AFP via Getty Images

“We strongly expect Russia will try to influence the course of Ukraine’s presidential and parliamentary elections in 2019,” Ukraine’s security service said in an email, adding that the greatest threat comes from special services launching “purposeful, long-term cyberattacks with state interests in mind.”

Above all, the March vote could provide valuable insight for the EU, as it braces for cyberattacks on its European election at the end of May. That vote — in which voters in 27 countries will choose a new European Parliament and by extension decide who sits at the helm of the EU’s top institutions — is uniquely vulnerable to interference.

What happens in Kiev today could easily happen in Berlin, Rome or Amsterdam tomorrow, experts say. Ukraine “is sort of like a litmus test,” says Maigre. The stream of phishing emails, the data sold on the dark web, the new types of malware — all of it can pop up west of Ukraine at any time. “That’s why it is interesting to see how it all plays out in the elections,” she says.

Related stories on these topics:
Advancing the European response to nation-state cyber-attacks

Europe: Microsoft offers Europe cyber security service ‘AccountGuard’ to protect region from continued Russia cyber threats

Microsoft Corp on Wednesday said it will offer its cyber security service AccountGuard to 12 new markets in Europe including Germany, France and Spain, to close security gaps and protect customers in political space from hacking.
Microsoft offers Microsoft AccountGuard to twelve new markets across Europe, providing comprehensive threat detection and notification to eligible organizations at no additional cost and customized help to secure their systems

Microsoft Corp on Wednesday said it will offer its cyber security service AccountGuard to 12 new markets in Europe including Germany, France and Spain, to close security gaps and protect customers in political space from hacking. 

(Reuters) (AIWA! NO!)- Microsoft Corp on Wednesday said it had discovered hacking targeting democratic institutions, think tanks and non-profit organizations in Europe and plans to offer a cyber security service to several countries to close security gaps.

The attacks occurred between September and December 2018, targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund, the company said here in a blog post.

Microsoft discovers hacking targeting democratic institutions in Europe

Microsoft said the activity, which was found through the company’s Threat Intelligence Center and Digital Crimes Unit, targeted 104 employee accounts in Belgium, France, Germany, Poland, Romania, and Serbia.

Advancing the European response to nation-state cyber-attacks

Microsoft said many of the attacks originated from a group called Strontium, which the company has previously associated with the Russian government.

The Official Microsoft Blog - Microsoft
Welcome to the EU Policy Blog, Microsoft's platform for sharing insights on the issues impacting Europe in the digital age. This is a forum to discuss the ...
The Official Microsoft Blog – MicrosoftWelcome to the EU Policy Blog, Microsoft’s platform for sharing insights on the issues impacting Europe in the digital age. This is a forum to discuss the …

Strontium, one of the world’s oldest cyber espionage groups, has also been called APT 28, Fancy Bear, Sofancy and Pawn Storm by a range of security firms and government officials. Security firm CrowdStrike has said the group may be associated with the Russian military intelligence agency GRU.

Microsoft said it will expand its cyber security service AccountGuard to 12 new markets in Europe including Germany, France and Spain to help customers secure their accounts.

The AccountGuard service will also be available in Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal and Slovakia.

Ahead of a critical European Parliament election in May, German officials are trying to bolster cyber security after a far-reaching data breach by a 20-year-old student laid bare the vulnerability of Europe’s largest economy.

Reporting by Shubham Kalia and Ishita Chigilli Palli in Bengaluru, Editing by Sherry Jacob-Phillips, Bernard Orr

Marriott data breach: New year, new tactics to keep your personal info safe after Marriott data breach

Money you spend now (a premium password manager, for instance) may keep the money you have safe. — dpa

Money you spend now (a premium password manager, for instance) may keep the money you have safe. — dpa

Wrong, wrong, wrong, and especially wrong, experts say.

Marriott International acknowledged on Friday that an “unauthorized party had copied and encrypted information” belonging to about 500 million customers on its Starwood reservations system.

LOS ANGELES – |AIWA! NO!|As consumers, we’re thinking about data breaches all wrong. We ask how something like this can happen. We are shocked when 383 million people, more than the population of the United States, are potentially affected by digital evil-doers. We think nothing will happen to us. And we continue on our merry way. 

The Marriott data breach might better be called the Starwood breach because it was its brands that were affected. (The 383 million number was recently updated after duplicates were removed, so the number has dropped by 117 million.) 

Marriott acquired Starwood in 2016. If you stayed at a Sheraton, W, Aloft, St. Regis, Westin, Element, Luxury Collection, Le Meridien or Four Points, your data may have been exposed. 

Marriott International acknowledged on Friday that an “unauthorized party had copied and encrypted information” belonging to about 500 million customers on its Starwood reservations system.CreditCreditMauritz Antin/EPA, via Shutterstock

Marriott International acknowledged on Friday that an “unauthorized party had copied and encrypted information” belonging to about 500 million customers on its Starwood reservations system.CreditCreditMauritz Antin/EPA, via Shutterstock

That includes “people’s names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information”, the US Federal Trade Commission said on its website. “For some, they also stole payment card numbers and expiration dates.” 

For info on that breach, go to answers.kroll.com 

Interviews with three experts in this field persuaded me to change my point of view on how I look at personal information, especially when it comes to travel. Here’s what they explained to me: 

First, your information probably will be compromised at some point. 

It’s time to switch from asking, “How can something like this happen?” to thinking, “I am pretty sure this is going to happen.” 

Companies can try to block every threat, but they can’t. And those that brag they are breach-proof are asking for trouble. 

Bad guys “look at those challenges and take them on … for the challenge” of trying to break through, said Randolph Morris, chief technical officer for Releventure, a digital marketing company in Mission Viejo. 

Second, your information is not safe even if you were not affected by the breach. 

You and your information might be safe this time, but there are many ways into your digital life. 

Ray Rothrock, chairman and chief executive of RedSeal, a cybersecurity analytics platform, recalls being on hotel Wi-Fi and seeing hundreds of other devices sharing that network. “Every device has vulnerabilities,” he said. Bad guys “go after low-hanging fruit”. He said they think this way: “If I can see it, I can hack it.” 

Third, you are your own best defence. 

You may not be a security genius, but you can help build little fortresses around your world, Rothrock said. The idea, he said, is containment. 

Today, people have about 200 digital accounts, said Emmanuel Schalit, chief executive of Dashlane, a password management app. That’s a whole lot of numbers, characters and letters to remember, because you are using a different password for each one. 

Aren’t you? 

If not, here are some ways to protect yourself in the absence of protection from any company. 

Use different passwords for every account you have, each expert said. That matters, each said, because if you use the same password for every account, what’s to stop the hackers from accessing every account? 

Here’s how Schalit described it: “Imagine you have 200 copies of the keys to your home and every time someone comes to your house, you (give) them one. None of us would ever do that in the real world.” You shouldn’t be doing it in the digital one. 

Use a password manager. Schalit, of course, would say that. (Full disclosure: I adopted Dashlane three years ago before I knew of Schalit because it came free on my new PC. I liked it so much I upgraded to premium so I can have it across all my devices.) Morris uses LastPass, and Rothrock uses 1Password. PC Magazine offers its best list: lat.ms/PCMagpasswordmgr

A complicated password may be fine, but if used repeatedly, it’s no deterrent, Schalit said. 

Change your passwords. Switching may foil hackers, and if you have a password manager, you need to remember only the password to get in to your vault. Again, secure WiFi is key. 

Nag your friends and family to get a password manager. OK, Schalit didn’t exactly say you should nag, but when I told him I had tried, without success, to get family members to use this form of protection, he didn’t disagree that nagging is appropriate, so I took that as an affirmation. 

Use two-factor authentication if you can. It’s another layer of security. It keeps bad guys out by asking for a second verification besides your password. It may be a PIN you have set up, a number sent to your phone or a fingerprint. It sends a text, calls you or asks for a pass code. 

Check your accounts – credit card and checking. Morris monitors his carefully every two weeks. Although this can’t prevent a problem, it can alert you to one. 

If your credit card has this feature, ask to be notified about unusual purchases. Sometimes, those who have compromised your credit card will put through a charge of a dollar or two. Once they realise they have a valid account, they will try a big charge. With an alert system – text, call or email – you can prevent false charges, although you probably will have to get a new credit card. 

Carry two credit cards when you travel – one as your main form of payment and one as a backup. Monitor these cards closely, but make sure you are using secure WiFi. 

Turn on your firewall in your PC, which should block potentially problematic communications. Here is how to do that if you’re a Windows user: lat.ms/WindowsFirewall. Here’s how to do this on a Mac: lat.ms/MacFirewall

There may come a day when there will be consistent governmental security oversight. Beginning in 2020, devices that connect to the Internet must have security, mandated by legislation signed by California Governor Jerry Brown before he left office. 

Whether you agree that government needs to be involved is a debate for later. For now, be your own best friend. Money you spend now (a premium password manager, for instance) may keep the money you have safe. – Los Angeles Times/Tribune News Service.