issuhub.com

Windows Help & Advice – May 2019

(Joyce) #1

Set up a VPN


We’re big fans of virtual private
networks (VPNs), and for good reason.
They mask your identity and encrypt all
data sent and received over the Internet,
making them an essential tool if you
regularly browse on unencrypted
wireless networks, such as public
hotspots. VPN providers are ten-a-
penny, and there are three we
recommend. All work on mobile as well
as desktop, letting you cover all your
devices, and they all use the tightest
forms of encryption.
The crème de la crème is ExpressVPN
(www.expressvpn.com), which checks
all the boxes for security, ensuring no
SHUVRQDOO\LGHQWLÀDEOHWUDFHVRI\RXU
browsing activity are recorded.
ExpressVPN has over 2,000 servers
spread across over 140 cities in over 90
countries, making it useful for accessing
geo-restricted content, too (such as
BBC iPlayer).
The process of encrypting and
GHFU\SWLQJ\RXU,QWHUQHWWUDIÀFSOXVWKH
extra mileage it travels to pass through


If you have already been hacked, skip
to the Emergency Actions section. If
you’ve come to this feature having read
up on the recent releases of breached
data, let’s look at a couple of ways to
tighten up your online security.
First, now is the time to use a virtual
private network (VPN). Free and
paid-for services are available – see the
box below. Connecting through a VPN
masks your true location as determined
by your public IP address – simply
connect through the closest location to
your own. Why do all this? Because if
the Have I Been Pwned website is ever
compromised, you don’t want to be
leaving tell-tale traces of your presence.
VPNs encrypt the content you send
and receive to the Internet, but don’t
hide the data you send to the websites


you visit, and you still leave a record of

where you’ve been on your PC. Ensure

nothing is recorded by opening a

private or Incognito window in your

browser – disable browser extensions,

too, as some record information from

private browser windows.

Check for breaches

With a private browsing window open,

visit https://haveibeenpwned.com and

enter your primary email address,

before clicking the ‘pwned?’ button.

After a pause, you’re shown the results.

These are split into two: breached

sites and ‘pastes’. Breached sites include

individual sites (such as LinkedIn from

2016 and Dropbox from 2012) and

compilations, such as Collection #1.

‘Pastes’ are where hacked usernames,

email addresses, and other information

have been placed into the public

domain on other websites. Scroll down

to read about each breach – it provides

a title, summary, and the information

that was exposed.

Many of these breaches should have

already been brought to your attention;

any company that’s been hacked

should email its users, and some went

further by forcing all users to reset their

passwords. In these cases, the findings

are historic, and confirm much of what

you already knew.

Many of us have more than one email

account these days, so perform

searches for all the accounts you

possess (including web-based services

such as Gmail and Outlook.com). Also

include any old addresses no longer in

use, particularly if you’re still using

them to log in to certain services.

Have I Been Pwned has an even more

important tool. Open a new private tab,

and go to https://haveibeenpwned.

com/Passwords, where you should

enter all those passwords you

frequently use, and be appalled to

discover most of them have been

compromised. Even if you haven’t been

personally targeted, the chances are

that someone else used the same

password, and was hacked.

Make a note of them all. You should

now have a list of accounts and

passwords that have been

compromised at some point. These

need addressing as a matter of

urgency, if you haven’t already done so.

A new approach

to passwords

Here’s the big takeaway from Have I

Been Pwned: You can no longer rely on

a handful of short, easily guessable,

and frequently reused passwords to

secure your online accounts. But how

do you square the circle of using long,

complex passwords, without locking

yourself out of your accounts because

you mislay or can’t remember them?

The answer lies with a password

manager – an online tool that

generates and remembers all your

login details for you, locked in an

encrypted vault behind a single master

password, the one password you

absolutely must remember going

forward. The box on page 52 reveals

more about choosing passwords.

your VPN’s servers, normally has a

measurable impact on performance,

but ExpressVPN is so quick, that there’s

no noticeable effect.

The issue with ExpressVPN is cost:

$12.95 a month, or $99.99 for a year

(although at time of writing, you can get

15 months for the price of 12). If that’s

off-putting, a good substitute is

NordVPN (www.nordvpn.com), which

offers three years for just $107.55 (that’s

$2.99 a month). It’s slower than

ExpressVPN, and covers fewer territories,

but has over 5,000 servers and can be

used on six devices at once (it’s just

three with ExpressVPN).

If you’d rather not pay at all, many

services offer cut-down free versions,

with a monthly bandwidth cap and

limited selection of servers. The most

generous of these is Windscribe (www.

windscribe.com), which offers 10GB of

free bandwidth a month, and enables

you to connect through a wide range of

countries, including the US, UK, and

Switzerland for the privacy-conscious.

Use 1Password’s Secure Login feature to see

off any keyloggers.

50 |^ |^ May 2019

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.