Alabama's Morning News with JT
David Malicoat protects your passwords and emails
It's time for today's Lucky Land Horoscope with Victoria Cash. Life's gotten mundane, so shake up the daily routine and be adventurous with a trip to Lucky Land. You know what they say. Your chance to win starts with a spin. So go to luckylandslots.com to play over 100 social casino style games for free for your chance to redeem some serious prizes. Get lucky today at luckylandslots.com. No purchase necessary, VGW Group, void were prohibited by law, 18 plus, terms of condition supplied. And welcome back to Alabama's Morning News. My name is John Mounts, I'm filling in for JT, and I have, like everybody else, lots and lots of things I have to log into online to do things like my bank account and my stuff for work, things like that, and everything requires a unique password. And then on top of that, I have multiple email addresses, not just the one I use for home or the one I use just for work, or there's all these ones I created years ago, and I've forgotten about most of them. And this can have negative consequences. Joining me now to talk about this is a cybersecurity expert in the host of the Professional CISO podcast, David Malakot and David. All of these things, should I be worried that these passwords could possibly be used against me? Could these accounts be used against me? Yes, and the short answer is yes. And in the long run, what we're talking about here is think about maybe how many time, how many email addresses you've had over your entire life, right? So whether, and, you know, excluding work, but, you know, there's, I'm sure we all have one or two email addresses that we had many years ago that we just had never used again. Threat Actors can actually get it, probably get into those, get break into those and then start using them as if they're you. So, what we want to do is take a look and say, okay, do I remember what those are, number one, do I have control of them, number two, if I do, or if I, well, say if I do, make sure you reset that password to something that's much more robust, much like you're talking about. Typically, the NIST, which is the US government entity that kind of controls all those recommendations, they say 16 characters of varying complexity. And then once you have established that control, maintain it, right? You may not use the email, but ultimately, you have one or two choices. One is get rid of it. A lot of times these services, especially the free ones, they don't really want you to get rid of them, so they make it very difficult. So in the end, usually the option is let's just go secure that, make sure I have positive control, and we go from there. And some of these things, they'll stay around for years and years and years. Do you know, back in the late 90s, I purchased a artificial Christmas tree. It was from a company called Dr. Festive. And Dr. Festive had a thing where you could get your own Dr. Festive email address, and I did. Do you know that the Dr. Festive email address I established in 1998 is still active, and there's still junk piling up in that email box. I don't even know why I did it, but it's still there. I'm sure there's half a dozen out, maybe more out there that I created that I don't even know how to get into. Right. And so in the end, what we try to do with those, one is the challenge is knowing about them. So fascinating that you have Dr. Festive, that's interesting. A lot of times they provide mechanisms to try to get back in. I know that you could potentially recover your password, things like that. In the end, sometimes that you just kind of have to cut them loose. If it's been this long, if it's been over a decade or more, and you haven't seen anything come up as far as any issues, you're probably going to be OK. Now, if you're something a little bit more recent and you just want to try to get that control, try to wrestle it back a little bit, I know Gmail for sure has a mechanism by which they can actually you can take. They can take this to a third party that will allow you to recover that email address and password and gain access to the account again, just that recently with a family member. So it's a case of do what you can as much as you can, but in the end, there's some that you'll probably just have to cut loose because there's been no activity for so long. And you don't want a situation where if you use the same password for everything that that password is out there, and it's the password for some account you don't care about, but it's also the password you use for electronic banking. So that's why it's important to vary your passwords depending on your what it's being used for. Totally agree. And so what I've started recommending, particularly to my family members and others that I consult with password manager is a really great thing to do. So in the end, a password manager is a place where you can keep this inventory of accounts and passwords. You can vary the password so you're not repeating them, as well as you only have to remember one password, which is for your for your password manager. In the end, you'll be able to have all these in one place, you'll be able to keep them a positive control over them. And a lot of these password managers have it built in to where they're monitoring the dark web for these passwords and email accounts anyway. And they'll let you know if they show up in any of the compromises that we see on the pretty much day to day basis. Do password managers, are they often built into your browser like your, say, a Google Chrome user and it has the auto complete built in? Is that the sort of thing you're talking about? That's one, but there are some that are that go a step further, which now, I would say, keeper, last pass, ones like that, that have the ability to, they're really, they're wired a little bit more into not just the browser, but across all your devices. So you'd be able to download a mobile version for your phone, you would have it maybe on your tablet, you'd have on your computer, they have plugins that go into your, into your browser also. And it's just, it's a little bit deeper reach, I guess to be the way to put it in just a simple browser included password manager. David, what about on phones where it has a fingerprint recognition thing, and it seems like more than just your phone uses that, there's a lot of websites out there that can use your fingerprint. That's still safe, right? Yes, and so these are called pass keys and so what happens is it leverages your existing biometric registration that you have, whether it be with your phone or a lot of times the Apple computers will have the fingerprint as well. And it uses that existing mechanism to authenticate you and it's much more secure than just a password so any chance that you get to use a past key, I would say 100% use the past key whenever possible. It's huge, it just recognizes again on your face on your phone or whether it be again a fingerprint on your computer. But yes, that is much more secure than just a typical password situation. All right, well David, I am going to take it upon myself after the show today to get out there. I'm going to find all those darn email addresses, shut some down, secure others, and then definitely delete my inbox from my doctor festive account. I would highly recommend that at this point from 1998. David Malakka, thank you so much for joining us this morning on Alabama's Morning News. Thank you. It's time for today's Lucky Land Horoscope with Victoria Cash. Life's gotten mundane, so shake up the daily routine and be adventurous with the trip to Lucky Land. You know what they say, your chance to win starts with a spin, so go to luckylandslots.com to play over 100 social casino style games for free for your chance to redeem some serious prizes. Get Lucky today at luckylandslots.com No purchase necessary, VGW Group, void were prohibited by law, 18 plus, terms of condition supply.