Computer: Remember Me No More! Of Safety, Security and Identity Theft
- CCleaner - PC Optimization and Cleaning - Free Download
Piriform - Authors of the hugely popular software CCleaner, Defraggler, Recuva and Speccy.
PC Maintenance Step One: Clearing the Cache!
When I teach people how to engage in basic PC maintenance on their computers, the first thing I teach them, is how to clear out the temp files and cache. Various operating systems scatter these two areas across multiple areas of the hard drive, making it difficult to find them all if you are not computer savvy already.
One tool that has come in extremely handy in this venture, is Ccleaner by Piriform. Their tool has been designed to search these various areas of the hard drive automatically. You can check or uncheck the areas you want Ccleaner to clean, and newer versions of the software will monitor those areas and alert you when space can be freed up on your hard drive. I received one of those notices recently, resulting in the following rant:
How Would You Rate this Software?
So once again, I am running Ccleaner. Once again, my browser will "forget" which sites the computer had been registered at, and which sites had requested to "remember" me at. The bothersome bit about this amnesia caused by removal of temp files, cached files, etc, is that some of these sites are financial sites. Already, I no longer tell sites to "remember" me that require me to enter a series of numbers and not make a username/pin instead. That series of numbers would give attackers access to my banking information, my credit card info, maybe even my personal account at the CRA and the worst part is, because those files are in the cached and temp file areas of my computer, they are easily dug up by any attacking cyber criminals!
Webmasters and Cyber-Security
It amazes me that webmasters have not yet figured out how to "remember" a user's computer based on their IP address instead of tieing it to individual machines within a network. In an age where cyber criminals are more concerned with identity theft and breaching bank accounts, you'd think that the average banking, credit card, or other institutions that require you to enter your social insurance number or similar identification would volunteer to "remember" you on their own servers, not your computer!
When Ccleaner is done this morning, I will have to re-register my computer at my bank. I will have to log in fresh again to the sites where I had clicked "remember" in my browser, places such as pinterest, zoho, LinkedIn, and others.
Browser developers woke up ages ago to the need to move password combos out of the temp file storage area, but they still have not moved out their own "remember" feature results to another area away from cached storage. If websites offered this directly on their servers instead, then not only would I not have to log in again to all sites where I want logins to be automatic, but I wouldn't have to re-register my computer on those sites where I refuse to enter a string of numbers to identify myself as well.
Safety and Security of Sensitive Information
Safety and security are big deals these days, and it honestly amazes me that more web developers are not doing everything they can to ensure the safety of their user information.
If I could shout to all browser and web developers around the world, I'd tell them to:
- STOP storing sensitive information on user computers!
- STOP giving cyber criminals something to break in and hunt for!
- STOP requiring account numbers as the only first-access entry to online financial access. Two-step authentication should not only be a requirement at all sensitive information sources online, but that two-step should require the account number or similar digits AFTER the more anonymous username/password/defining image/phrase step!
- Don't put account information out where criminals can get to it so easily!!! Nor where simple tools such as Ccleaner can wipe it out each time the computer is cleaned of useless temp files. I think we'd all agree that account information does not qualify as useless information!
Cyber-Security at Work
When cyber criminals don't have anything to dig up from computers, they'll have to change tactics and some are already moving to the concept of phishing schemes, although those aren't as prevalent as many thought they would be by now. In fact, rumour has it that some employers in sensitive organizations will test potential employees by seeing what kinds of emails they will click on. Those that click on a known phishing scheme are not hired! I think this is a great policy that needs to be enforced at EVERY workplace where a computer may be used by employees! Again, users learning what to look for and not clicking on suspicious emails reduces even the phishing vector, causing cyber criminals to have to change their tactics again!
Safety and Security Infographic
The point here is to protect the end user by protecting their sensitive information.
- GET it out of the browser's temp files
- GET it out of the computer's cached files
- DON"T ask for a series of numbers right off the bat.
- DON"T store "remembered" user information on the user's machine
- ENFORCE two-step authentication, placing the series of numbers second, NOT first!
- STOP giving cyber criminals a reason to break into end-user computers to steal their identity!
How Safety Conscious Are You?
When you surf online, do you:
© 2015 Marilynn Dawson