I hadn’t changed my Google password in a long time

It is hard to believe, but it is true! I had not changed my Google password for over 5 years!! That’s embarrassing, I know.. but I can explain..(maybe not). Not, entirely satisfied with that news, I also checked in the site https://haveibeenpwned.com/ and the occurrences of my email and related passwords are exactly 14. Yes! 14 services in which my password or email have been leaked. I checked the services that have had data breaches in the past 5 years and pretty much all of them were in the list including LinkedIn, Dropbox and more. I even tried the Brazilian http://minhasenha.com.br but they don’t give you the list of services which your passwords is leaked, but instead they send you an email with the bloody leaked password! With that your only option is to change your password in all services you might have an account with!

I do use a password manager, but I have to admit that I use a single password for sites that I will most likely use only once. It is a weak password (not 123456) that is easy to remember and serves as default if I ever come back to that particular url. For services that matter I use a password generator that will spit a long, complicated impossible to remember set of 18 characters. Yet for Google, something mystic called 2FA,prevented me from changing it more frequently.

Two Factor Authentication Paradigm

2FA (2 factor authentication) – Is an authentication method that uses 2 pieces of information to allow your “entrance” to a given system. The 2FA is composed of two of these 3 things: Something you KNOW ( like your password), something you HAVE( like a key fob) and something you ARE (such as your fingerprint, or eyes). Nowadays the “something you have” that used to be a token with a screen displaying random numbers, is commonly replaced by a SMS that is sent to your phone. That is what I use for my Google account. There is a website that tracks downs services with 2FA, you will be surprised by the number of big companies that doesn’t have it yet.

It is true that a 2FA is more secure that simple password authentication but it is not massively used by people… for example, less than 10% of Google users have the feature activated. Apparently the more secure ( by consequence more steps involved) less is the interest and adoption. On the other side of the spectrum however is if after subjecting to these additional steps there is more likelihood of negligence with time. And that is where my theory comes in. I will call it, “The two factor Authentication Paradigm”. It is applied, only, to those 10% that have some form of 2FA activated.

It is basically the false sense of security that is immediately absorbed right after you elect your 2FA. You simply forget about it. Like, you are now part of a protected group of people, surrounded by a field of energy that won’t let any evil in. “I have 2FA, let me carry on with my life….this item can be checked as done, let’s move on”. I am a victim of such feeling as I just realized that it had been 5 years without touching base or even worrying about it. Is this true? Can we 100% trust 2FA, to the point to never check our passwords again? Questions like the below, didn’t even cross our  my minds..

  • Can it be brute forced?
  • Can it be guessed?
  • Can the messages be hijacked/intercepted?
  • Can the software be hacked?
  • Social engineering hacked?

All of this questions can be answered positively, since most of the efforts employed by companies to deploy 2FA are around SMS – https://twofactorauth.org/. Advanced hacking techniques and social engineering that has been used and reported here, here, here , here, here, here , here… there is more…. here and here  proves that 2FA is not something that you enable and forget about it. There are threats and one needs to be on top of it, to avoid being hacked, loosing money or have his life turned upside down.

These false notion of security is extremely dangerous as 2FA is indeed secure, but is not bullet proof. It is definitely not the silver bullet of authentication. Flaws can be found in the mobile network, public wireless network, password recovery procedures, emails, social network and as always (as the user now thinks he is safe), the social oversharing of sensitive data. For example, a hacker can guess your security question’s answers based on your twitter profile.

Among the possible actions that is to be implemented and considered to add layers of security to your digital life is:

  • Change your darn password (5 years is too much)
  • Don’t take 2FA for granted
  • Do not use SMS based 2FA
  • Use the software based token
  • If possible try using the U2F ( Universal 2nd Factor)
  • Make sure you know you mobile company polices and procedures against social engineering and account recovery – Here is the Vivo’s
  • The info provided in the password recovery must be double checked (phone number, email (disable the voice prompt))

Luckily, my life and accounts have not been (yet) hacked, so there is bandwidth for improvements. First measure..is obvious… 🙂

Hash Collision Considerations

In computing theory Collision is described as the event where two objects or records receive the same identifier or allocation in memory. The description also applies when one algorithm produces the same hash value for different entries. An algorithm considered robust must have as fundamental characteristic the “pairwise independence” , which in a simplified way means that the hash generated from two distinct entries must be different.

The hash functions do not have methods that allow the identification of the input items, or registration of the hash values ​​generated from them. This means that although the pairwise independence feature is desirable and extremely necessary, collision is statistically possible since there are unlimited inputs and a limited (although incredibly big) number of possible outputs. The probability of collision is directly related to the composition (characters) and the size of the hash value. The greater the size of the hash value, the more difficult becomes the collision. The use of the word difficult and not impossible is adequate because the growth of computing power makes the calculations necessary to find these values ​​more accessible. To illustrate how the collision works, consider a hash function represented by H, and any input value, for example, “Hello”, which as a result generates a hash value, 7878​654, consisting of 7 (seven) characters numbers. Having the equivalent function:

H(Hello) =  7878​654 

The collision could happen when, for the same hash function H and a different entry, for example, “World”, the result generated is the same as that obtained for the entry “Hello” .

H(World) =  7878​654 
Continue…

Are you giving up Facebook too? Here’s my reasons

It was around 3 years ago when I suddenly realized that a friend of mine had gone from Facebook. I don’t remember exactly why I was looking for him, but I just couldn’t find the guy. Went for looking for him in the messenger app and nothing, searched by his phone number, nothing.. it did take a while until I realized that he actually deleted his account from the platform. Why? Why anybody with sane mind would do such a thing? I mean, really?

The tool is really amazing!!  It does connect you with that friend that you lost contact with ages ago. You can share your travel adventures or share not only your problems but your happiness. You can sell stuff, promote your business or simply read about people’s life. You can call people to act on a cause or promote a healthy debate about something. Don’t even get me started on theall the babies, birthdays and companies parties pictures that you can see. I can’t number the ways that you could positively use Facebook, it is just too many. And because of those reasons I thought badly of that particular friend. I considered him crazy and associated his disappearance to religion – He was actually studying and getting very involved into meditation and mind control stuff. Why would anybody not want to have this in their life? The thing is sooo addictive, and comes along with the feeling of community that makes you feel alone if you don’t participate of it, it is like you don’t have a voice or even if you don’t exist without it, isn’t t?

Fast forward to the present moment I found myself wondering if the platform is actually that good. With the recent change on Facebook algorithm the feed of stuff you end up seeing is so, so toxic! It has the goal of showing you more content from family and friends and according to Mark the focus should be people’s well being.

“You’ll see less public content like posts from businesses, brands, and media. And the public content you see more will be held to the same standard—it should encourage meaningful interactions between people.”

Come on, be honest with yourself, have you really felt good about it? The change actually made the thing to be worse. You are doomed to see the posts over and over, and doesn’t matter how many times you come back to it or device you use. It has a huge impact on marketing and ads, but also on the quality of the content you ended up seeing. Additionally there are numerous scandals that have been striking Facebook and its users with data leakage and privacy violations. Do you remember the USA elections and the avalanche of fake news? And even suspicious of Facebook selling your data to third party companies… not really a surprise, but you know… it is kinda of a bummer.

If none of that is enough reason for you to delete or stop using Facebook I can give the reason that made me think about it.

The bubble effect

The changes of the News feed algorithm favors people content like photos, events and frivolous things that it considers important. Ultimately you are trapped seeing only things that doesn’t necessarily bring any value or knowledge. The other side of it has nothing to do with the algorithm but has a lot to do with human nature where most of us try to avoid confrontation or a different opinion. Facebook really makes it easy to simply stop following that person, or block him for good. If the guy is posting to many posts related to porn, block him! If he or her has a political view that is completely different from mine.. block them! If the lady is sharing too much of her travelings and veggie recipes.. what do you do? Yes! Hit that lovely button and stop following that salad eater.

Without realizing, you are only seeing things that you like, with people that you tolerate and living in a bubble that brings no difference or diversity. The bubble is no good for anyone!  It will inevitably drag you to the hate side, being it the second reason I’m getting away from Facebook.

The hate effect

Internet gives people a voice! Unfortunately the ratio of mouth and ears distribution is not that proportional. People are way more interested in saying than listening. Politics, movies, games, gay marriage, affirmative actions, immigration, guns control, abortion, adoption, divorce, human rights, minorities, civil law, criminal law…you get the idea. All topics, in my opinion, amazingly good to attract and involve people in a productive discussion where arguments are given and a healthy debate is built. But that is not what we see. Yes, internet gives you a voice but, also provides a place to hide, where you can share your stupidity and not be held responsible for it. More often than not, the so called haters can disseminate their poison and absolutely nothing happens. They get used to it.. and hate becomes their hobby.

I can’t forget one day that I had just finished the São Silvestre race and was so proud about it that I felt like sharing. I hadn’t payed the subscription and as you may suppose was not entitled to receive the medal. So, I borrowed the medal from a fellow runner and took the picture. No biggie, right? I had run the 15KM, just like anybody else.

Took exactly 2 minutes after sharing the picture to have the idiots picking on the fact that the medal wasn’t mine. 15 bloody kilometers on December 31st and so many decent things to say..and the jerks were there to judge and to spread the hate… Nope, not for me!

The envy effect

This one goes both ways. We want to check on peoples life and see what they are up to. And we also want to have people checking what we are up.. that is why we make an effort to show that our very boring festivities look like a Woodstock type of event and share the cool aspects of our life. Bottom line is, it becomes a competition to see who is the happiest, or traveled the most, or partied the most or have more success in life.  We all know, no one’s life is perfect. We have down sides, we feel under the water more often than we would like it to admit. But we share only the good things…it makes me feel bad! I have the impression that the neighbor’s garden is always better than mine ( This is actually an expression in Portuguese). As people is always sharing their good moments, what was supposed to be a positive thing actually has the opposite effect. It feels like everybody is happy, super successful but me. It is freaking depressive!

Conclusion

One thing that must be clear as I open the door of my criticism towards Facebook is that it is a great tool. It has great qualities and I’m sure it has a place in many peoples stories of success and surely some love ones. But for me, I was simply tired of the hate, the envy and the bubble effect. I like a good conversation, I like a good debate.. even a heated but polite one. I like sharing and talking about my success. But I feel, it is not to be shared with everyone. The friendship concept promoted by Facebook is overrated, it is lazy friendship. People that actually care about you will call you in your birthdays, or will show up to help you with that home project of yours… they won’t be satisfied with a simple like in a photo that you shared, they will die to be with you during those moments. You will certainly fight with your true friends, but then you will make peace over a coffee and an awkward apology request.. or no apologies at all.. just a hug or a embarrassed look that you will understand.  True friendship will cheer and be excited about your success.. gosh they will lend you money if they know it is to help you to live a dream or start a new business… or if you are just dead broke. They will be pissed at you whenever you screw up and they will tell you the truth… Facebook doesn’t give me that..

I invested many hours of my life,  sharing thoughts, uploading pictures and commenting on Facebook… it is nice they provide a way for you to backup everything and download what you have there. It is quite easy to erase your account and be done with it.  Not ready to delete the account entirely? I’m certainly not there yet, but I’m glad I’m not using it that much anymore… and to be free or less inclined to  those feelings is just amazing!