Digital Security Tips 資安小撇步
快來探索GNA的資安小技巧吧!本週我們將交給您安全存放資料在雲端的小技巧。快動動手吧,讓我們為更安全、更可靠的數位空間共同努力!
Discover our digital security tips, designed to equip you with the essential know-how to safeguard your data online. Join us in taking proactive steps towards a safer and more secure digital presence today!
✅ 快檢查!你的電腦、手機系統更新了嗎?
每當你的電腦或手機系統跳出更新訊息,你是不是常按下「下次提醒」然後從此忘記?
系統更新,是個非常簡單、但又很容易被忘記的資訊安全小撇步。
由於系統是人類設計的(也許以後會是ChatGPT🤖)。
人會犯錯,這些錯誤可能造成系統漏洞或重大安全問題,使有心人可輕易利用這些漏洞危及你的資訊安全。
但人類能從錯誤學習改進,因此各公司都會不斷修復錯誤和發布系統更新。
為了確保你的資訊安全,定期更新作業系統是非常重要的!
時常更新你的系統還有其他好處,比如提升作業系統的相容性、提高系統效能表現,還有讓你及時享有最新功能!
👉 今天就來檢查你的電腦和手機的系統是否更新了吧!
✅ Is your operating system up-to-date?
When the message "Your latest updates are ready" pops up, do you simply click "remind me later" and forget about it?
Keeping your operating system up to date is a simple but often forgotten tip for ensuring your digital security.
The reason for doing it? Your operating system is created by humans (well, maybe ChatGPT in the future 🤖).
Humans make mistakes, and these mistakes can lead to software vulnerabilities or security flaws that malicious hackers can exploit.
Humans also learn from their mistakes and improve. That’s why updates and bug fixes are regularly released.
Patching these vulnerabilities is crucial to safeguard your system!
The bonus? Enhanced compatibility, boosted performance, and timely access to new program features.
👉 Let's do a check today! Make sure the operating systems of all your devices, including your PC, laptop, and mobile phone, are up to date!
㊙️ 只用幾組密碼打天下?你需要密碼管理員!
abc12345
生日+身分證字號
我猜中你的密碼了嗎?
你只用少少幾組密碼應付所有的平台服務帳號嗎?
🆖 密碼太簡單、或是使用重複的密碼,都是資訊安全大忌!想想如果你有不同的金庫,一組太簡單的金庫密碼,或是不同金庫共用同一把鑰匙,有心人要入侵你的金庫都會更加容易。
那要怎麼樣為每項服務平台帳號創造強大密碼,又能輕鬆記住呢?
👉 你需要密碼管理軟體!
⭕️ 密碼管理軟體可以幫助你:
為不同服務或平台創造無數強大密碼,而且不佔你腦袋太多記憶空間!使用密碼管理員,你只需記住一組用來進入密碼管理庫的超強密碼。
你可以立刻上網搜尋:密碼管理 軟體
你可能會看到一些常見推薦:Bitwarden, , KeePass, Strongbox,1Password…
有些人可能會質疑,難道這些密碼管理軟體就可以信任嗎?質疑是好的習慣,畢竟使用任何軟體或服務永遠都有信任問題。不過,你還是有些可以參考的標準:
1️⃣ 開源:程式碼透明,降低程式被植入惡意功能的可能性
2️⃣ 頻繁積極的定期維護和更新:當有任何漏洞或問題時較能即時修復
3️⃣ 參考軟體過去的紀錄或使用者評價,看是否有被駭或被發現重大漏洞
不過請注意!如果你的電腦或手機已經被間諜軟體攻擊或被植入惡意軟體,那安裝在你的電腦或手機的密碼管理軟體當然也無法確保你的密碼安全了。
㊙️ Yes, You Need a Password Manager!
abc1234
Birthdate+ID number…
Did I just get your password, like, really close? Do you use the same password for all your accounts and platforms?
🆖 Using a simple password or reusing your password everywhere is a digital security disaster! Imagine if you had several treasure vaults; would you use simple passwords for them or use the same key for every treasure vault? If you have security concerns about something, I bet you wouldn't do that!
So, how do you create strong passwords for all your accounts and actually remember them?
👉 You need a password manager!
⭕️ A password manager can help you:
Create strong passwords for all your services and save them for you. The only password you need to remember is the master password that allows you to access your password vault.
You can search for "password manager reviews" and you'll likely come across recommendations like Bitwarden, 1Password, KeePass, Strongbox, and more.
Maybe you have some doubts about these password managers. Well, there are always trust issues when using different software and applications, so it's good to be critical! Don't worry; there are still some indicators that can help you choose the right tool for you:
1️⃣ Open source: code transparency can help reduce the possibility of malicious features being implanted
2️⃣ Active and regular updates: ensuring timely bug fixes for any vulnerabilities.
3️⃣ Check user reviews or conduct research to find out if there are any vulnerabilities or records of being hacked.
Beware! If your devices have been hacked or infected with malware or spyware, a password manager alone may not be enough to keep you safe.
🔐 強化帳號安全,二階段/兩步驟驗證開起來!
足夠強的密碼,就像是幫你的帳號們加上一道鎖,而今天要講的 二階段/兩步驟驗證Two-Factor Authentication (2FA) 則是幫你的帳號們加上第二道鎖!
一般登入帳號時,只要有帳號和密碼就能登入。當你開啟二階段/兩步驟驗證,登入後系統會要求你輸入一組驗證碼。如此一來,即使有人偷走你的密碼,也還是無法順利登入你的帳號。
根據電子前哨基金會(Electronic Frontier Foundation),二階段/兩步驟驗證有以下幾種形式,每種方法都有好有壞。你可以選擇一組最適合你的方式:
1️⃣ 由簡訊或Email產生的驗證碼:這是最普遍的二階段/兩步驟驗證方式。但使用簡訊發送驗證碼並不如想像中安全,因為有心人可以攔截你的驗證碼。而且當你的手機號碼是實名登記的,使用簡訊發送的方式也等於讓服務公司可以輕易將你的帳號和你的真實身分相關聯。
2️⃣ 由Google Authenticator 或 Authy 等Apps 產生的驗證碼:雖然下載Apps之後使用上相當方便,但並不是所有服務都支援這個方法。
3️⃣ 備用碼或復原碼:這種方式通常會提供一組清單,清單上有許多一次性的代碼,你可以下載儲存或列印出來。使用這個方式,第一你可能把代碼檔案搞丟,第二是你可能在要登入帳號時才發現這張清單不在手邊。
4️⃣ 安全金鑰,如Yubikey: 這可能是目前最安全的方法。但因為體積小,遺失的可能性也非常大,所以對你來說也不一定安全。
請注意,不要以為有了二階段/兩步驟驗證,你就可以在密碼方面偷懶❌ 強大的密碼還是帳號安全的基本!
點擊以下網站,你可以查詢哪些服務提供了哪種形式的二階段/兩步驟驗證:
🔗 https://2fa.directory/int/
一起花點時間,檢查一下你使用的平台和服務們是否可開啟二階段/兩步驟驗證。
今天就把二階段/兩步驟驗證全部開起來,讓你的帳號更安全!
🔐 Let’s add an extra lock to your door: use Two-Factor Authentication
To have a strong password is like adding a standard lock to your door.
And today, we're going to talk about Two-factor Authentication (2FA), the extra lock to your door!
When logging in to your account, usually you only need your username and password. And with two-factor authentication, after entering your username and password, you’ll be asked to enter an identification code. As such, even when someone steals your password, with 2FA, they still cannot access your account!
According to the Electronic Frontier Foundation, there are several forms of two-factor authentication, each of them has pros and cons. You can decide which one is suitable for you:
1️⃣ A one-time verification code sent to you via SMS text message or email: this is the most common type of 2FA. However, using SMS messages might not be that secure. Some attackers can get your code through your phone network; and if you choose the SMS method, the company will know your phone number. When your phone number is registered with your true identity, the company can easily link the account with your true identity!
2️⃣ A one-time verification code generated by an app, such as Google Authenticator and Authy : it’s convenient once you install the apps, but some services might not offer this option.
3️⃣ A short list of single-use “backup” or “recovery” codes: you can print out or save the codes with you, but you might lose the code, or maybe when you’re in need, the code list is not next to you.
4️⃣ A hardware token, like a Yubikey: this might be the safest one, but it's small, and you might lose it easily.
Be aware, enabling two-factor authentication doesn’t mean that you can have a weak password. ❌ Strong passwords are still mandatory for your account safety.
Here's a list that you can take a look at to see how many services or software adopt Two-factor authentication!
🔗 https://2fa.directory/int/
Let’s spend a few minutes and check out if the platforms and services you’re using adopt the two-factor authentication. And enable two-factor authentication today for all your services to enhance your account safety!
🈲 你開啟二階段/兩步驟驗證,卻勾選了「記得我」功能?
還記得我們上次談了二階段/兩步驟驗證嗎?
你是否有為你的帳號開啟二階段/兩步驟驗證呢?
使用一陣子後,因為好麻煩,你就點了「這部裝置以後不需要驗證」或「記得我」呢?
怕麻煩是資訊安全的大敵!
有些服務平台知道大家重視方便性更勝於資訊安全,所以很貼心提供「這部裝置以後不需要驗證」或「記得我」的選項。
比如大家生活中高度依賴的Google,在你通過一次二階段驗證後,只要勾選「這部裝置以後不需要驗證」,以後就不需再輸入二階段驗證碼。
等等!這樣做你等於是把二階段/兩步驟驗證這第二層防護功能關閉了。
這麼做的風險,就是當有心人拿走你的設備,要盜用你的各種帳號服務也會更簡單。
💯 讓你的帳號更安全,今天就關閉「這部裝置以後不需要驗證」或「記得我」這些功能吧!
Did you tick the "Remember Me" or "Don’t ask again on this device" feature? That's a NONO ❌
Remember we talked about Two-Factor Authentication (2FA) last time?
Did you actually turn it on for your account?
And, after using it for a while, did you get fed up and just tick the box "Remember Me" or "Don’t ask again on this device" feature?
Convenience is the enemy of digital security!
Some service platforms understand that people value convenience more than their digital security, so they kindly offer you the options like "Don’t ask again on this device" or "Remember me." After you enter your 2FA code once, you can skip the verification step next time.
Take Google – the service we use almost everyday for example, after you pass 2FA once, you won't need to enter the 2FA code again if you tick the "Don’t ask again on this device" box.
But hold on! By doing this, you're disabling your second layer of protection provided by 2FA. The risk? Well, if someone with malicious intent takes your device, it will be easier for them to steal your accounts and services.
💯 For your security, disable "Remember Me" or "Don’t ask again on this device" feature today!