10/30: How Do I?
Agenda
Announcements: Save the day (Dec 8, 9 - 12, Meet and Greet)
Review from last week (Misinformation/Disinformation)
Presentation
Hands on practice
Homework:
Learn more about passkeys
Try to set one up
Consider some of the safety suggestions in myths
Try speech to text
Consider deleting some unnecessary apps
Recording
Miss the class? Want to hear it again? You can hear our Tuesday class recording by clicking here.
How Do I?
What we will cover:
· Passkeys: Moving towards a passwordless future
· Random myths and facts
· Enabling and using speech to text
· What to avoid for maximum safety
· Deleting unnecessary apps
Passkeys: Moving towards a passwordless future
What are passkeys?
A digital credential that is used as an authentication for a website or app. It is passwordless authentication. It allows us to keep our credentials locked on our device. Passkeys allow us to log into websites without using a password, instead using biometrics (fingerprint or facial) or the passcode of the device.
Passkeys are stored on your device and link your account with the website or app you want to access. Passkeys are more convenient and phish-resistant than conventional methods.
Passkeys (the term) is very new, popularized in May 2022 by Google and in June 2022 by Apple. By October of 2022, Android and Google Chrome added support and in May of this year, it is allowed for personal Google Accounts.
Some password managers support passkeys in the web browser extension, (Dashland, NordPass and 1Password). Other password managers plan to support in the future.
Videos to help explain passkeys
More on passkeys
How do they work?
To use a passkey, you need to first register your device with the website or app that supports it. You may be asked to scan a QR code or enter a code on your device.
Once registered, you can log in with a tap or click. No more usernames/passwords on these sites.
When asked to sign-in to an app or website, the user approves the sign-in with the same biometric or PIN used to unlock the device (phone, computer, security key). The app or website can then use this mechanism instead of traditional (and less secure) username and password.
You will need a compatible browser and operating system.
· Not all browsers are passkey enabled yet, but Chrome, Edge, Brave and Safari are all using passkeys.
· Windows Hello (PCs running Windows 10 and 11) manages passkeys at the operating system level. They are independent for a browser.
o In this case, passkeys are stored by Windows Hello (outside of a browser).
o When signing into a website or app that supports passkeys, Windows Hello handles the authentication process.
o Since passkeys are managed by Windows, it does not matter which browser you are using
· Apple and Android also use biometrics, which are like Windows Hello. With the Apple device, passwords are saved in the password app.
Why are these good for users?
Familiar: On the user end, it will be familiar, with the device asking for a fingerprint, face or device PIN.
Security: It is more secure to threats of phishing, credential stuffing and other remote attacks. (Credential stuffing is a type of cyber-attack which uses automated tools to try large numbers of username/password combinations which may have been obtained in past data breaches.) It is more secure because it uses public key cryptography and can only be unlocked by you.
Simpler process: Service providers can use passkeys instead of passwords when signing in. Users don’t have to set up a new password or credential on each service or even device. The passkeys are available even if the device is replaced.
Websites that are currently using passkeys (more will follow): (Click here for a list)
· Amazon
· Apple iCloud
· Microsoft
· Adobe
· Best Buy
What devices and operating systems use passcodes?
· Apple devices (iOS and macOS): Safari, Chrome, Brave, Edge, Firefox, iOS & Mac apps
· Android devices: Chrome, Brave, Edge, Firefox, Android apps
· Windows: Must have latest version of Windows 11 23H2, released in June of this year. It will then support Chrome, Brave, Edge, Firefox and Windows apps
General process for setting up a passkey (will vary among websites, apps, devices, and browsers
· Go to the website or app that supports passkeys (like Microsoft or Google)
· Look for the option to create a passkey either in settings or on the login page.
· Choose where to save the passkey (one of the password managers, such as the browser password manager or a 3rd party service)
· Confirm the creation by following instructions
· If you have another device with the same program (Chrome web browser for example), repeat the steps for each device
Creating a Passkey (Chrome)
· Go to the app (example: Chrome)
· Sign in with your usual name and password
· Click “Create a passkey” button
· Check the information stored with the new passkey
· Use the device screen unlock to create the passkey
Using the passkey (example: Chrome)
· Go to the app (example Chrome)
· Click on your picture to sign in
· Use passkey suggested (click continue)
· Use the device screen unlock to complete the login
Setting up a passkey in Edge:
1. Update (settings>About Microsoft Edge)
2. Go to account settings (account.microsoft.com)
3. Click “sign in”
4. Click “sign-in options”
5. Choose “Sign in with Windows Hello or a security key”
6. OR, if you have not yet set up, you will be prompted to set one up.
7. Click on the appropriate box (pin, facial)
8. You are in!
NOTE:
Once set up, apps will begin to open with the method used (phone passcode, facial recognition, fingerprint). It is meant to work in the system. As time goes on, this will make more sense.
Myths and Facts
I found some ideas on Kim Komando’s website ( https://www.komando.com/) She is a tech expert who provides podcasts and more. Here are some myths and facts from her site. NOTE: Use her site to learn more about technology, explained in a easy to understand way.
Myth: Private browsing is totally private
Fact: ISPs, advertisers, and websites can still find you
Myth: Deleting files means they are gone forever
Fact: Files can be recovered even if they were deleted. There is software available which will shred sensitive documents. More information can be found on this site.
Myth: Free Wi-Fi is always safe
Fact: Although better than before with encryption, you should still avoid public networks for sensitive transactions. Consider a VPN.
Myth: You should keep your computer on all the time (or turn it all the way off every day)
Fact: Restarting your computer clears out temporary files. But once a week is enough to keep your computer running smoothly
Speech to text:
Do you want to just speak into your device and capture your speech into text? Here are the ways to do this from Word, Windows 10, Windows 11 and Mac.
• Word: Open a new or existing document and go to Home>dictate
• With Windows 10: Open a document or email, hold down Windows key and press H. Turn off the same way.
• With Windows 11: Same prompt (windows key + H) but then click on microphone. To stop, say “stop listening” or click on the microphone.
• With Mac: Open the app, then choose edit>start dictation. Press and release microphone to start dictation. Click on microphone to stop
Things to avoid for maximum safety
A few things from around the web, suggestions on how to avoid trouble with your device.
• “System optimizers” like driver updates and registry cleaners (they may take over browser homepages, redirect to other pages, add unnecessary toolbars and may present popup ads)
• “Web push notifications”: Although most new apps will ask if you want to receive notifications, you should usually say no. They may be used for things like social engineering and advertising.
• Providing your personal information to someone who has emailed or called you. If you don’t personally know them, it may not be safe
Deleting unnecessary apps:
Our new devices come with lots of programs and apps. Some of them are very helpful, while others are not. At the same time, we may find ourselves downloading apps which are not only unnecessary but in some cases may be harmful to our device. Here are some that you might consider uninstalling.
QR scanners: Most smartphones (iPhone version 11 and up and Android version 8 and up) so no need for these.
Scanner apps: Use your smartphone camera instead
Facebook app: If you have had it for a while, it may be taking up lots of space on the phone. You can delete and then redownload it. Since it is cloud based, you will not have any problems with catching up.
Flashlight apps: Our phones have a built-in flashlight; these apps might be malicious
Bloatware: Programs associated with your operating system that you don’t use. Here is information on the Apple programs you can delete if you like. And here is some information on Android programs.