10/30: How Do I?  

Agenda

Announcements: Save the day (Dec 8, 9 - 12, Meet and Greet)

Review from last week (Misinformation/Disinformation)

Presentation

Hands on practice

Homework:

Recording

Miss the class?  Want to hear it again?  You can hear our Tuesday class recording by clicking here.

How Do I?

What we will cover:

·         Passkeys: Moving towards a passwordless future

·         Random myths and facts

·         Enabling and using speech to text

·         What to avoid for maximum safety

·         Deleting unnecessary apps


Passkeys: Moving towards a passwordless future

What are passkeys?

A digital credential that is used as an authentication for a website or app.  It is passwordless authentication.  It allows us to keep our credentials locked on our device.  Passkeys allow us to log into websites without using a password, instead using biometrics (fingerprint or facial) or the passcode of the device. 

Passkeys are stored on your device and link your account with the website or app you want to access. Passkeys are more convenient and phish-resistant than conventional methods. 

Passkeys (the term) is very new, popularized in May 2022 by Google and in June 2022 by Apple.  By October of 2022, Android and Google Chrome added support and in May of this year, it is allowed for personal Google Accounts. 

Some password managers support passkeys in the web browser extension, (Dashland, NordPass and 1Password).  Other password managers plan to support in the future.

Videos to help explain passkeys

More on passkeys

How do they work?

To use a passkey, you need to first register your device with the website or app that supports it.  You may be asked to scan a QR code or enter a code on your device.

Once registered, you can log in with a tap or click.  No more usernames/passwords on these sites.

When asked to sign-in to an app or website, the user approves the sign-in with the same biometric or PIN used to unlock the device (phone, computer, security key).  The app or website can then use this mechanism instead of traditional (and less secure) username and password.

You will need a compatible browser and operating system. 

·         Not all browsers are passkey enabled yet, but Chrome, Edge, Brave and Safari are all using passkeys.

·         Windows Hello (PCs running Windows 10 and 11) manages passkeys at the operating system level.  They are independent for a browser. 

o   In this case, passkeys are stored by Windows Hello (outside of a browser). 

o   When signing into a website or app that supports passkeys, Windows Hello handles the authentication process.

o   Since passkeys are managed by Windows, it does not matter which browser you are using

·         Apple and Android also use biometrics, which are like Windows Hello.  With the Apple device, passwords are saved in the password app.

Why are these good for users?

Familiar:  On the user end, it will be familiar, with the device asking for a fingerprint, face or device PIN.

Security: It is more secure to threats of phishing, credential stuffing and other remote attacks. (Credential stuffing is a type of cyber-attack which uses automated tools to try large numbers of username/password combinations which may have been obtained in past data breaches.)  It is more secure because it uses public key cryptography and can only be unlocked by you. 

Simpler process:  Service providers can use passkeys instead of passwords when signing in. Users don’t have to set up a new password or credential on each service or even device.  The passkeys are available even if the device is replaced. 

Websites that are currently using passkeys (more will follow): (Click here for a list)

·         Google

·         Amazon

·         Apple iCloud

·         Microsoft

·         WhatsApp

·         Adobe

·         Best Buy

And more (https://www.passkeys.io/who-supports-passkeys)

What devices and operating systems use passcodes?

·         Apple devices (iOS and macOS):  Safari, Chrome, Brave, Edge, Firefox, iOS & Mac apps

·         Android devices:  Chrome, Brave, Edge, Firefox, Android apps

·         Windows: Must have latest version of Windows 11 23H2, released in June of this year.  It will then support Chrome, Brave, Edge, Firefox and Windows apps

General process for setting up a passkey (will vary among websites, apps, devices, and browsers

·         Go to the website or app that supports passkeys (like Microsoft or Google)

·         Look for the option to create a passkey either in settings or on the login page. 

·         Choose where to save the passkey (one of the password managers, such as the browser password manager or a 3rd party service)

·         Confirm the creation by following instructions

·         If you have another device with the same program (Chrome web browser for example), repeat the steps for each device

Creating a Passkey (Chrome)

·         Go to the app (example: Chrome)

·         Sign in with your usual name and password

·         Click “Create a passkey” button

·         Check the information stored with the new passkey

·         Use the device screen unlock to create the passkey


Using the passkey (example: Chrome)

·         Go to the app (example Chrome)

·         Click on your picture to sign in

·         Use passkey suggested (click continue)

·         Use the device screen unlock to complete the login


Setting up a passkey in Edge:

1.  Update (settings>About Microsoft Edge)

2.  Go to account settings (account.microsoft.com)

3.  Click “sign in”

4.  Click “sign-in options”

5.  Choose “Sign in with Windows Hello or a security key”

6.  OR, if you have not yet set up, you will be prompted to set one up.

7.  Click on the appropriate box (pin, facial)

8.  You are in!


NOTE: 

Once set up, apps will begin to open with the method used (phone passcode, facial recognition, fingerprint).  It is meant to work in the system.  As time goes on, this will make more sense.

Myths and Facts

I found some ideas on Kim Komando’s website ( https://www.komando.com/)  She is a tech expert who provides podcasts and more.  Here are some myths and facts from her site.  NOTE:  Use her site to learn more about technology, explained in a easy to understand way.

Myth:  Private browsing is totally private

Fact:  ISPs, advertisers, and websites can still find you

Myth:  Deleting files means they are gone forever

Fact:  Files can be recovered even if they were deleted.  There is software available which will shred sensitive documents.  More information can be found on this site.

Myth:  Free Wi-Fi is always safe

Fact: Although better than before with encryption, you should still avoid public networks for sensitive transactions.  Consider a VPN.

Myth:  You should keep your computer on all the time (or turn it all the way off every day)

Fact:  Restarting your computer clears out temporary files.  But once a week is enough to keep your computer running smoothly


Speech to text:

Do you want to just speak into your device and capture your speech into text?  Here are the ways to do this from Word, Windows 10, Windows 11 and Mac.

      Word:  Open a new or existing document and go to Home>dictate

      With Windows 10:  Open a document or email, hold down Windows key and press H.  Turn off the same way.

      With Windows 11:  Same prompt (windows key + H) but then click on microphone.   To stop, say “stop listening” or click on the microphone.

      With Mac: Open the app, then choose edit>start dictation.  Press and release microphone to start dictation. Click on microphone to stop

Things to avoid for maximum safety

A few things from around the web, suggestions on how to avoid trouble with your device.

      “System optimizers” like driver updates and registry cleaners (they may take over browser homepages, redirect to other pages, add unnecessary toolbars and may present popup ads)

      “Web push notifications”: Although most new apps will ask if you want to receive notifications, you should usually say no.  They may be used for things like social engineering and advertising.

      Providing your personal information to someone who has emailed or called you.  If you don’t personally know them, it may not be safe

Deleting unnecessary apps:

Our new devices come with lots of programs and apps.  Some of them are very helpful, while others are not.  At the same time, we may find ourselves downloading apps which are not only unnecessary but in some cases may be harmful to our device.  Here are some that you might consider uninstalling.