Posts

Are You the Victim of False Alarms?

It was the day before the big January snow and I was simply replying to an email on my iPhone. Yes, it was from an odd location – a grocery store in a neighboring city. But instead of a satisfactory “swoosh” after I touched Send, a message popped up on my iPhone. “Someone just used your password for (my gmail address)” with a link to a specific Google page. Ugh!

You may be wondering if this was some kind of spam message, but I wasn’t worried about that. It was a text message with a Google site for me to visit for more information. Plus, you cannot get a virus from visiting a website on an iPhone unless you’ve done something called “jailbreaking” to it.

Touching the link and reading the explanation, I was directed through Google to review the recent suspicious account activity. I was horrified to see that an Unknown Device located five hours away in Nashville, TN had attempted to log into my Google account!

I immediately followed the instructions to change my password, all while grocery shopping. Google definitely created a sense of urgency in me to prevent the unknown culprit in Tennessee from hacking my account.

Later, at home, I sat down with my computer to review my Google security settings and recent activity. It appeared that Google thought my iPhone was the Unknown Device, but that did not explain why it showed my iPhone in a completely different location. What I did understand, though, was that immediately changing my password had NOT been required.

This little event reminded me of a concerned client who inexplicably kept receiving email alerts on her iPhone that her Facebook account had been accessed from strange locations. The first time she received the disconcerting message, she thought her Facebook account had been hacked and so she changed her Facebook password. But then it occurred again, and again. After studying her email alerts, I decided that she did not have an account security problem, but the location of her iPhone was somehow off.

Having my own little security incident in the grocery store, I felt that the cause of her alerts and mine were related. So, I turned to Google for some answers. Unfortunately, I didn’t find a solid answer from a good source, but here is what I think happened.

Your cell phone is constantly connecting with different cell towers as you change your location. Every time it connects with a cell tower, your cell phone is assigned a number that is kind of an address for that cell tower’s location. It’s called an IP address. Only, in the case of cell towers, the geographic location may or may not be accurate. In fact, it’s inaccurate as much as 50% of the time.

So, hypothesizing that the security alerts my client and I experienced were the result of an inaccurate location being assigned to our cell phones, was there anything we could do to prevent these false alarms?

Google 2-factor authentication

The answer for my Google security alert was to add a Google-supplied feature called 2-factor authentication. I had previously avoided this because I thought it would require me to enter a special code every time I used my email, but I was wrong. It’s very easy to set up on computers and mobile devices and I highly recommend everyone who uses Gmail to use it.

Here is an excellent article with pictures to guide you through setting it up: http://www.cnet.com/how-to/how-to-set-up-googles-two-step-verification/

Once in a while you may have to re-enter the security code that is sent to your mobile phone, but it’s a small price to pay for securing your Gmail account.

Facebook trusted devices and login approvals

For my client’s Facebook login alert emails, after she changed her password and continued to receive alerts, the easiest solution would have been to train Facebook for her trusted devices. But, the more secure solution is to require something called Login Approvals. It sounds laborious, but it’s not.

Facebook’s instructions are easy to follow (except for explaining how to go to Security Settings).

From Facebook on your computer:

Once your browsers and devices are trusted, you should only have to enter a security code when you log into Facebook from a new computer, mobile device or browser.

Whether you’ve been a victim of these false alarms or not, I encourage you to spend a few minutes and set up your Google and Facebook accounts for this extra level of security.

It’s called peace of mind.

Do You Care About Your Digital Afterlife?

About a month ago, I received an email notification that it was a Facebook friend’s birthday. I get an email like that almost every day because I have my Facebook account set up to remind me when one of my friends has a birthday.

The person for this particular birthday reminder was actually a friend of my parents and I did a double take when I read the email reminder.

You see, this gentleman was deceased and had been for over a year.

I was a little shocked at the thought that probably all of his Facebook friends were receiving an email to say “Happy Birthday” to him on his page.

In this particular instance, I suspected that the remaining family had no idea how to remedy this situation, so I decided to contact Facebook on their behalf. Facebook has an online page for submitting this type of information and will memorialize a deceased person’s account with a valid request which includes a link to an obituary or other official documentation about the death.

A memorialized Facebook account can still be used by friends and family to remember the loved one with postings, but friend suggestions, ads and birthday reminders will stop. The word “Remembering” will be added next to the person’s name on their profile.

There are other options for Facebook accounts after death. Verifiable family members can request to have an account completely removed from Facebook, but don’t you want to be in charge of your digital afterlife?

This got me thinking about end-of-digital-life plans and what you can do to protect your social digital remains and make it easier on your loved ones after you are gone. Currently, Facebook and Google seem to be the most proactive and allow you to edit settings about what will happen to your account after you die and who you give permission to facilitate your wishes. For example, you can choose to have your account deleted or name a legacy contact who can download an archive of your posts, photos, emails, etc.

LinkedIn, Twitter and Pinterest depend upon family and friends to contact them after a death, with supporting documents, to close an account. Hopefully, these popular online sites will add the capability for users to leave directions for after death account closure or access.

How to specify digital afterlife settings in Facebook

Facebook allows you to either specify a contact to manage your Facebook account or to completely delete your account after you die. Any of your contacts or family can report your death with supporting documentation, which Facebook reviews and then approves. Your selected legacy contact can post a message on your page, change your profile picture, respond to friend requests and download your shared posts and photos. Unfortunately, you can’t choose to have a legacy contact and to eventually delete your Facebook page.

  1.  Go to https://www.facebook.com/settings?tab=security.
  2. If you want to have your account managed and remaining on Facebook, click on Legacy Contact. More information about legacy contacts is here.
    • Enter the name of one of your Facebook contacts. You will have the option to immediately send a message notifying that person that you have selected him/her as your legacy contact, but you don’t have to send one.
    • You can choose whether or not to allow your legacy contact to download a copy of what you’ve shared on Facebook.
  3. If you don’t want your account to remain on Facebook, do not enter a legacy contact. Instead, check the box for Account Deletion.

How to specify digital afterlife settings in Google

I really like Google’s method. They call it the Inactive Account Manager because it only activates after there has been no activity with your account for an amount of time that you specify. Once that amount of time has passed, Google will attempt to contact you (in case you’re still around!) and secondary contacts that you name. You can specify that all or parts of your account are automatically deleted or allow for your legacy contacts to download your account data.

  1. Go to https://www.google.com/settings/account.
  2. Under Account Tools, click on Inactive Account Manager.
  3. You may need to enter your mobile phone number and verify it.
  4. Choose the amount of time your account can be inactive before Google attempts to contact you or your legacy contacts.
  5. Add trusted contacts, one at the time. You will select which Google services they can access. They will have 3 months to download your data.
  6. Compose an email that will be sent to your contact upon your inactivity. (This was quite hard for me and emotional!)
  7. You can add up to 10 trusted contacts with separate emails for each.
  8. Set up a general auto response to incoming emails once your account has been inactive for the specified period of time. I recommend selecting to send this response only to those who are in your contacts.
  9. You can choose to have all of your account data deleted once your requested actions have been completed.
  10. Once you have completed your Inactive Account settings, click on the Enable button.
  11. You can edit or disable your Inactive Account settings at any time.

Links to digital afterlife policies for other sites

Here’s a helpful article I just found on how to create a digital estate plan. This site also provides other information and services, like links on how to close over 100 digital services.

This isn’t a particularly cheery subject – to contemplate the end of one’s life. But, if you are proactive enough to have a last will and testament in place, then you should also be proactive with your digital estate planning.