 All right, good morning, and welcome to this week's edition of Encompass Live. I'm your host, Krista Porter, here at the Nebraska Library Commission. Encompass Live is the commission's weekly webinar series, where we recover a variety of topics that may be of interest to libraries. We broadcast the show live every Wednesday morning at 10 a.m. central time. But if you're unable to join us on Wednesdays, that's fine. We do record the show every week and is then posted to our website for you to watch at your convenience. And I'll show you at the end of today's show where you can access all of our archives for the show. Both the live show and the archives are free and open to anyone to watch. So please do share our website and our upcoming shows in our archives with anyone, friends, family, neighbors, colleagues, anyone you think that may be interested in any of the topics we have on the show. We do a mixture of things here on Encompass Live, book reviews, interviews, mini training sessions, demos of services and products, showing off things we think you should be doing, highlighting libraries doing cool things in Nebraska or around the country. We do bring in guest speakers sometimes from outside the library commission or outside the state. But we also have a Nebraska Library Commission staff that do presentations. And that's what we have this morning with us is, as you can see on the screen, Amanda Sweet. Good morning, Amanda, who is our Technology Innovation Librarian here at the Nebraska Library Commission. And she has a new monthly series of Encompass Live shows that she's doing. This is the second one. Pretty sweet tech. So once a month, Amanda will be with us on Encompass Live talking about something a little more techie than maybe some of our typical shows. She's, so far, for last month, this month and next month, they're in the middle of the month because we had other things scheduled, but they will eventually starting in September be the last Wednesday of every month will be pretty sweet tech. So look for that in our upcoming shows. And today we're gonna talk about passwords. Passwords mention and security and just how horrible it all is. It's our favorite topic. Well, surprisingly, it is a hard topic to talk about, it is an annoying topic, but obviously we've got a lot of people here on today's show. It is necessary. So people definitely know it's something, needs to be talked about and figure out what do we do about it all. So I'll just hand over to you and tell us how to solve all our password problems. No pressure. So when I was putting this presentation together, I started looking at all of the horrible ways that things can go wrong. And if you do that, I almost guarantee you're gonna wanna sweep your laptop into the nearest trash bin. But after I fished it out, I put this together. So we're going to go over basically some common different ways people are gonna be trying to get at your information. And by hacking techniques, I mean, the ways people are trying to get into your online, your email accounts, going into your online accounts, like whether you're on social media or if you're on, actually my Fitbit account actually, I got an email saying that that was hacked recently. Really? And I had to change my password for it. And the first thing I actually did was find out if that was a phishing scam. That's true. I mean, just because you've been told or you've gotten a message saying, hey, that's the exact you need, is that even true? It wasn't. Wow. Yeah. So my fitness pal was hacked. That actually was legit. But the Fitbit wasn't. That was a phishing scam. Trust no one. Yeah. Is the lesson here. Double check everything and anything, yeah. And if you are wondering what in the world is phishing, we will get to that shortly. It's tricky. So after we go over some different ways that people are trying to get in, we can go over a few ways that we can protect ourselves from that actually happening. And that'll include building better passwords and of course the password manager. And we'll go over some of the kind of pros and cons of using this password manager along with what a password manager actually is. And just in case you don't feel like using a password manager once you learn about it, then I'll give some other different ways that you can keep yourself safe even without using that. All right, so let's get started with how hackers are actually trying to get to us. So the number one way is brute force attacks. And by brute force attack, I mean that a lot of hackers will just have a spreadsheet of some different common passwords that people use. And some different, like, a lot of people like to use password one, two, three, it's easy to remember. It's common, but it's insane. Yeah, and yet it's what people do. Yeah, and so they just, they basically go through and they will use a whole different load of computers to just guess different passwords, one after the other, after the other, after the other. And if you use one of those common passwords or a variation of it, like password one, two, three, password two, four, six, password whatever. They're gonna eventually figure, yeah, come across it, yeah. So that just, basically they just guess a lot. And so password one, two, three is actually, it was rated the number one most common password. The other ones were city names, like Paris two, four, six was a really common one. So if you went on vacation recently. Two, four, six, I wonder why. I guess, yeah. So what's easy to remember for us is also extremely easy for computers to guess. And so what a lot of people started doing was changing that O in password to a zero and things like that. And then enough people started doing that, that hackers were like, you know, that's a great idea. We'll just add that into our brute-focus attack. And they started guessing even that. Mm-hmm. So I'm actually going to go over, there is a handout that's going to go with this presentation. And that will give you some other examples of really common types of passwords that you'll probably wanna avoid yourself and you'll want to tell patrons to avoid when they're, when you're showing people how to use computers and how to set up accounts. And because I definitely don't expect you to memorize this entire thing in 15 minutes, that's what a handout is for. This just gets you the, you know, in the basics and knowing what you need to know. Pretty much. And so this is where I'll cover phishing here. Another way that hackers are trying to get our login information, to get into our Amazon accounts and get into eBay accounts and get into general email accounts is by they will generate a fake website that looks exactly like a real website. And then they'll send you over an email with a link to their fake website. And they'll ask you, oh, just log in. We sent a message over to your account and it just a couple of little security things that we just really need to go over. We wanna make sure that your account is safe. So if you could just log in, then they basically play on fear to be able to get you to go in there. So now whenever I get an email that says it's from Amazon, sometimes it actually is, sometimes it's not. But instead of clicking through a link in that email, I'll log in directly into Amazon or eBay or whatever account it's through. And by logging in directly through there, I'm able to access my inbox. And if an inbox for that account doesn't exist, then you definitely know it was a phishing scam because how can you access an inbox that was never there? Yeah. So basically rule, like rule of thumb, do not directly access a link through your email. Even my Wells Fargo account, I actually got a phishing email from Wells Fargo. Oh wow. And that's why I will never, ever click through to, which was, that was actually one of the most disturbing emails that I ever got because I almost clicked on it. It was that real looking that it was like, oh yeah, this is a thing. But luckily I actually did go through and then I actually called Wells Fargo and was like, I forwarded them over the email and said, is this a thing? And they were like, you know, no, it's not. So that's the thing, you don't have to follow what they tell you. I mean, you can take a step back. Nothing is so urgent that you need to do it right off of that thing. Yeah. Go directly, go outside of the system, whatever. Yeah. And phishing does not always have to be through email either. There are phishing phone calls too. Yes. So I don't know, you may and may not have heard about, it's like a conference called DEF CON. And DEF CON is basically just like a group of hackers that are trying to hack. And there are good hackers and bad hackers. And the ideal is that you're following the good hackers that are just trying to get really good at what they do so that they can show people how to protect themselves better. So when I watched this video about DEF CON, there was a woman who works for a social engineering company that works for a privacy company. And she called up the host's bank. And she called up and said, oh my god, I just had my baby's crying in the background. And I just moved into my new boyfriend's house. And he told me that I really, really, really, really had to go get this done. And I can't remember which email I used to create this account. Would you mind just giving me this email? And I don't know if I'm going to be able to call you back later because we're going on vacation. She would pull up a baby crying track. That was playing on YouTube. And she would just intermittently, whenever she had to trigger an emotion in the other person, she'd play this track. And she was actually able to get the company to give the email address. And then she was able to get them to add her onto his account with her own password. And it was just playing people's emotion. So it's such a huge convoluted sob story that the person was just like, OK, OK. Let me help you. I'll just, yeah. Yeah. And I used to work in call centers and customer service before. So it's like a lot of times you get so many different calls from this that you just think there's no way that anyone would make up this kind of story and not be telling the truth. But one, it's the company's job to try to lock down our information. But two, not everyone is trained in such a way that they will do that. And sometimes these people that are these social engineers, they're trying to get around that. So we're better safe than sorry to just lock down our accounts a little bit better. And I recommend not going through on YouTube and finding out all the different ways that things can go wrong because I'm not kidding about phishing my laptop out of the trash. You'll never want to go online again. Yeah, pretty much. Anyway. And this one is people can do a little version of phishing if you're using a public computer. So when a library patron walks into your computer lab, they log into their email and then they don't log out of it. Depending on how you have your system set up for people to access computer, someone might just sit down at that computer after they got up and they're able to access that email account. If you have a system that auto times you out and logs you out and auto logs you out of everything and clears the cache for the browser, then you probably won't run into that. But not every library has or can afford that system. So it's just good to have a note out there that says log out of every account when you get out. And sometimes it's just so quick. Yeah, I mean, even if it does have something to clear it, you get up, someone sits out immediately. That's nothing's happened yet to clear that. And some predatory hackers, they actually do that. They will sit in a shared computer bank and just wait for someone to use only half a session. And then they'll sit down immediately and find out if there was an open account or if there was... So a lot of browsers have an option where you can go into that little top menu and then click show password. So if you had the screen that was pull up with your email address and then an auto fill password, they can click show password and grab that. So how fast are you getting smarter? So not even just logging out, but close the browser to whatever service you're using your browser, whatever, because they could just go back into something that might still be saved in there in some way, that cut the connection completely, maybe. And a lot of libraries have it set where they'll clear their browser cache at the end of the day. But that doesn't help in the middle of the day. Right, to reset the computer to the next day, yeah. So I mean, you can even, you can clear the cache intermittently or clear it on log out. And that would help too. And a lot of this stuff is gonna change and adapt as we get new tech too. So what I'm telling you right now, there may be updated better ways in a year or two from now too. So it's just gonna change and adapt as tech adapts. So now this I added because I'm trying to find the good balance between terrifying you completely and making you just more aware. So I'm just gonna go over a couple different examples of what hackers can actually do once they get into your account. So remember that DEF CON example I was talking about before? That is, so that is a really skilled hacker using semi-spilled tactics. So they were able to send out a phishing email that went over to the host. The host logged into their account. That guy managed to get the email and password for the host. And once he had that email and password, he tested it with every different common account that exists. So he went to every social media account. He went to every bank. He went to every whatever because for most logins, it's usually your email. So then after that. A lot of mine are, yeah, it's just easy rather than making a username. Yeah, yeah. And most accounts, they ask you to just use your email as your login and it just, or you can use it for a username that you make up. So honestly, I use my email for a lot of stuff that way. And it just, because who in the world is able to memorize unique usernames and unique passwords for everything? Like I'm not sure I'd actually be able to do that considering the average person has between 40 and 60 accounts online now. Really? Yeah. I don't even want to think about how many I have. And it just, that'd be with a unique username and a password for each one of those that'd be between 80 and 120 different unique IDs to memorize. And it just, and that's why a lot of people are starting to make spreadsheets or like write it down, lock it in their door. And now security experts are saying, oh, by the way, maybe don't do that. And then I'm just looking at, and then like, how, what was that again? Yeah. So what they actually recommend is the password manager, which we'll get to after I give you four stories. Yeah. So where were we here? They just got the phishing email. They got the password. They were able to get into the Facebook account. And then after getting to the Facebook account, they outlined how they could start posting malicious things on the wall to ruin their online reputation. And which works, by the way. You can be the nicest person on the planet, but if you start going rogue on your social media. You've wiped it all out, basically. Yeah. And it wasn't even you. But the damage is done after the posts are out there. And people may not be looking at your profile in like a couple of weeks from now when you say, oh, by the way, I was hacked. And that wasn't actually me for about a month there, but okay. And so then if they're able to get in, after they were able to get into the social media account, then they were also able to get into the laptop cam. Oh yes. The cameras cover your camera. Yeah. And so they were taking a photo of the host every two minutes using malware that they put into the computer. And then once they were able to get the photos, they were able to create their own social media account using real photos of the person. Oh wow. That looked like the person taking them themselves as like, here's my profile picture that I took using my laptop. Yeah. And then a lot of times you see real photos of a person with their real name, with their real email address, and how would anyone know it's fake? And then after they got into social media, they were able to get into the bank because they had just guessed every single common bank. And I forget which one he actually went through. It doesn't really matter. But they were able to log in because they had the brute force attack. And they also used social engineering to find out what this, they scanned this person's social media profile to find out what they like. And then they used the keywords of what they liked to tailor their brute force attack. And they were able to get in. So it's, half of the hacking is luck and half of it is persistence. Vulnerabilities and persistence. All those quizzes that you take on Facebook, take your, the first street you lived on and the letter of your last name and your first pet's name and what that makes what your, you know, your stripper name is, I don't know, all those kind of things. That's all gathering your information about things about you that then hackers can use to get into any of your accounts. Cause those are the kind of things you might use as a password that you would think of like no one knows I lived on, you know, Barnaby street when I was five years old. Cause that's so far back in my past. So let's use that as a password. But then some of those things come up and say, what's this with this? And you every time you don't know, just don't just stop. That's one of those things that I, I went every time I see people, I know friends, family, library colleagues online taking those, the quizzes that what is your, and I just saw one today of someone, someone shared something of, something about their first pet's name. It was some sort of quiz related to that. And I was like, oh my gosh, no, just, yeah. And what is your first pet's name is also a really common question for security questions. Yeah, that thing too, security questions. And that's their name, mother's maiden name. Yeah. I always try and choose the really weird ones, like what's your second oldest cousin's middle name? I mean, weird, cause they do give you options like that too of these, not, not the typical ones. So go for the crazy answers that I like. See, and I did, they do start recommending that you say what was your first pet's name and you give a fake answer. And the problem is, what if you forget the fake answer? Yeah, what is the fake one? Yeah. And I actually, when I first learned about that, I started changing a few of my, past with my like backup security questions to that. And I couldn't get into my Kohl's account because I couldn't remember. You can remember what's fake when you see that's the problem. Yeah. So I actually wound up turning on two-factor authentications. That's a good thing to do, yes. Yes. And two-factor authentication is when you log into your account, you would put in your username and password. And then when you log in using the correct information, it would pop up a little screen that says get code. And then that code would be sent over either to your email address or mine goes to a text on your phone. Text in your phone, yep. And then it's like a little six-digit number that you go back into the site and then you enter in that number and then it'll let you into the account. Which is annoying. But it's safe. Yeah. I mean, and it's something that also comes up, I've seen a lot when I've, the first time using a device, like if you are out at a public place or you're borrowing someone else's laptop or you're at a library or internet cafe or something. So this is a particular piece of equipment you've been on for the first time. Things like your Facebook or your bank will say, we don't, you haven't used this device before. Yeah. Are you sure it's you? Let's do something to make sure it's you. And then they make you go through the extra steps, yeah. And a lot of time that this privacy and security stuff will make your life more annoying. But it helps. More annoying, but safe. Yeah. Safer. And I prefer to be annoyed than have people take over my entire Facebook account and get into my bank information and get into my Amazon account. Or having your identity stolen. That's what this is all. Yeah, and that is horrible to get out of those. Pretty much. And then, so in that handout that I am going to be putting out later, it'll be on the website with this. The archive. Yeah. So that one will also send you over to some resources, identity theft.gov that'll tell you what to do if you actually do get hacked. Because it's coming. It happens and you're probably going to actually get more library patrons walking in, going like, I got hacked. I need like resources information that will help me get through this. And this way you'll actually know you'll be able to give that to them. Because people make it. It's happening. That's why this industry, I suppose, we'll call it fishing and stealing people's identities to steal their money or whatever is so big. Because it works for some people. And the state of Nebraska actually has resources of its own too. Oh, cool. Depending on if anything was stolen and how much, you might be able to go to a small killing sport through the attorney general. And they also lead you over to identity theft.com and the Federal Trade Commission. And I have more links in the handout if you want to grab that later. And that's actually just a, that can even be a great thing to put on your own website, your library website that just says this is some privacy and security stuff that you can do. This is some links to some good password practice. And this is what you can do if it all goes wrong. You can try. You can do everything and steal something like it. There's no 90, there's no 100% protection, unfortunately. And if someone does claim that their source is 100% guaranteed to work, run. Just run. So I know, I know. So what can we actually do about all this? This is where that good password security comes in. So I've mentioned this repeatedly throughout this presentation and I'll mention it again. But this time I'm actually going to go into specific details about what makes a good password. And that is number one, don't reuse passwords. Because with that brute force attack, if someone gets access to your one single password, they're able to try that one, variations of it. And even if they get one really, really, really, really common thing I hear from everyone that I've been talking to is I reuse passwords for the account that don't matter. And like honestly, that's how a lot of people got into my fitness pal stuff like that because... You figured it out. Yeah, it doesn't matter. Why does it matter if people know how many calories they ate last week? Why would it matter? And it's because of that social engineering. It's because of the things that we do that we don't realize that we're doing. Because you use that one common password, but then you change it up, but you use the same pattern. Yeah. Or you use something that is personal to you that you'll remember. And then like anyone can go into your, a lot of the social media and stuff like that, especially if you have it listed as public, and then they can find out what you like and what you're into and where you've been and different things like that. And even if they don't know your actual password and they're able to find out the answers to your security questions, then they can still get into that. Or they can use their brute force attacks to guess the pattern of your password once they know it from an account that isn't important. That doesn't matter. Yeah. So even it's one of those things that it's better to be safe than sorry. And because we don't know how bad it can get if you're actually hacked. And hopefully you'll never find out. But so instead of using like the really, really, really, really convoluted, like turn a zero and turn an O into a zero and put all these random characters everywhere. They started recommending to use really long memorable passwords. Like this, a sentence. Yeah. Yeah. Because nobody does suspect the gummy bears. Now we will. It's true. Yeah. It's true. And even if you say something like some of the, there are some sites out there that will recommend using song lyrics, but I don't recommend using that just because those could be predicted potentially. Yeah. Like there are people that use Luke, I am your father. Done. Nope. No. So if you have a Beatles lyric or something that you can't get out of your head, your hacker can't get it out of their head either. So it's fun, it's catchy, but I'd probably avoid it. And I would, for when you're using that long passphrase, I would almost use things that are directly personal to you, but that a hacker just would not be able to guess. Like speaker and compass library time. Because why? Why would you? Yeah, what is that? Yeah. I know someone who had a password, there's something like, you know, where my daughter went to elementary school, something like that, which is like a sentence, but not anything identifiable, not like my daughter went to so-and-so school, but, and it was just like, okay, that's yeah. And that's the actual password, the sentence, where my daughter went to elementary school. And even if you do have your social media account locked down, your parents might not know. And they might have all of your kids' information just floating out there because they went to their school's like soccer game. And now people are able to get into it through that. So that's another reason to kind of keep your, like all patrons of all ages aware of social media safety and all this. Now, what about, I mean, you may have more examples of good guys for you, yeah. So this one is just in case, you know those sites that say you have to- That's what I was just gonna ask. What if they say you have to have an uppercase and a lowercase, you have to have a number and a special character, that you have to have these somewhere in your, yeah. So this one, it's all about where you put the special characters. Because most people, just because of the way grammar works, they'll put the special character directly at the end of the password. And it's just kind of an afterthought that says, I need this, I'm making me do it, so I'm gonna put an exclamation mark at the end and then I'll be on. Yeah. So hackers know that too. And it's just because it's the way people think. And that's how social engineering works is you study people and then you study their patterns and then you study how you can get into their stuff. And using the exclamation at the end is actually one of the most popular and common things. And it's actually how I used to answer special characters to my passwords before I did this presentation. After doing this, you then spent like three days re-changing all your passwords. And so adding a capital letter is also a really common one. Most people add the capital letter to the beginning, forward to the very tail end, which makes sense. I mean, anyone who studied grammar will just say, yes, that is just where it belongs. What is wrong with you? But instead for safety, we should actually put it in the middle. And or just kind of like in the first third or the last third of the password so that it's more difficult for social engineers to guess where you would put that. So that's why in that password example, it's good for you down there. I have that dollar sign and the exclamation point in the first third and the second third. You can also put a snack tab in the middle if you wanted to. And that good, there's a capital O and a zero. And instead of putting that all at the beginning or the end, it's mushed in the middle and spread out. And so it's more annoying to put it this way. And that's why they have password generators. So this password generator, it's through LastPass, which is the example of the password manager that I'm going to be mentioning. And this will let you go to their website. You do not have to have a LastPass account to be able to use this password generator. And you can give it criteria. So if the website says you need eight characters long and uppercase numbers, maybe it doesn't require a lower case, but it requires everything else. And just for your own, you can set it to be easy to read, easy to say. Saying something out loud is a good memory, a good easy way to remember that it seems. Oh, it's this thing that, yeah. Then if you want to be easy to say with a number in it. Oh, I don't like to do that. Can't say numbers, yeah. And then you can do all characters. So it's an easier way than trying to rack your brain, trying to figure out good combinations to use for it. And go back into here. You went for the password viewer, yeah. Yeah, it was a little kid sitting down, yeah. There it is, there it is. And this happens, I do this, we all do, but like I actually used to, for those accounts that don't matter, I actually, I did have the post-it note that I had stuck on my monitor, but I've since taken those down and I've locked them in a drawer. And so what I actually do is, I sad to say I cannot remember 60 different passwords that go to 60 different accounts. So I got little mini post-its and I stuck them inside of a notebook that I locked into a drawer. So every time I add a new password, I do a mini sticky note, stick it in. And then if I have to change the account for that password, I sticky over it. Change it to put a sticky in there, yeah. This is something that we're doing this show today because just last week, earlier this week, I was watching the most recent episode of elementary with Lucy Lu is Dr. Joan Watson and they were actually trying to get into someone's computer. And I can't remember if it was a good or bad guy, but so they were in the office with all these people and she asked one of the other staff, does your administration make you change your passwords regularly? And they said, oh yeah, it's such a hassle. Every 30 days we have to change it. Which is something that supposedly has become a... Good best practice. A best practice and in reality is not. And changing it regularly is not what makes it secure. Having a good password is what makes it secure. Having a good password, if you've made it strong enough using the tips we just gave you, will keep you, can keep you secure for like 20 years. You don't have to. Speak your uncompressed language. Yeah, don't use that one because now I've just told people it. But on the show, she actually said, actually they've discovered that changing your passwords more often than not is less secure. It makes things less secure because it's just picking things up and she picked up some mouse pad or something on the back of the mouse and just this version of the desk, sticky note, post it with a whole bunch of passwords so it's less secure to force your employees to change things regularly. And she was there, got it, got into their computer, boom. Which is why I keep it in a lock drawer. If you do have to though, because they make you, because some of these administration companies that have gotten stuck in their head that we have to make you change your passwords regularly, we have to do it for those of you who do e-rate, they make us change it now with this new system they have every 60 days. I have mine, I'm posted, it's because I do have to change them regularly. I change one character each time though, because they're making me do it. I don't come with a whole brand new one every time. I don't know how secure that is, but. The rest of it is pretty secure. I've got special characters, I've got lower characters. There's no real words in there that anyone would know about the number. But I don't do so good at hiding it, it's on my desk. But it's also, well, I don't know. It's account, I don't know that it cares, it's just me checking on things. And it's not a password I use for anything else at all. It is very specific only for that particular service. So it's not something that I've, yeah, I don't know. I need to do better at this hiding it thing, yeah. And I always ask myself, we're in a library, who's gonna be sifting through all the offices of a library? Here, yeah, at the state library, yeah. But I mean, you never know. And in a public library, it's actually more likely for someone to go back and go into the offices. Yeah, public space, yeah. Yeah. But it depends on where your offices are. Are they in a back room? Or if you have a back room. Yeah, that's more secure where it's definitely in love. But I know where I used to work at university. Some of our offices were just in like, a back corner of the building, or in a corner with just the one door into it. No staff only, no, you gotta go through circulation to get to it. It's that tech processing way behind a couple of doors. It was just a one door in there. Not secure at all, yeah. And if your CERC desk keeps their passwords stuck to the bottom there, people might be able to see it, especially since when you're working at the CERC desk, you sometimes have to twist your computer and show people things. CERC desk, reference desk, any public interaction spaces. Tide your passwords somewhere in somewhere that can be locked up. Pretty much. And so this is where the password manager comes in. And interestingly enough, I'm actually only gonna devote maybe about a few slides to the password manager because it's good information to have. But I will admit that it's a touch tedious to do. As you said earlier, how many accounts do people generally have? Between 40 and 60. And how many passwords in user games to remember? That's getting one of these set up to start with is a lot of work because you've got to enter. Incredibly helpful. It is remarkably helpful. And it is, and I'll go over how the security for a password manager works because one big question I get is if I'm storing all of my stuff in one place. What if they get my one password manager password? So a password manager, it does indeed store all of your passwords in one spot. Most of them let you do auto-fill on your browser and they use a browser extension to be able to do that. We've had a few public libraries that ran into their IT has locked down their browsers so they're not able to download their own extensions. So if your library has to do that, you'll probably have to get a password manager approved by your IT department before you'll be able to load anything like that in. But password managers on a shared computer are not always the greatest idea. So it'll depend on which password manager you choose. If it'll let you access your passwords from multiple different locations, even if it's not the location where the extension is downloaded into. And this will become a lot clearer when I go through the steps of how a password manager is set up because I have a feeling that this is one of those things that makes a hundred percent sense in my head. The next one, yeah. We'll go through it, it's okay. I added a clarification slide just because of that. And so one thing that I actually do like last pass for is because of that password generator. And because it'll let you just, when you go to the main website, when you try to access and log into your account, there'll be a little icon in your username, password and ID that has like a little three dot thing. When you click on that three dot thing, it means that last pass is connected in through that account. And it means that you can also generate secure passwords through that. And you can set up automatic password updates through last pass so that if your account does say you need to change this every blah, blah, blah days. Oh, it'll just automatically come up. Yeah, nice. Which is cool. And of course there's also a setting that you have to say because there's no way that last pass would be able to know that that's one of those accounts. Oh, sure. I'd have to tell it, yeah. And so you can also, you don't have to just be on a laptop or a desktop to be able to access this. They also have support for tablets and phones. So you can share your password manager across all of your different devices. But they do say that if you share your devices across multiple different people, of course, if you have that extension loaded in, anyone using that device would be able to- They're gonna have your passwords, yeah. So that is one thing to, I would actually recommend for librarians behind the rep desk or the surf desk that are working on privacy management for patrons. I would recommend that patrons use password managers and that you yourself use a password manager at home or on your non-shared work computer, but that you don't necessarily add a password manager to the computer lab that has shared computers, right? And they're still working on different, there are other ways to lock down those computers too, but they're still working out the best practices for how to store passwords and access your accounts on shared computers securely. Cause it's easier said than done. It's something we need, but it's, I can see how it can be very difficult, yeah. And there's, right now, there's a lot of conflicting information out there. Some people say, oh, you can definitely use a password manager on a shared computer. You just need to do this, this and this, and then you have to authenticate your login securely this way, but I don't actually recommend trying that because the settings are too easy to misconfigure on there. And honestly, privacy and security needs to come a little further before if you would feel safe recommending a password manager on a shared computer, but it's out there. And regardless of whether you're using a password manager to lock down your accounts, I would still use two-factor authentication because if you're using an insecure password on a lockdown account, it still won't help you. So I'd probably still use that two-factor that will let you log in and then get the code sent over to your phone or to your personal email, yeah. And use that as just added layer of security. I do that for my bank and for my, I do it for Facebook and I do it for, I'm adding it to more and more accounts too. And so the free password managers that are top rated by PC Magazine are LastPass, Mikey, and Logmuonce. LastPass is rated number one because of the security features that are on there. This is what it looks like. So this is, it's just a screenshot that I found online for what their login looks like. And on the left-hand side, you'll see the little block where all of your passwords are gonna pop up. You can actually store your payment card information directly in LastPass, I'm still steeped out about that and I haven't done it and I'm not going to. They have an option to add bank account information directly in there, you can add your ID information but I feel like that's just asking for trouble after a certain point. Isn't, was there something LastPass get? It was hacked? Yeah, at some point, yeah. They did not get access to the master passwords, they got access to email address and security backup portion answers. So, which is why I don't, like I'm just, there is no perfect privacy. Yeah. But it's because of this slide here, that is the reason I'm still recommending password managers. And it's because even though LastPass got hacked and they were able to get access to the email addresses and to the security question answers, LastPass never has access to your actual passwords in their server data bank. So they have access to. To keep it nice and separate. Yeah. So they have access to your, the hash that is encrypting your passwords and hash is like a freakishly long character code that your password gets converted into. So, and the vault that your passwords are stored in has 256 bit encryption. So you see that little white highlighted section that's right at the bottom that says two to the 256. That is the number of digits that is currently encrypting the password that goes to the vault. And so that vault password is stored in the LastPass server, but the decryption key is stored locally on your device. So in order to get into and access your passwords, you need to have both in the same, like you need to put both of them together. So even though LastPass got hacked, whoever got into it was not able to get to the next step to the actual passwords. So the hacker would still need to get into your own local device and then guess what that 256 bit character is. Good luck. You'll be able to get into it. And even with all the brute force password, that takes forever. So that is why I actually would still recommend using LastPass or Password Manager. And it's because of that extra security. And another common question that I get a lot is what about the password manager that's already in my browser? So you know how like Chrome or Firefox, they'll ask you want to save this password. I would say no. Yeah, and you should say no. So if you were to store it in the password manager that's in your actual browser, you don't have as much security because for most of them, it's all stored locally on your device. So everything that you would need is right there for them. And they are so Chrome and Firefox, you're actually ramping up the security on their password managers in their browser. So Firefox increased the encryption measure that they use. And Chrome is now they, Chrome is like locking down the encryption key and the store like location storage of where that goes, but it's still mostly just on your local device. So it's still safer to use these third party password managers than it is to use anything else. And again, it's because of this slide here. So we do have a question and well, there's kind of two questions actually, it is two questions. One, is it safe to create a Word document with your logins and passwords and keep it on your computer? You can password lock that file. If you do that, then yes. And then that would be safer. If someone's already introduced malware into your computer, they have a keystroke logger that would be able to find out what the password is to that file. So I would secure your computer and make sure there's no malware virus on it before you lock that down before you create one. And that's actually the second part of this same person's question, which I think leads into that connection. Do you have any advice about virus protection and security software like McAfee, Kepersky, et cetera? So Norton has a lot of really good information modules about what online security is. Norton is not perfect. McAfee is the most popular. I use McAfee at home. There are, I use Vast. Yeah, that's also a popular one. I would make sure that it has automated regular malware virus and browser protection security on everything. So browser protection security would be when you go to a website and it'll occasionally put that little pop-up up that says, are you really sure you want to go here? So you want to, man, you want a protection that will be able to do that. And both Norton and McAfee will do that. And you'll also want to check your budget that's available because, I mean, the best security in the world also costs a pretty penny. And those two, Norton and McAfee, they are huge companies. So they're able to offer a lower price point. And they also offer more security for a lower rate cost. And especially when you're talking about across many multiple computers at your library, public computer, staff computers, yeah. And if you leave multiple branches, then you might be able to get a price break for using multiple libraries. And if you have a certain number of, like, average patrons that go through or a certain number of computers that you need to lock down, when you hit a larger number, there are some companies that will do a price break. And so, like, that's why it's sometimes better to actually call them up or to talk to a representative. In your situation, how many computers, what you're doing, yeah. Yeah, because their website won't always give you all of the promotions and all of the everything that you need to know. And so Norton also has a table that will tell you the different viruses and worms and everything that's trying to attack you and what you can do about it. Yeah. And I'm 99% certain that I put that on the handout, but I also, I'm going to actually double check before we post it up. Because I may have just put those on my digital literacy things. Even doing multiple things, I know. Yeah, so I need to Norton. All right, so I'll get that one added on there if it's not already. So does that help? I think, I mean, you said, definitely we're documenting it down, but do your security on your computer first to make sure. Because if you already have malware on there that you accidentally loaded in through like a software that you downloaded or an app or something, then it would do you no good in the first place. Just thank you, yes. Sweet. If anybody does have any questions or anything, we did just hit 11 o'clock for those of you that are paying attention. But we did start a little late this morning too because I was getting things set up behind the scenes here. So we'll keep going until we get through everything that we want to talk about this morning. But if you do have any questions typing into the questions section, if you go to whatever webinar interface, you can make sure that, I mean, I think it's worth it. So remember when I said that I would do a clarification slide for how you actually set up LastPass? This is the one. So when you have all of your passwords updated so that they're secure, then you can sign up for LastPass. I used the free account when I did my demo account. And that one will just let you store all of your passwords in one spot and you'll get all the security features that go with LastPass. And then I downloaded a browser extension for Chrome, Firefox, and that was pretty much it because those are my top two. And so that means that when I go to a website using either one of those browsers, then it'll pop up that little LastPass icon that says you have LastPass attached to this specific account. And if I don't have LastPass attached to the account, it'll ask me if I want to add it when I do the first login. Cool. And it'll, when you set up your LastPass account, it'll ask you to set up a master password. That master password is how you yourself would get into your LastPass account to update any changes, to add accounts, to do what you want with it. And if you lose that master password, you're probably going to lose all of your passwords too. And there is, so they did introduce a forgot password function to it. I haven't tested it yet, so hopefully it works pretty well. And you can also add, you can add things manually to your password vaults or you can use that little browser extension to get the browser to add it for you. And honestly, what probably takes the longest is going back through all of your accounts and making sure that everything actually is secure. Because as I said, using your email address and password 123 is a password, totally negates everything that you would get from using a password manager. So try out the password generator. It does good things. And if you, whether or not you do set up a password manager that two-factor authentication helps a lot. And this one I'm actually going to skip over because I went through everything pretty much earlier on. And my biggest recommendation is start talking to patrons about all this stuff. Because it's great that we're going through this presentation right now, but everyone in your library needs to know it too. I know I've heard some libraries doing sessions, doing trainings on this. Oh yeah, which is awesome. How to do, you know, for their patrons to come in and they will tell them here's good practices and ways to keep yourself safe and avoid phishing scams and all of this, yeah. And a good exercise to put people through is to just grab some scratch paper from the CERC desk and just ask people to make their own password example. And then do the code. Then they can hand it in and then you can go over and say, well, this works because of this and this doesn't work because of this. And I'm also putting together a password guideline list that'll be in that handout too. That gives like the most common criteria and it links over to different security expert websites that tell you everything they need to know about building a secure password. So that little checklist basically looks like, do you have a special care? If you are required to use a special character, where is it located in your password? That matters, yeah. If you're using a passphrase, is it in a song lyric or is it the title of a popular movie that people can guess? And are you using secure password reminder questions that you can't find on Facebook? And just different stuff like that. Now I have a question about the last pass password manager. Now you talked about putting a browser extension, so that would be putting it onto your own computer for your user. It's not like the public access ones or whatnot. How do you take your last pass with you when you're going somewhere else? Like if I need to log in to my email securely, so you have it on your phone. Like if I want to go like on this computer here, which isn't mine, but it's somewhere else, how do I get last pass to do my password there? So you can, if you have access, you can load the browser extension into that specific device. Okay. And then it will say, do you have a last pass, then you do the master password to log in and do your thing. Okay. And if you, if for whatever reason, it is absolutely vital that you put your extension onto a separate device that is shared, I would log out of your last pass and then uninstall the extension after your one time use. And that'll help security. It's not perfect, but it'll help. And I mean the lab test we use here, I mean we basically know everyone who uses it. Yeah. That's that. Yeah. So I'm not as personally worried about that, but it's just the shared computers in the library. Sure. Because I mean the memory might be, yeah. And another, so another good exercise to do with the library patrons is starting to get people to think about this in context. So a lot of libraries are doing things that show how to set up an online account. So I would add like a little block in there that says this is good password security practice. And this is where you can start storing your passwords. And if you don't want to use a password manager, these are some safe ways that you can store it in a locked door or in a, I don't know, keep like a mini volt in your purse or something. And if you do store your passwords digitally, try to password protect them. I used to store them in the memo in my phone. And I actually, I still kind of do, but I started doing a password protected memo app. Cool. And that helps, yeah. So are there any pressing password questions? Yeah. If you have anything, type it into your question section and go to webinar and we'll get them answered. But other than that, that's pretty much the long and the short of all the password management. There are some other links that are available in the handout and you'll get some refreshers that are, that I covered in this session. And you'll also get some, how to use past the password managers and recommendations of some free ones and just best practices as we have them now. Okay. That'll be included when we do the archive. Yeah. Well, you know, later today. All right. Well, yeah, that will be when we post up the recording of this, which I actually, since we don't seem to have any other password related questions, I think I'll go to that. Let's see. Escape out of this. I can get over to our library commission website. Yes. So, thank you, Amanda, I guess. Well, this is great. I always say this is great to learn everything we learned, but scared us too. I want to go now and like take a day off and just figure out all my passwords and get, and figure out last pass and do it. And it is just, it is daunting, but I know it's better than having my identity stolen. I know that did happen a few years ago to my sister. It's not a, it's not a fun thing at all to have to undo all of those things that can happen. I know when you need identity theft.gov, it is not fun. No. Once you got to that point, it's, yeah. So you can prevent that. This is, this is great. So on our, on our website, if you used your search engine of choice, or if you go to our library commission website, if you have a search feature here, you can type in, go ahead and type in encompass live. And so far on the internet, we're the only thing called that. Nobody else can use this name. Haven't like trademarked or anything, but anyway. This is our main encompass live website. We have our upcoming shows, but our archives are right here underneath and today's show will be posted here. Most recent ones go at the top of the list. We'll have a recording of this presentation and a link to the handout. And I think you have a handout for your last one. I, yes. We did a presentation of some sort. Well, that might have been the slides, I don't know. I haven't done the one before. Okay. So at the top of the list here will be today's archive, which will have a link to well the slides and the recording and then the third link in there of the presentation itself as well. That should be done by the end of the day today. That would be my goal. But like the handouts just saved in Google slide in Google Docs. Right. So we'll have a link there. Everybody who attended today's show and registered for today's show can email directly from me letting you know when the recording and the archive and everything is up there and ready for you. We'll also post that to our various social media mailing lists here at the commission, Facebook, Twitter, the usual places where we promote that. I'll think about the show. So while we're here in the archives, I will also show you this is the archives of the entire show for Encompass Live and Encompass Live hit premiered in January 2009. So we have 10 years. This is the 11th year that we're in right now. We have 10 years worth of archives here. So you can see here we have a search feature now for searching the entire archives or if you want just really current information just in less recent 12 months. And you can search for any keyword. It would be the person's name, part of a title, a description of a show, whatever you want. You can look up pretty sweet tech and get all of those if you want. So when you are looking at our archives, pay attention though everything has the date of when it was originally broadcast. So some of the information in here may be old, maybe outdated. These services or products or websites might not work anymore. But we are librarians. This is what we do. We save and archive things and we'll always have our full archives up here available to you. But just do pay attention when you're watching something to when the original program was done so you know that it might be a little older. Certain things last no matter what. But it depends on the topic. When you're on here. A lot of tech stuff out dates pretty quick. It does, yes. Which is why we're going to have Amanda here every month. So our next shows, here's our schedule for the next couple of months is here. The next pretty sweet tech with, I mean it will be August 14th in the middle of the month there. I'm not sure if you have a topic yet for that. I'm drawing between iot and chatbots in the library. All right, well we'll see. We'll nail it down before the 14th so you know what to expect. But that will be the next time that our pretty sweet tech will be on the show. And then after that it will be the last Wednesday of every month. I should put topics up for vote. You could, sure. But next week's show will be fun, easy, and inexpensive teen nights a.k.a. after hours nights. So this will be for next week's show. Jeanne Hill from Jents Memorial Library here in Minden, Nebraska talked about some really good successes they've had with those after hours lock in type things with their teens at their library. So if you're trying to get some ideas for your teens please do sign up for that show or any of our other upcoming shows that we have here. Teen tech. I'm just jotting down a note for myself. There's a teen tech week. I don't know what that is. That also does. And Compass Live is also on Facebook. If you are a big Facebook user there we go. Here is a reminder to log into today's show. Facebook is having trouble with images to this morning. No, I don't want to log in right now. But we post on here anything when our shows are coming up. Our reminders are to log in for shows when the recordings are available. So if you are big on Facebook please do give us a like over there and you'll be notified of what's going on on the show. Other than that that wraps it up for today's show. Thank you everyone for attending. Thank you for telling us how to be safe and secure. And everyone have a safe and happy 4th of July tomorrow. No firecrackers. Don't do anything too dangerous. So thank you very much. We'll see you next time on Compass Live. Bye-bye.