Login
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
Taylor Monahan is lead product manager of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain. Since late December 2022, Monahan and other researchers have identified a highly reliable set of clues that they say connect recent thefts targeting more than 150 people. Collectively, these individuals have been robbed of more than $35 million worth of crypto.
Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals. Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of oneβs email and/or mobile phone accounts.
βThe victim profile remains the most striking thing,β Monahan wrote. βThey truly all are reasonably secure. They are also deeply integrated into this ecosystem, [including] employees of reputable crypto orgs, VCs [venture capitalists], people who built DeFi protocols, deploy contracts, run full nodes.β
Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug. 28, Monahan said sheβd concluded that the common thread among nearly every victim was that theyβd previously used LastPass to store their βseed phrase,β the private key needed to unlock access to their cryptocurrency investments.
MetaMask owner Taylor Monahan on Twitter. Image: twitter.com/tayvano_
Armed with your secret seed phrase, anyone can instantly access all of the cryptocurrency holdings tied to that cryptographic key, and move the funds to anywhere they like.
Which is why the best practice for many cybersecurity enthusiasts has long been to store their seed phrases either in some type of encrypted container β such as a password manager β or else inside an offline, special-purpose hardware encryption device, such as a Trezor or Ledger wallet.
βThe seed phrase is literally the money,β said Nick Bax, director of analytics at Unciphered, a cryptocurrency wallet recovery company. βIf you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. And you can transfer my funds.β
Bax said he closely reviewed the massive trove of cryptocurrency theft data that Taylor Monahan and others have collected and linked together.
βItβs one of the broadest and most complex cryptocurrency investigations Iβve ever seen,β Bax said. βI ran my own analysis on top of their data and reached the same conclusion that Taylor reported. The threat actor moved stolen funds from multiple victims to the same blockchain addresses, making it possible to strongly link those victims.β
Bax, Monahan and others interviewed for this story say theyβve identified a unique signature that links the theft of more than $35 million in crypto from more than 150 confirmed victims, with roughly two to five high-dollar heists happening each month since December 2022.
KrebsOnSecurity has reviewed this signature but is not publishing it at the request of Monahan and other researchers, who say doing so could cause the attackers to alter their operations in ways that make their criminal activity more difficult to track.
But the researchers have published findings about the dramatic similarities in the ways that victim funds were stolen and laundered through specific cryptocurrency exchanges. They also learned the attackers frequently grouped together victims by sending their cryptocurrencies to the same destination crypto wallet.
A graphic published by @tayvano_ on Twitter depicting the movement of stolen cryptocurrencies from victims who used LastPass to store their crypto seed phrases.
By identifying points of overlap in these destination addresses, the researchers were then able to track down and interview new victims. For example, the researchers said their methodology identified a recent multi-million dollar crypto heist victim as an employee at Chainalysis, a blockchain analysis firm that works closely with law enforcement agencies to help track down cybercriminals and money launderers.
Chainalysis confirmed that the employee had suffered a high-dollar cryptocurrency heist late last month, but otherwise declined to comment for this story.
Bax said the only obvious commonality between the victims who agreed to be interviewed was that they had stored the seed phrases for their cryptocurrency wallets in LastPass.
βOn top of the overlapping indicators of compromise, there are more circumstantial behavioral patterns and tradecraft which are also consistent between different thefts and support the conclusion,β Bax told KrebsOnSecuirty. βIβm confident enough that this is a real problem that Iβve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.β
LastPass declined to answer questions about the research highlighted in this story, citing an ongoing law enforcement investigation and pending litigation against the company in response to its 2022 data breach.
βLast yearβs incident remains the subject of an ongoing investigation by law enforcement and is also the subject of pending litigation,β LastPass said in a written statement provided to KrebsOnSecurity. βSince last yearβs attack on LastPass, we have remained in contact with law enforcement and continue to do so.β
Their statement continues:
βWe have shared various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts as well as our internal and external threat intelligence and forensic partners in an effort to try and help identify the parties responsible. In the meantime, we encourage any security researchers to share any useful information they believe they may have with our Threat Intelligence team by contacting securitydisclosure@lastpass.com.β
On August 25, 2022, LastPass CEO Karim Toubba wrote to users that the company had detected unusual activity in its software development environment, and that the intruders stole some source code and proprietary LastPass technical information. On Sept. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.
But on Nov. 30, 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault.
βThis was accomplished by targeting the DevOps engineerβs home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,β LastPass officials wrote. βThe threat actor was able to capture the employeeβs master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineerβs LastPass corporate vault.β
Dan Goodin at Ars TechnicaΒ reported and then confirmed that the attackers exploited a known vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.
As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. On August 24, 2022, Plexβs security team urged users to reset their passwords, saying an intruder had accessed customer emails, usernames and encrypted passwords.
A basic functionality of LastPass is that it will pick and remember lengthy, complex passwords for each of your websites or online services. To automatically populate the appropriate credentials at any website going forward, you simply authenticate to LastPass using your master password.
LastPass has always emphasized that if you lose this master password, thatβs too bad because they donβt store it and their encryption is so strong that even they canβt help you recover it.
But experts say all bets are off when cybercrooks can get their hands on the encrypted vault data itself β as opposed to having to interact with LastPass via its website. These so-called βofflineβ attacks allow the bad guys to conduct unlimited and unfettered βbrute forceβ password cracking attempts against the encrypted data using powerful computers that can each try millions of password guesses per second.
βIt does leave things vulnerable to brute force when the vaults are stolen en masse, especially if info about the vault HOLDER is available,β said Nicholas Weaver, a researcher at University of California, BerkeleyβsΒ International Computer Science Institute (ICSI) and lecturer at UC Davis. βSo you just crunch and crunch and crunch with GPUs, with a priority list of vaults you target.β
How hard would it be for well-resourced criminals to crack the master passwords securing LastPass user vaults? Perhaps the best answer to this question comes from Wladimir Palant, a security researcher and the original developer behind the Adblock Plus browser plugin.
In a December 2022 blog post, Palant explained that the crackability of a LastPass master password depends largely on two things: The complexity of the master password, and the default settings for LastPass users, which appear to have varied quite a bit based on when those users began patronizing the service.
LastPass says that since 2018 it has required a twelve-character minimum for master passwords, which the company said βgreatly minimizes the ability for successful brute force password guessing.β
But Palant said while LastPass indeed improved its master password defaults in 2018, it did not force all existing customers who had master passwords of lesser lengths to pick new credentials that would satisfy the 12-character minimum.
βIf you are a LastPass customer, chances are that you are completely unaware of this requirement,β Palant wrote. βThatβs because LastPass didnβt ask existing customers to change their master password. I had my test account since 2018, and even today I can log in with my eight-character password without any warnings or prompts to change it.β
Palant believes LastPass also failed to upgrade many older, original customers to more secure encryption protections that were offered to newer customers over the years. One important setting in LastPass is the number of βiterations,β or how many times your master password is run through the companyβs encryption routines. The more iterations, the longer it takes an offline attacker to crack your master password.
Palant noted last year that for many older LastPass users, the initial default setting for iterations was anywhere from β1β to β500.β By 2013, new LastPass customers were given 5,000 iterations by default. In February 2018, LastPass changed the default to 100,100 iterations. And very recently, it upped that again to 600,000.
Palant said the 2018 change was in response to a security bug report he filed about some users having dangerously low iterations in their LastPass settings.
βWorse yet, for reasons that are beyond me, LastPass didnβt complete this migration,β Palant wrote. βMy test account is still at 5,000 iterations, as are the accounts of many other users who checked their LastPass settings. LastPass would know how many users are affected, but they arenβt telling that. In fact, itβs painfully obvious that LastPass never bothered updating usersβ security settings. Not when they changed the default from 1 to 500 iterations. Not when they changed it from 500 to 5,000. Only my persistence made them consider it for their latest change. And they still failed implementing it consistently.β
A chart on Palantβs blog post offers an idea of how increasing password iterations dramatically increases the costs and time needed by the attackers to crack someoneβs master password. Palant said it would take a single GPU about a year to crack a password of average complexity with 500 iterations, and about 10 years to crack the same password run through 5,000 iterations.
Image: palant.info
However, these numbers radically come down when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.
Weaver said a password or passphrase with average complexity β such as βCorrect Horse Battery Stapleβ is only secure against online attacks, and that its roughly 40 bits of randomness or βentropyβ means a graphics card can blow through it in no time.
βAn Nvidia 3090 can do roughly 4 million [password guesses] per second with 1000 iterations, but that would go down to 8 thousand per second with 500,000 iterations, which is why iteration count matters so much,β Weaver said. βSo a combination of βnot THAT strong of a passwordβ and βold vaultβ and βlow iteration countβ would make it theoretically crackable but real work, but the work is worth it given the targets.β
Reached by KrebsOnSecurity, Palant said he never received a response from LastPass about why the company apparently failed to migrate some number of customers to more secure account settings.
βI know exactly as much as everyone else,β Palant wrote in reply. βLastPass published some additional information in March. This finally answered the questions about the timeline of their breach β meaning which users are affected. It also made obvious that business customers are very much at risk here, Federated Login Services being highly compromised in this breach (LastPass downplaying as usual of course).β
Palant said upon logging into his LastPass account a few days ago, he found his master password was still set at 5,000 iterations.
KrebsOnSecurity interviewed one of the victims tracked down by Monahan, a software engineer and startup founder who recently was robbed of approximately $3.4 million worth of different cryptocurrencies. The victim agreed to tell his story in exchange for anonymity because he is still trying to claw back his losses. Weβll refer to him here as βConnorβ (not his real name).
Connor said he began using LastPass roughly a decade ago, and that he also stored the seed phrase for his primary cryptocurrency wallet inside of LastPass. Connor chose to protect his LastPass password vault with an eight character master password that included numbers and symbols (~50 bits of entropy).
βI thought at the time that the bigger risk was losing a piece of paper with my seed phrase on it,β Connor said. βI had it in a bank security deposit box before that, but then I started thinking, βHey, the bank might close or burn down and I could lose my seed phrase.'β
Those seed phrases sat in his LastPass vault for years. Then, early on the morning of Sunday, Aug. 27, 2023, Connor was awoken by a service heβd set up to monitor his cryptocurrency addresses for any unusual activity: Someone was draining funds from his accounts, and fast.
Like other victims interviewed for this story, Connor didnβt suffer the usual indignities that typically presage a cryptocurrency robbery, such as account takeovers of his email inbox or mobile phone number.
Connor said he doesnβt know the number of iterations his master password was given originally, or what it was set at when the LastPass user vault data was stolen last year. But he said he recently logged into his LastPass account and the system forced him to upgrade to the new 600,000 iterations setting.
βBecause I set up my LastPass account so early, Iβm pretty sure I had whatever weak settings or iterations it originally had,β he said.
Connor said heβs kicking himself because he recently started the process of migrating his cryptocurrency to a new wallet protected by a new seed phrase. But he never finished that migration process. And then he got hacked.
βIβd set up a brand new wallet with new keys,β he said. βI had that ready to go two months ago, but have been procrastinating moving things to the new wallet.β
Connor has been exceedingly lucky in regaining access to some of his stolen millions in cryptocurrency. The Internet is swimming with con artists masquerading as legitimate cryptocurrency recovery experts. To make matters worse, because time is so critical in these crypto heists, many victims turn to the first quasi-believable expert who offers help.
Instead, several friends steered Connor to Flashbots.net, a cryptocurrency recovery firm that employs several custom techniques to help clients claw back stolen funds β particularly those on the Ethereum blockchain.
According to Connor, Flashbots helped rescue approximately $1.5 million worth of the $3.4 million in cryptocurrency value that was suddenly swept out of his account roughly a week ago. Lucky for him, Connor had some of his assets tied up in a type of digital loan that allowed him to borrow against his various cryptocurrency assets.
Without giving away too many details about how they clawed back the funds, hereβs a high level summary: When the crooks who stole Connorβs seed phrase sought to extract value from these loans, they were borrowing the maximum amount of credit that he hadnβt already used. But Connor said that left open an avenue for some of that value to be recaptured, basically by repaying the loan in many small, rapid chunks.
According to MetaMaskβs Monahan, users who stored any important passwords with LastPass β particularly those related to cryptocurrency accounts β should change those credentials immediately, and migrate any crypto holdings to new offline hardware wallets.
βReally the ONLY thing you need to read is this,β Monahan pleaded to her 70,000 followers on Twitter/X: βPLEASE DONβT KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END. Split up your assets. Get a hw [hardware] wallet. Migrate. Now.β
If you also had passwords tied to banking or retirement accounts, or even just important email accounts β now would be a good time to change those credentials as well.
Iβve never been comfortable recommending password managers, because Iβve never seriously used them myself. Something about putting all your eggs in one basket. Heck, Iβm so old-fashioned that most of my important passwords are written down and tucked away in safe places.
But I recognize this antiquated approach to password management is not for everyone.Β Connor says he now uses 1Password, a competing password manager that recently earned the best overall marks from Wired and The New York Times.
1Password says that three things are needed to decrypt your information: The encrypted data itself, your account password, and your Secret Key. Only you know your account password, and your Secret Key is generated locally during setup.
βThe two are combined on-device to encrypt your vault data and are never sent to 1Password,β explains a 1Password blog post βWhat If 1Password Gets Hacked?β βOnly the encrypted vault data lives on our servers, so neither 1Password nor an attacker who somehow manages to guess or steal your account password would be able to access your vaults β or whatβs inside them.
Weaver said that Secret Key adds an extra level of randomness to all user master passwords that LastPass didnβt have.
βWith LastPass, the idea is the userβs password vault is encrypted with a cryptographic hash (H) of the userβs passphrase,β Weaver said. βThe problem is a hash of the userβs passphrase is remarkably weak on older LastPass vaults with master passwords that do not have many iterations. 1Password uses H(random-key||password) to generate the password, and it is why you have the QR code business when adding a new device.β
Weaver said LastPass deserves blame for not having upgraded iteration counts for all users a long time ago, and called the latest forced upgrades βa stunning indictment of the negligence on the part of LastPass.β
βThat they never even notified all those with iteration counts of less than 100,000 β who are really vulnerable to brute force even with 8-character random passwords or βcorrect horse battery stapleβ type passphrases β is outright negligence,β Weaver said. βI would personally advocate that nobody ever uses LastPass again: Not because they were hacked. Not because they had an architecture (unlike 1Password) that makes such hacking a problem. But because of their consistent refusal to address how they screwed up and take proactive efforts to protect their customers.β
Bax and Monahan both acknowledged that their research alone can probably never conclusively tie dozens of high-dollar crypto heists over the past year to the LastPass breach. But Bax says at this point he doesnβt see any other possible explanation.
βSome might say itβs dangerous to assert a strong connection here, but Iβd say itβs dangerous to assert there isnβt one,β he said. βI was arguing with my fiance about this last night. Sheβs waiting for LastPass to tell her to change everything. Meanwhile, Iβm telling her to do it now.β
Farewell, summer. Hello, back-to-school season! While the chill may not be in the air yet, parents may be feeling the slight shiver of unease as their kids, tweens, teens, and young adults return to school and become re-entangled with the technology they use for their education and budding social lives.Β
Before they hop on the bus or zoom off to college, alert your children to the following 10 online cybersecurity best practices to ensure a safe school year online.Β
It sounds obvious but impart the importance to your kids of keeping their eyes on their devices at all times. Lost cellphones and laptops are not only expensive to replace but you lose control of the valuable personally identifiable information (PII) they contain. Protect all devices with unique, hard-to-guess passwords. Even better, enable biometric passwords, such as fingerprint or face ID. These are the hardest passwords to crack and can keep the information inside lost or stolen devices safe.Β
Streaming services host the most buzzworthy shows. All their friends may be raving about the latest episodes of a zombie thriller or sci-fi visual masterpiece, but alas: Your family doesnβt have a subscription to the streaming service. Cash-conscious college students especially may attempt to save money on streaming by sharing passwords to various platforms. Alert your children to the dangers of doing so. Sharing a password with a trusted best friend might not seem like a cyberthreat, but if they share it with a friend who then shares it with someone else who may not be so trustworthy, you just handed the keys to a criminal to walk right in and help themselves to your PII stored on the streaming serviceβs dashboard.Β Β Β Β Β
Once the cybercriminal has your streaming service password, they may then attempt to use it to break into other sensitive online accounts. Criminals bank on people reusing the same passwords across various accounts. So, make sure that your children always keep their passwords to themselves and have unique passwords for every account. If theyβre having a difficult time remembering dozens of passwords, sign them up for a password manager that can store passwords securely.Β
Walk down any city or suburban street, and youβre likely to see at least one Gen Zer filming themselves doing the latest dance trend or taking carefully posed pictures with their friends to share on social media. According to one survey, 76% of Gen Zers use Instagram and 71% are on social media for three hours or more every day.1 And while theyβre on social media, your children are likely posting details about their day. Some details β like what they ate for breakfast β are innocent. But when kids start posting pictures or details about where they go to school, where they practice sports, and geotagging their home addresses, this opens them up to identity fraud or stalking.Β Β
Encourage your children to keep some personal details to themselves, especially their full names, full birthdates, addresses, and where they go to school. For their social media handles, suggest they go by a nickname and omit their birth year. Also, itβs best practice to keep social media accounts set to private. If they have aspirations to become the internetβs next biggest influencer or video star, they can create a public account thatβs sparse on personal details.Β
Cyberbullying is a major concern for school-age children and their parents. According to McAfeeβs βLife Behind the Screens of Parents, Tweens, and Teens,β 57% of parents worry about cyberbullying and 47% of children are similarly uneasy about it. Globally, children as young as 10 years old have experienced cyberbullying.Β Β
Remind your children that they should report any online interaction that makes them uncomfortable to an adult, whether thatβs a teacher, a guidance counselor, or a family member. Breaks from social media platforms are healthy, so consider having the whole family join in on a family-wide social media vacation. Instead of everyone scrolling on their phones on a weeknight, replace that time with a game night instead.Β
ChatGPT is all the rage, and procrastinators are rejoicing. Now, instead of spending hours writing essays, students can ask artificial intelligence to compose them for them. ChatGPT is just the latest tool corner-cutters are adding to their toolbelt. Now that most kids, tweens, and teens have cell phones in their pockets, that means they also basically have cheating devices under their desks.Β
To deter cheating, parents should consider lessening the pressure upon their kids to receive a good grade at any cost. School is all about learning, and the more a student cheats, the less they learn. Lessons often build off previous units, so if a student cheats on one test, future learning is built upon a shaky foundation of previous knowledge. Also, students should be careful about using AI as a background research tool, as it isnβt always accurate.Β
Phishing happens to just about everyone with an email address, social media account, or mobile phone. Cybercriminals impersonate businesses, authority figures, or people in dire straits to gain financially from unsuspecting targets. In contrast, an adult who carefully reads their online correspondences can often pick out a phisher from a legitimate sender, tweens and teens who rush through messages and donβt notice the tell-tale signs could fall for a phisher and give up their valuable PII. Β
Pass these rules on to your students to help them avoid falling for phishing scams:Β
Social engineering is similar to phishing in that it is a scheme where a cybercriminal ekes valuable PII from people on social media and uses it to impersonate them elsewhere or gain financially. Social engineers peruse public profiles and create scams targeted specifically to their targetβs interests and background. For instance, if they see a person loves their dog, the criminal may fabricate a dog rescue fundraiser to steal their credit card information.Β
Itβs important to alert your children (and remind your college-age young adults) to be on the lookout for people online who do not have pure intentions. Itβs safest to deal with any stranger online with a hefty dose of skepticism. If their heartstrings are truly tugged by a story they see online, they should consider researching and donating their money or time to a well-known organization that does similar work.Β
With an election on the horizon, there will probably be an uptick in false new reports. Fake news spreaders are likely to employ AI art, deepfake, and ChatGPT-written βnewsβ articles to support their sensationalist claims. Alert your students β especially teens and young adults who may be interested in politics β to be on the lookout for fake news. Impart the importance of not sharing fake news with their online followers, even if theyβre poking fun at how ridiculous the report is. All it takes is for one person to believe it, spread it to their network, and the fake news proponents slowly gather their own following. Fake news turns dangerous when it incites a mob mentality.Β
To identify fake news, first, read the report. Does it sound completely outlandish? Are the accompanying images hard to believe? Then, see if any other news outlet has reported a similar story. Genuine news is rarely isolated to one outlet.Β Β Β
Parents with students who have a budding interest in current events should share a few vetted online news sources that are well-established and revered for their trustworthiness.Β
In a quest for free shows, movies, video games, and knockoff software, students are likely to land on at least one risky website. Downloading free media onto a device from a risky site can turn costly very quickly, as malware often lurks on files. Once the malware infects a device, it can hijack the deviceβs computing power for the cybercriminalβs other endeavors, or the malware could log keystrokes and steal passwords and other sensitive information.Β
With the threat of malware swirling, itβs key to share safe downloading best practices with your student. A safe browsing extension, like McAfee Web Advisor, alerts you when youβre entering a risky site where malware and other shifty online schemes may be hiding.Β
Dorms, university libraries, campus cafes, and class buildings all likely have their own Wi-Fi networks. While school networks may include some protection from outside cybercriminals, networks that you share with hundreds or thousands of people are susceptible to digital eavesdropping.Β Β Β
To protect connected devices and the important information they house, connect to a virtual private network (VPN) whenever youβre not 100% certain of a Wi-Fiβs safety. VPNs are quick and easy to connect to, and they donβt slow down your device.Β Β
Dealing with technology is an issue that parents have always faced. While it used to be as simple as limiting TV time, they now deal with monitoring many forms of technology. From eyes glued to smartphones all day to hours spent playing video games, kids are immersed in technology.
Safe technology use doesnβt come as second nature β it needs to be taught. As a parent, the issues of when to get your child a phone, too much screen time, and online harassment are top of mind. To address these concerns, itβs important to set boundaries and teach safe technology use. One way to do this is by creating a family media agreement or contract.
Family device agreements help teach proper technology use and set expectations. They allow you to start an open conversation with your kids and encourage them to be part of the decision-making. By creating a family device agreement, your kids will know their boundaries and have concrete consequences for breaking them.
In todayβs parenting, you may want to consider creating a McAfee Family Device Agreement. The most important thing is to have an agreement that is suitable for your kidsβ ages and maturity and one that works for your familyβs schedule. Thereβs no point making your kids sign an agreement that limits their time on Instagram when theyβre probably quite happy visiting only the online sites that you have βbookmarkedβ for them.Β
While diligence and good cyber habits can lessen the impact of many of these 10 threats, a cybersecurity protection service gives parents and their students valuable peace of mind that their devices and online privacy are safe. McAfee+Β is the all-in-one device, privacy, and identity protection service that allows the whole family to live confidently online.Β Β
1Morning Consult, βGen Z Is Extremely OnlineβΒ Β
The post 10 Back-to-School Tech Tips for Kids, Teens and College Students appeared first on McAfee Blog.
The first of August marks the celebration of World Wide Web Day β a day dedicated to the global network that powers our online activity, creating a wealth of knowledge at our fingertips. The World Wide Web (WWW) has revolutionized the way we communicate, learn, and explore, becoming an integral part of our daily lives. With the importance of the internet only growing stronger, itβs only fitting to honor the World Wide Web with a special day of commemoration. But with the internet comes risks, and itβs important to make sure your family is protected from potential threats. Here are some tips and tricks to keep your family safe online.Β
Phishing scams are a type of fraud that involves sending emails or other messages that appear to be from a legitimate source. The goal of these messages is to trick users into providing personal information such as passwords, credit card numbers, and bank account details. To protect against phishing scams, teach your family to: Β
Identity theft is a crime in which someone uses another personβs personal information to commit fraud or other crimes. Teach your family to protect against identity theft by: Β
A virtual private network (VPN) is a type of technology that provides a secure connection to a private network over the internet. A VPN can help protect your familyβs online activity by encrypting the data and hiding your online activity from others. To ensure your familyβs online safety, teach them to: Β
Strong passwords are an important part of online security. Teach your family to create strong passwords and to never share them with anyone. Additionally, use a password manager to store and manage your familyβs passwords. A password manager can help by: Β
To conclude, celebrations on World Wide Web Day allow us to give thanks for the incredible world of knowledge, commerce, entertainment, communication, and innovation that the internet has provided, and continues to provide for us all. By following these tips and tricks, your family can stay safe online and enjoy all the benefits of the internet. Happy World Wide Web Day!Β
The WWW has enabled us to achieve so many things that were simply impossible before. From the ability to catch up with friends and family across the globe to finding information about virtually any topic, the power of the internet is remarkable. In fact, the World Wide Web has significantly enriched our lives in countless ways.Β
Did you know that the first-ever image posted on the World Wide Web was a photo of Les Horribles Cernettes, a parody pop band founded by employees at CERN? It was uploaded in 1992 by Sir Tim Berners-Lee, who used a NeXT computer as the first-ever web server. And although we use the term βsurfing the netβ regularly, do you know who actually coined the phrase? A librarian by the name of Jean Armour Polly wrote an article titled βSurfing the Internetβ in the Wilson Library Bulletin at the University of Minnesota in 1992.Β
There are many other remarkable facts about the World Wide Web, including its growth over the years. By the start of the year 1993, there were only 50 servers worldwide, but that number had grown to over 500 by October of the same year. Advances in data compression enabled media streaming to happen over the web, which was previously impractical due to high bandwidth requirements for uncompressed media. Although the number of websites online was still small in comparison to todayβs figure, notable sites such as Yahoo! Directory and Yahoo! Search were launched in 1994 and 1995, respectively, marking the beginning of web commerce.Β
On World Wide Web Day, you can celebrate by exploring the capabilities of the internet and discovering how it has changed over the years. Many organizations worldwide host events featuring conversations and interviews with technology leaders, entrepreneurs, and creators. There are also different talks, activities, and discussions online that you can join, allowing you to delve deeper into the history and potential of the World Wide Web. You could even consider running an event at your local business to market the day and celebrate what WWW has done for us all!Β
The post World Wide Web Day: How to Protect Your Family Online appeared first on McAfee Blog.
FreshRSS 