TIME privacy

What Uber Still Won’t Say About Your Data

Travis Kalanick, chief executive officer of Uber Technologies Inc., gestures as he speaks during the Institute of Directors (IOD) annual convention at the Royal Albert Hall in London, U.K., on Oct. 3, 2014.
Travis Kalanick, chief executive officer of Uber Technologies Inc., gestures as he speaks during the Institute of Directors (IOD) annual convention at the Royal Albert Hall in London, U.K., on Oct. 3, 2014. Chris Ratcliffe—Bloomberg/Getty Images

A privacy audit left some questions unanswered

Uber, the massively popular car-hailing company, has acquired a reputation for being overly cavalier about data privacy. Last November, Uber vice president Emil Michael suggested investigating journalists critical of Uber to find dirt in their “personal lives.” A venture capitalist said his private location data was broadcast to a large audience at a Chicago Uber launch party. And a Buzzfeed reporter in November was tracked on her way to an interview with New York’s top Uber executive.

Uber has since refocused its attention on riders’ privacy, rewording its data policy and hiring an outside attorney to conduct an investigation.

“At Uber, protecting the personal information of riders is a core responsibility and company value,” said Uber CEO Travis Kalanick in a Friday statement. “Delivering on that value means that privacy is woven into every facet of our business, from the design of new products to how we interact with riders, drivers and the public at large.”

The results of that audit were released Friday. The investigation, led by Harriet Pearson, a Washington, D.C. attorney at Hogan Lovells with an impressive history of arbitrating privacy and security issues, agreed with Kalanick’s own assessment: Uber has a strong privacy policy. Her six-week investigation at Uber involved reviewing hundreds of documents and interviewing Uber’s leadership. It ultimately resulted in an exculpatory report that Pearson called “comprehensive.”

“In our view, Uber has dedicated significantly more resources to privacy at this point in its age as a company given its sector and size than other companies that we’ve observed,” said Pearson in an interview with TIME. Uber is about six years old, it’s valued at more than $41 billion.

The saga has raised important questions about how private companies access our personal information, from our credit card data to our precise location. A lot of Uber’s data can be really useful: The company uses it to settle internal disputes, fix bugs or help cities plan traffic patterns, as it has done in Boston, for example.

But in the age of the Snowden National Security Agency revelations, consumers are particularly sensitive about how their personal information is used. Uber has promised to follow the report’s recommendations, such as expanding employee training and making its policies more transparent. But the audit still left some questions unanswered, according to Bruce Schneier a fellow at Harvard University’s Berkman Center for Internet & Society.

“I saw nothing in their statements” to alleviate privacy concerns, says Schneier of Uber’s report. “Anytime you put this kind of surveillance power in peoples hand, they look up their enemies and friends… If the culture is not, ‘we don’t do this,’ than you do it.”

Here’s what we still want to know more about.

How many employees at Uber can see my personal data?

Uber says access is limited to employees who have a reason to need it, like those investigating fraud, answering user-driver inquiries or conducting trip analyses, said Katherine Tassi, Uber’s managing counsel for privacy, in an interview. But Tassi doesn’t have an exact figure.

“There’s no one particular number of employees that have access to user data,” she said.

How does Uber prevent its employees from looking at my data?

Uber gives employees access to customer data based on their responsibilities, while others are locked out through technical controls. “We noticed those kinds of controls at various levels” at Uber, said Pearson.

The report indicates Uber uses a combination of passwords, informal rules and employee monitoring to restrict access. In any case, according to Pearson, the company has a well-developed system for monitoring who is accessing your data and when.

So has Uber explained its recent privacy missteps?

Not fully. “We’re not going to comment on those specific instances that were in the press, but in general, we’re an organization of human beings and human beings make mistakes,” says Tassi. Pearson says her investigation only examined Uber’s privacy program and its structure, not particular incidents. So we don’t actually know how common it is for Uber employees to tap into your data, despite the company’s policy.

Do Uber employees ever get in trouble for doing fishy things with users’ data?

Uber won’t say. We know that Uber “disciplined” New York executive Josh Mohrer in November for tracking that Buzzfeed reporter’s ride, but we’re not sure how. Other than that, we don’t have any evidence Uber employees committed any other privacy violations.

Are Uber employees taught not to spy on me?

Uber talks informally with its employees about protecting customer data. Employees get “communications” from the senior team on handling riders’ data, Tassi said, and new Uber hires have to accept the company’s data access policy.

But when pressed, Uber didn’t say whether there’s a formal training program for employees, merely saying it was “in early stages of development.” That training “needs further formalization,” said Tassi.

TIME How-To

How to Hide Anything on Your iPhone

TIME.com stock photos Social Apps iPhone
Elizabeth Renstrom for TIME

You have a right to privacy. Here’s how to protect it.

The eyes may be the window to your soul, but your iPhone is the peephole into your daily life. Who you contact, which apps you use, which selfies you snap — it’s all right there. So if you care about your privacy, it’s worth taking some simple steps to protect it. Here are seven ways to keep digital snoops at bay.

Pair Touch ID With a Complex Password

If you’re already using your fingerprint to unlock your iPhone, you’re on the right track. (If not, tap Settings >Touch ID & Passcode and add it now.) Here’s another trick: add a complex password to enter each time you power up your phone. (Tap Settings > Touch ID & Passcode, disable Simple Passcode and follow prompts). For a stronger passcode that’s quick to enter, stick to all numbers and aim for up to 12 digits. That won’t stop a dedicated hacker, but it’s tougher for an unwanted onlooker to figure out than a standard 4-digit password.

Nix the Notifications on Your Lock Screen

Hide your notifications by going to Settings > Notifications and toggling off the Show on Lock Screen slider. Alternately, you can also fine tune this setting so that only certain apps can place notifications on your lock screen using the options right below this setting. You can even block notifications from individual message threads: go into the message, tap the word Details on the upper right hand corner of your screen and slide the Do Not Disturb Button to the left. Voila.

Hide Clandestine Contacts

There’s no built-in setting for hiding individual contacts, but there are some smart workarounds. The simplest way is never to save the person’s name so only their number appears in your recent calls list. To hide all your recent and favorite contacts in the App Switcher – which appears atop your screen when you press the home button twice – tap Settings > Mail, Contacts, Calendars > Contacts > Show in App Switcher and toggle off Phone Favorites and Recents.

Deep-Six Secret Texts

This one’s easy – just delete them. Swipe left on the Messages screen to delete entire exchanges at once. If you only want to nix certain parts of a thread, hold your finger on the offending text bubble, tap More when it pops up, select each bubble you want to delete using the check marks at left, then tap the trash icon at the bottom left of your screen.

Zap Photos and Videos

Here’s one case when you’re better off using a third-party app instead of the iPhone’s built-in option. While you can hide any photo from your camera roll by holding your finger on it, then selecting Hide, the Hidden Album is not password-protected. Instead, try a free app like KYMS or Private Photo Vault, which require a password to access. Just remember to permanently delete the originals from the default iPhone photo app afterwards.

Make Apps Disappear

Don’t want anyone who borrows your phone to know you’re on Tinder or have a Private Photo Vault? There are two ways around this. First, you can hide apps inside another folder like your “Extras” by holding down the app icon until it starts shaking, then dragging it into the desired folder. Second, you can hide app icons altogether by dragging them into the dock, then using Spotlight to access it. Get a detailed explanation for how to do both tricks here.

Hide Your Search History in Safari

If you just want to browse privately for a while, open Safari, tap the page icon in the lower right corner, then tap Private. To clear your entire browser history, go back to your phone’s home screen, tap Settings > Safari > Clear History and Website Data. Pro tip: download the DuckDuckGo search engine and use it instead. Unlike Safari, it never stores your search history.

TIME Security

Taylor Swift’s Instagram and Twitter Just Got Hacked

Taylor Swift arrives at the 16th Annual Warner Bros. And InStyle Post-Golden Globe Party at The Beverly Hilton Hotel on Jan. 11, 2015 in Beverly Hills, Calif.
Taylor Swift arrives at the 16th Annual Warner Bros. And InStyle Post-Golden Globe Party at The Beverly Hilton Hotel on Jan. 11, 2015 in Beverly Hills, Calif. Jon Kopaloff—FilmMagic/Getty Images

Hackers gonna hack hack hack hack hack

Taylor Swift’s Twitter and Instagram accounts were hacked Tuesday afternoon before quickly being recovered 15 minutes later.

The hacker wrote a tweet encouraging Swift’s 51 million fans to follow someone claiming to be the leader of the hacking group “Lizard Squad.”

Swift has the fourth most popular account on Twitter. After regaining access to her account, she tweeted the following:

 

 

“Never a dull moment,” the singer wrote on her Tumblr, adding the hashtag #hackersgonnahackhackhackhackhack.

TIME Security

Here’s How Obama Wants to Protect the U.S. Against Hackers

President Obama Delivers Remarks On Cyber Security
U.S. President Barack Obama delivers remarks at the National Cybersecurity and Communications Integration Center (NCCIC) on January 13, 2015 in Arlington, Virginia. Getty Images

Information sharing and better prosecution of hackers

President Obama unveiled a new proposal Tuesday aimed at protecting businesses and the government from hackers. The President’s plan would encourage public and private sector information sharing as well as expand law enforcement’s authority to prosecute digital criminals.

The proposal, announced at the National Cybersecurity and Communications Integration Center in Arlington, Virginia, comes in the wake of high-profile hacks against Sony, Home Depot, J.P. Morgan and other companies over the past year. A wide array of businesses and police groups have been calling on Congress to pass new cybersecurity legislation as a response to those incidents.

On the corporate side, Obama’s plan would require businesses to notify consumers if their personal information has been exposed to hackers, as in the case of the Target and J.P. Morgan hacks, for instance. Additionally, companies would be protected from liability for sharing digital threats with the Department of Homeland Security, which would then share those threats in databases accessed by the private sector.

For prosecutors, the White House’s package would let them better target the sale of identity theft software and computer networks used by hackers. It would also criminalize the overseas sale of U.S. financial information.

Both government representatives and private companies have long demanded many of the steps highlighted in Obama’s proposal. Just last week, Admiral Michael S. Rogers, director of the NSA and commander of U.S. Cyber Command, said Congress should pass legislation that improves coordination between U.S. intelligence and the private sector.

“We have got to create partnerships that bridge the divide between the private sector and the government,” Rogers said at a conference in New York City. “I don’t think it’s realistic for the private sector to deal with [cyber threats] all by themselves.”

A coalition of businesses, meanwhile, has already voiced support for the new plan.

“Collaboration between industry and government to share threat information is crucial in the fight against sophisticated and persistent cyber criminals,” said Nicholas Ahrens, vice president for cybersecurity and data privacy at the Retail Industry Leaders Association. A number of RILA members, including Walgreen, Target, Nike and JCPenney, began sharing data on cyber threats last May.

It’s unclear, however, if an Obama-backed cybersecurity bill will make it through the Republican-controlled Congress, which has in recent years failed to pass similar measures.

TIME Security

Apple Patches iCloud Hole That Let Hackers Break Into Anyone’s Account

Apple CEO Tim Cook Announces the Apple iPhone 4s
Eddie Cue, senior vice president of Internet Software and Services at Apple Inc., speaks about new features of the iCloud service during an event at the company's headquarters in Cupertino, California, U.S., on Tuesday, Oct. 4, 2011. Bloomberg—Bloomberg via Getty Images

iCloud vulnerability had allowed for brute force password guessing

Apple has patched an iCloud vulnerability that let hackers repeatedly attempt different passwords without the account locking down, making it possible to access any account with enough tries.

The hacking tool, called iDict, was released New Year’s Day by a user named Pr0x13, who tweeted the following day that iDict had been patched, Business Insider reports.

iDict worked by running through a long list of commonly used passwords, a type of hack Apple normally blocks by locking accounts after the wrong password is entered a certain number of times. Its creator claimed iDict could bypass even security questions and two-factor authentication:

iCloud has been under scrutiny after several celebrities’ accounts were breached last year. Apple said that hack was a targeted attack, and not the result of a vulnerability in its cloud storage service.

[Business Insider]

TIME Security

Why Google Just Published a Windows Bug Before Microsoft Fixed It

Windows 8.1
Employees assist customers at the opening of a Microsoft Corp. store in Bellevue, Washington, U.S., on Friday, Oct. 26, 2012. Bloomberg—Bloomberg via Getty Images

Google's 'Project Zero' gives software makers 90 days to fix problems

Google beat Microsoft to the punch this week when it published a Windows security vulnerability before Microsoft fixed it. The bug allows lower-level users on Windows 8.1 systems to make themselves system administrators, giving them access to server settings without prior approval.

Google publicized the bug as part of Project Zero, which tracks software flaws and reports them to vendors. Those vendors then get 90 days to fix problems before Project Zero publishes the bug along with code that can be used to exploit it.

Google first notified Microsoft of the bug on Sept. 30, 2014, Engadget reports. Microsoft says it’s still working on a security update, but it also sought to downplay concerns that hackers could use the bug to do serious damage in the meanwhile.

“It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine,” Microsoft said in a statement.

All this might sound like Google is picking on a rival company’s software. However, Google says the intent of Project Zero is to encourage software vendors to secure their products quickly — before hackers find the flaws first.

“By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner, and to exercise their power as a customer to request an expedited vendor response,” Google said.

[Engadget]

TIME Gadgets

Why You Should Never Throw Away Your Old Tech

Computer Trash
Man holding a computer monitor at a recycling center Lauri Rotko—Getty Images/Gorilla RM

And 4 things to do instead

If you just got a brand new TV, gaming console or smartphone for the holidays, you’re probably trying to figure out what to do with your old model. It can be pretty temping to just toss your aging iPhone 4S or Xbox 360 in the trash like regular garbage, but that’s the absolute last thing you should do.

Why?

First, your old electronics are chock full of toxic stuff that should never make it to a landfill, like arsenic, lead, and cadmium. If those materials make it into landfills, they can potentially leak into our ecosystem, damaging plant and animal life and potentially impacting our food supply.

The green argument aside, there’s another good reason not to toss your old tech: It keeps your personal information safe. If you throw away your old computer, there’s no telling who might be able to get their hands on your hardware—and, by extension, your data.

“No one wants their personal business in the wrong hands, whether it’s just embarrassing, whether it ruins future job opportunities, or whether it’s in criminals’ hands who are going to swipe that data and take money from bank accounts,” says John S. Shegerian, co-founder and CEO of Electronic Recyclers International (ERI), among the biggest e-waste recycling firms in the world. ERI offers data-deleting services as part of its recycling and refurbishing programs, particularly for its corporate clients.

“We [wipe data] for the highest-level people in big government, small government, large cities, and for people like us who are very worried now not only about where their stuff is going from an environmental perspective, but for their own personal data,” Shegerian says.

So, if you can’t just throw your old stuff away, what should you do with it?

Recycle it

Recycling companies like ERI can help you dispose of your old tech responsibly —ERI in particular partners with big-box retailers like Best Buy and Staples, both of which offer programs that make it easy to ditch your obsolete gear. You can also check with your local city or town government to see if it offers any recycling options. Some manufactures, like Apple, will also recycle your old stuff for you—in some cases, you’ll even get a gift card in return.

Just to be on the safe side, make sure to erase your data before recycling anything.

Put it to new use

You might think that old iPhone 5 is utterly obsolete now that you’ve got a shiny new iPhone 6 Plus, but it’s still a plenty capable device, even if it’s not on a wireless plan. Need some inspiration? Check out TIME’s list of things you can do with an old iPhone, including using it as a smart home control panel or a baby monitor.

Sell it

One man’s trash is another man’s treasure, after all. Xbox 360 consoles bundled with some games and controllers are still going for around $100 on eBay as of this writing—that’s good for an Xbox One game and six months of Xbox Live. Again, make sure to wipe your devices clean before exchanging them for cool, hard cash. EBay aside, you can try selling your stuff on Craigslist or through websites that buy used electronics directly, like Gazelle.

Donate it

‘Tis the season, after all. If you can’t be bothered to recycle, reuse or sell your old stuff, at least consider donating it to a charity in need, if it’s in good working order. Get-Well Gamers, for example, collects video game consoles and brings them to children’s hospitals. Your old PlayStation 3 can either collect dust on the shelf this year, or it can put a big smile on a less fortunate kid’s face.

TIME Gadgets

10 Tech Resolutions to Consider in the New Year

Are you anti-social, getting poor sleep, and have a terrible attention span? It’s time to clean up your act

Going back to the lever and the wheel, technology has always been meant to make our day-to-day tasks easier. And while it’s obvious that smartphones, computers, and social networks have greatly enhanced our lives, you can’t ignore the physical effects and and anti-social behavior that have accompanied these modern trappings.

Of course, you can change your tech tune at any time, but the New Year is an excellent opportunity to reset your ways. So should bad tech habits be forgot, and never brought to mind? Here’s some tech resolutions to consider…and auld lang syne.

No Smartphones While Eating

If you have a teenager, this one’s a no-brainer, but even if you’re childless, it’s a good rule to live by. Firstly, no one wants to see photos of every meal you eat on Instagram. But more importantly, in a time where we all feel stretched thin and barely have a moment to ourselves, setting the phone down at mealtimes assures that you have at least a few minutes to collect your thoughts.

If it feels forced, try taking baby steps — instead of mindlessly devouring Twitter with your lunch, read a book (but not an e-book).

Turn Off Push Notifications

At this stage of Android’s and iOS’s development, it’s hard to imagine mobile operating systems without the ability to throw alerts at us every three minutes, but that was the norm back in the day. Heck, the original iPhone didn’t even have third-party apps.

Retake control of your apps and your attention span by turning off all your push notifications — every badge, alert, and banner. Then, once you realize if you’ve actually been missing particular apps’ updates, turn them back on one at a time.

Turn on Find My iPhone

This resolution is easy — all it takes is a swipe, some taps, and inserting your password. And even better, there’s no reason for you not to have this smartphone-saving tool operating in the background. Okay, well there are suspicions that Apple’s iCloud service was at the center of the massive celebrity photo hack this past year, but 1.) those were highly targeted attacks, 2.) you are (probably) not a celebrity, and 3.) Apple has since beefed up its login security, making it even safer to use iCloud. So when you do indeed lose your iPhone, whether it’s under a couch cushion or at a crowded bar, you’ll be able to track it down.

Go Paperless

There are as many reasons to go paperless as there are trees in the forest, but here’s one that may hit home with you: Collecting various scraps is just plain overwhelming. This step-by-step walks through exactly what you need to de-ink your life.

But if you want to tackle going paperless with your smartphone, Scanbot is an excellent Android and iOS app that turns paper into PDFs, ready to store in the cloud or on your device. If you’re worried about receipts for your taxes, check out Wave Receipts, a free iPhone-only solution that scans and categorizes your sales slips.

Don’t Drive Distracted

In 2015, 44 states will ticket you for sending texts while driving and 14 will bust you for just holding your phone in your hand. Even if you’re not in one of those states, you’re still playing it fast and loose with safety. In 2012 (the last year they were tabulated), 421,000 people were injured in distracted driving accidents, and you may not care if you’re one of them, but you have an obligation towards everyone you share the road with.

Put the phone down, and keep your eyes up. And if you need to be connected, pick up a Bluetooth headset. The Jawbone Era works great, won’t make you look like a cyborg, and will only set you back $99 — which is about $300 less than a ticket.

Take Your TV Out of the Bedroom

Did you catch last night’s episode of Homeland? I know, right? Mind. Blowing. But watching it at 10 p.m. on Sunday night might be the worst thing you can do — not just for your 8 a.m. conference call, but for your health. According to the American Academy of Sleep Medicine, late night shows contribute to chronic sleep debt. Getting fewer than seven hours of sleep is associated with increased obesity, morbidity and mortality, and for as many as 40% of Americans, this is their reality.

And don’t even think of putting a TV in the kid’s room. Research has shown that placing a television in there will cause your children to gain weight even beyond screen time. Disrupted sleep patterns are the culprit here, too — so keep it in the family room.

Use A Password Manager

Sure, using one password for everything makes your login info much easier to remember, but it also makes it amazingly simple to hack all of your accounts. Easier still — not remembering any passwords. Password managing apps like 1Password and LastPass make this possible by helping you to replace your standard “Kittens123!” password with strong strings of random characters, numbers, and symbols. Then, when you need to log in to a service, just pull up their mobile or computer-based apps (or easier still, use their browser plugins) to insert the login information.

It’s all protected behind one passcode to log into the app, but if you really want to go password-free, set up your mobile apps with Touch ID on your iPhone or iPad, and you’re freed up to forget everything.

Back Up Three Different Ways

Of course you backup your computer regularly, but do you do it right? Three-way backups are the best way to ensure your data doesn’t get lost. The first, and easiest, way to backup your files is locally onto an external drive. On Windows 8, daily backups can be done easily by enabling File History, and on Macs it’s a feature called Time Machine.

But cloud backups are all the rage lately, and rightfully so, because if there’s a fire and your external drive gets torched, you’d be out of luck. So put your critical files online (and encrypting them is probably smart, too).

But the third way to backup is called off-site backups. Because if there’s something worse than a fire — like an earthquake — and your external drive is toast and everyone’s Internet connection is down, you’ll still need your files. So, once a month, make a copy of your external drive, and bring it over to your mother’s house to store it safely. Yes, this resolution requires more frequent visits to your mother — but consider that a bonus resolution.

Mind Your Ps and Qs (posts and quotes)

In 1864, the Great Emancipator Abraham Lincoln famously said, “The problem with Internet quotes is that you cant always depend on their accuracy.” Okay, you got me — he didn’t say that. But chances are you’ve posted equally bogus information on Facebook, like that Facebook Copyright post (not real), and some of the Ebola “news” stories that were floating around.

This year, resolve to stop spreading misinformation online — with more than half of Facebook and Twitter users getting news from the sites, it’s just an irresponsible thing to do. Lifehacker has an excellent step-by-step on how to determine if what you’re sharing is true. So, research before you repost.

Make Your Posts Pertinent

While we’re on the subject of social media, there’s a time and place for everything — except on Facebook, where it’s everything all at once. Younger, more tech-savvy users are already hip to using Friends Lists to block groups of people from posts en masse, and you should do it, too. (That’s why you think little Kevin is working so hard at college, Aunt Carol. His friends actually know him as the keg-stand champ of Sigma Nu.)

First, going through your Facebook friends and categorize people into various groups, like co-workers, high-school friends, baseball fans, whatever. You can then make pertinent posts only to the people who would be most interested in reading them. For instance, if there’s a fundraiser at your local church, post that to friends in your town, not to everyone on your list. And there’s another good reason for doing this — your second cousin who lives three states away has probably already blocked you because of all those fundraiser reminders you posted last year.

TIME Security

6 Ways to Create a Super-Secure Password

Password
Internet Login Field Gregor Schuster—Getty Images

Follow these steps to better protect your accounts

Stealing passwords is one of the oldest moves in hackers’ book. Ever since Internet accounts have existed, people have been trying to break into them. Password scavengers have been remarkably successful, too: in August, we learned that Russian hackers stole 1.2 billion username and password combinations, and in April, a vulnerability called Heartbleed was found to expose users’ data on websites from Gmail to Instagram.

Why are passwords so easy to hack? Some password-related hacks are beyond our control, but part of our vulnerability is our own fault. We tend to write passwords that are way too easy to guess. And we reuse passwords on multiple websites, so if a hacker has one of our passwords, they’ve got access to other accounts, too.

To be clear, there’s really no such thing as an unbreakable password. Hackers who are persistent enough and are using sufficiently powerful hardware will always be able to figure out your credentials. But if you fellow a few of these tips to creating a strong password, you’ll be much harder to hack — and therefore much safer.

Use lots of quirky character types. One way hackers crack passwords is by using sophisticated password-cracking software to test combinations of numbers, letters and symbols for your credentials. It can require a lot of computing power to do, but for shorter passwords, it’s a pretty reliable hacking method.

The more types of weird symbols—like !@$%—that your password has, the greater number of tries a computer has to take to guess your credentials. And some sites have features that block multiple password attempts, meaning the more complex your password is, the more likely a hacker will get locked out before their software guesses the right code.

Don’t use dictionary words. Passwords with common words or phrases ones are the first to fall to increasingly adept password-cracking software. Passwords like “Iloveyou” and “password” are not a dependable line of defense.

Use different passwords on different accounts. If you use the same password twice, it’s an invitation for hackers to double-dip into your data. Mix things up to stay safe.

Use two-factor authentication. Even hackers that have stolen your passwords aren’t going to easily access your accounts if you follow this tip. Two-factor authentication requires you to know something (your password), and to have something (a phone with a code, for instance).

Gmail’s two-factor authentication is a good example of how this works: after entering your password, Gmail sends a code to your phone, which you then enter for access to your email. Unless hackers have both your password and have stolen your phone, this is a major roadblock.

Use a password manager. A password manager creates a random, different password for every site you visit, and then saves them for you. Dashlane and LastPass are good examples of password managers.

Create a passphrase. Think of a sentence, then codify it. As an example, “I love skateboarding and reading” becomes “I<3sk8b0rd1ng&r3ad1ng”. That way, your password is complex but still easy for you to remember.

TIME Security

Your Mac Just Updated Without You Having To Do Anything

Apple MacBook Air
The 11-inch MacBook Air is displayed at the new Apple Store during a media preview on October 21, 2010 in Chicago, Illinois. Brian Kersey—Getty Images

To fix a security flaw

Apple rolled out its first-ever automated update for Mac computers Monday to help defend against a critical security vulnerability.

The now-fixed flaw could have enabled hackers to gain remote control of machines running Apple’s OS X operating system, Reuters reports. The bug existed in a component called the network time protocol, or NTP, which is used for synchronizing computers’ clocks.

Apple has previously released security patches through its regular software update system, which usually requires users to “okay” a fix. This update, however, happened automatically in the background without users’ prior approval. That process, which was first enabled two years ago, makes it easier to ensure users get critical updates. It may, however, annoy users who prefer to approve updates before they’re installed — but it’s possible to turn the feature off.

“The update is seamless,” Apple spokesman Bill Evans told Reuters. “It doesn’t even require a restart.”

Apple doesn’t know of any cases in which Mac users were targeted by hackers looking to exploit the bug.

[Reuters]

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser