Thank you to all who submitted your privacy questions for Data Privacy Week. Unfortunately, I am unable to address each question directly, but I will address a large portion of the topics submitted, as many of the questions were related. Whether you submitted a question or not, I hope each and everyone of you who stops in at The Cyber Corner is able to take something away and make you and your data a little bit safer. Now, let’s get to it.

Is it safe to store passwords on your cell phone or web browser?

The short answer is no, it is not safe. Cell phones are rarely more than an arm’s length away from us at any point in the day, and their convenience has made them a necessity for all of us. From email, to social media, to shopping, and online banking, we rely on our phones for many of our daily activities, and this has made them a gold mine of data. Security features such as face ID and passcodes has made access to our phones more secure, but they still can be hacked. Storing passwords on your phone makes it somewhat of a one stop shop for hackers. If your phone is lost, stolen, or hacked, the possibility is there for whomever now possesses your phone to have access to all of the passwords you have stored in it. 

Storing passwords on your browser carries similar risks, but generally with less security. When you store passwords in your browser, anyone who has access to that particular device, will now have access to whatever accounts you have passwords saved. Hackers are the main concern should they gain access, however, even family, friends, and colleagues can pose a risk. While you may trust who initially asked to use your device, you may not know who else may be with them, or what they may click on while they are using it, that may expose you to something malicious. It is a best practice to not store passwords on your devices, because should that device become compromised in some way, all of your passwords are now compromised as well. 

Can your cloud storage be hacked? What measures can you take to protect your data?

 Yes, your cloud service can be hacked. There is no cloud service or anything for that matter that is immune to being hacked. Cloud service providers generally take their security very seriously, and take many steps to protect the data that is stored there, but even the most secure services still present a risk. The best way to protect your data is a strong password (combination of upper case, lower case, numbers and symbols) and turning on any additional security features offered by the provider. Many providers are now offering multi-factor authentication (MFA) and other security features to help keep your account safe from unauthorized access. Every additional feature is another layer of security.

Are password managers a safe and useful tool?

One of the biggest inconveniences of the convenience of technology is creating passwords. I have yet to meet a person that enjoys maintaining a laundry list of passwords, which is why many of us use the same password across multiple accounts… which is a very bad practice. Password managers work by generating complex passwords for each of your accounts and storing them in one place to be accessed by some combination of one master password biometrics such as face ID or fingerprints. The passwords are kept in an encrypted file, greatly increasing the security. 

Most web browsers offer a form of password manager, but those generally limited and not as secure as stand-alone password managers. 

There are many different password managers out there with a range of features as free and paid subscriptions. Depending on your use case, and preferences such as adding family members, if you prefer locally installed, web-based, or a token-based manager, I would encourage you to do some research to find the best tool for you. New York Tech does not support any password management solutions at this time, but you can use these two links as a reference for some of the tools available to you: The Best Password Managers to Secure Your Digital Life and The Best Password Managers for 2024. 

Is it necessary to check the privacy settings of your accounts?

It is good practice to get in the habit of checking the privacy and security settings on all of your accounts at least every 6-12 months. As technology improves, many providers will add features and options to protect your privacy and security. Reviewing these settings will allow you to take control over how your data is used. 

If an app is in the Google Play Store or Apple App Store, can I assume the app is “safe” and there are no privacy concerns?

You should always be cautious when downloading apps to your phone. While it is true that most of the apps in these stores are from reputable developers and considered safe, you should always do some research on the app, especially the lesser known apps before you download them. There are many apps that originate from foreign countries or questionable developers, that can put your data and privacy at risk. Its always best to do some research on the app itself before you download it, and you should always check the privacy and security settings of every app, once it is downloaded. 

Are there any privacy laws that will help protect our privacy?

Yes, there are. The California Consumer Privacy Act (CCPA) went into law in 2018, and is one of the most comprehensive laws to date. Many countries, and states have followed suit and passed their own (or are in the process of passing) regulations regarding privacy. According to the National Conference of State Legislatures, at least 40 states introduced privacy bills during 2023. There are also ten new laws that are already set to take effect between March 2024 and January 2026. This will bring the number of comprehensive state privacy laws to thirteen and the number of new healthcare data privacy laws to three. There are a lot of regulations and laws in process, and I believe in the next few years you will see a lot of advancement in the area of laws and regulations regarding data privacy.