Question for the PC experts

[Sam Vimes]

Every time I am on microsoft going onto Amazon account and putting in the email address and password they send me a code to my mobile to confirm because I haven"t got a Passakey yet .

Even if you set up a Passkey you'll still get an SMS with a code to enter.

Passkeys seem like a good idea but still have problems of security. For instance when I log on to my Google account on my PC and for which I have a Passkey, it logs me in as soon as I enter my email address. So anybody using my PC will get logged in. (If it's already unlocked). True I get a message saying was this you that logged in, but that's too late to lock any one out.

 

[Guzzilazz]

So this morning I started working my way through the contacts I could remember, some I was able to e mail my new e mail to them and they could update.
Some I had to phone and explain, and spoke to human being and sorted them out that way.
So far I can't get the mobile phone updated becaus ethe virtual assistant doesn't recognise my request to update e mail
The card processor provider at work is responding the same
It seems that the higher the tech the company,the more difficult they make life.
I now realise some companies do not show e mail addresses on their invoices, and others show them proninently.
Some have easy to negotiate on line sites
Some point you to logging in to an app
Others just seem to make life as complicated as they can and then text a message saying they are sorry you have been disconnected and please try later,
A lesson learned

...the things you are describing are services that would NEED to be more secure. I would criticise the companies you describe as "easy" as they are probably not looking after your data security as well as the others are. Three strikes and you get timed out is great, otherwise a hacker could just be working his way through to get to your data

 

[Beachball]

Even if you set up a Passkey you'll still get an SMS with a code to enter.

Passkeys seem like a good idea but still have problems of security. For instance when I log on to my Google account on my PC and for which I have a Passkey, it logs me in as soon as I enter my email address. So anybody using my PC will get logged in. (If it's already unlocked). True I get a message saying was this you that logged in, but that's too late to lock any one out.

That probably the reason i am not to keen on the Passkeys if the security is no better thanks for your input in this matter .

 

[Sam Vimes]

...the things you are describing are services that would NEED to be more secure. I would criticise the companies you describe as "easy" as they are probably not looking after your data security as well as the others are. Three strikes and you get timed out is great, otherwise a hacker could just be working his way through to get to your data

Three strikes if you've entered the wrong information is maybe acceptable but when you've enter it correctly and the other end says NO...that's frustrating, especially as you can't get any decent help these day's.

That probably the reason i am not to keen on the Passkeys if the security is no better thanks for your input in this matter .

Passkeys will be an improvement on security compared to passwords but they are handled differently by different organisations and not fully deployed yet everywhere.

Very useful when you use them with Biometrics e.g Fingerprint readers, but not so good when you just have to click on a link on a web page on your PC.

 

[JTQ]

Is using Outlook on a Win 10 machine part of the issue, knowing Outlook changed to New Outlook, and possibly issues running that on Windows 10, rather than Windows 11?

Might be worth a try using a friends more modern Windows 11 machine and accessing you hotmail there via Edge, to copy off and backup what is valuable to you.

 

[RogerL]

Is using Outlook on a Win 10 machine part of the issue, knowing Outlook changed to New Outlook, and possibly issues running that on Windows 10, rather than Windows 11?

Might be worth a try using a friends more modern Windows 11 machine and accessing you hotmail there via Edge, to copy off and backup what is valuable to you.

Maybe - but I'm running the original Outlook under Windows 10 without these sort of issues.

 

[JTQ]

Maybe - but I'm running the original Outlook under Windows 10 without these sort of issues.

Probably not an issue then.

 

[Guzzilazz]

Windows 10 goes out of ALL security updates in October this year. So, as hackers discover more ways to hack, then a Win 10 PC becomes increasingly vulnerable. Many of the reasons that older PC's don't support Trusted Platform Module (TPM) which means that hardware encryption of the hard disk can't be applied, so when the disk is disposed of the data is still accessible. Of note is that all Apple (Macs and iOS) have a similar hardware based solution, as does Android, but Chromebooks vary...

The important thing is that these solutions ensure that software runs in a secured memory space and can't interfere outside that bubble.

Just think about the things you do on your device and whether you are prepared to risk those activities being less well protected.

Re Outlook, you can download from the Windows Store Outlook (Classic) which takes away the God awful New interface, and also allows you to access multiple mail accounts in the one Outlook...

 

[otherclive]

Windows 10 goes out of ALL security updates in October this year. So, as hackers discover more ways to hack, then a Win 10 PC becomes increasingly vulnerable. Many of the reasons that older PC's don't support Trusted Platform Module (TPM) which means that hardware encryption of the hard disk can't be applied, so when the disk is disposed of the data is still accessible. Of note is that all Apple (Macs and iOS) have a similar hardware based solution, as does Android, but Chromebooks vary...

The important thing is that these solutions ensure that software runs in a secured memory space and can't interfere outside that bubble.

Just think about the things you do on your device and whether you are prepared to risk those activities being less well protected.

Re Outlook, you can download from the Windows Store Outlook (Classic) which takes away the God awful New interface, and also allows you to access multiple mail accounts in the one Outlook...

I have found your comments on this thread very interesting. But in this last post I’m not clear on what you are saying about Apple devices. I have a Mac Mini with OS Sequoia 15, and an IPhone and IPad on IOS 18. If I were to change the MAC Mini I would run its disk erasure option at its highest level. On the phones or IPAD I’d revert them to manufacturers settings. Should I be doing anything else?


PS this is what Apple say wrt the MAC MINI. I have ticked all the necessary boxes so hopefully it is sufficient. There are some passwords that I do not keep on the machines, predominantly those that could cost me big bucks if they were hacked. I can remember those, (at present).

Security features for Mac mini​

Your Mac mini with Apple silicon provides security features to protect what’s on your computer and prevent unauthorized software apps from loading during startup:

• Secure startup: Support for secure startup is turned on automatically. It’s designed to verify that the operating system software loaded on your computer at startup is authorized by Apple.
  If your Mac mini doesn’t start because it detects an untrusted component, it starts up from a secure recovery partition and automatically corrects issues if possible. To learn how to set security options, see Change security settings on the startup disk of a Mac with Apple silicon.
• Secure storage: Your Mac mini storage drive is encrypted with hardware keys to provide advanced levels of security. In the event of a catastrophic failure, data recovery may not be possible, so you need to back up your files to an external source. See Use macOS Recovery on a Mac with Apple silicon.
  You can set up Time Machine or another backup plan to regularly back up your files. See Back up your files with Time Machine, and the Apple Support article Back up your Mac with Time Machine.
• System integrity: The Apple silicon in your Mac mini is designed to verify that the version of macOS software loaded during startup is authorized by Apple, and continues behind the scenes to protect the authorizations established for macOS. This makes it harder for malware or malicious websites to exploit your Mac.
• Data Protection: In addition to the default storage drive encryption in Mac mini, third-party app developers can use file-level encryption to better protect sensitive data, without impacting system performance.

Note: In rare circumstances, such as a power failure during a macOS upgrade, your Mac mini may become unresponsive and the firmware on the chip may need to be revived. See the Apple Support article How to revive or restore Mac firmware.
Learn more. See the Apple Platform Security Guide.

 

[Sam Vimes]

There are other ways of securely encrypting data other than using Bitlocker. As for disposing of old disk drives I use an axe....not joking.

My main workstation is Win 10 and doesn't have a TPM module. Never had any problems with it.

My newish Laptop is Win 11 and one day decided it couldn't boot due to a problem with Bitlocker or something. I spent ages going round in circles following the advice on how to recover from that and nothing worked. Since it had nothing of importance on it I reloaded Win 11 and turned Bitlocker off. No problems since.

Given that Win 11 installations have only just overtaken Win 10 and October is approaching I don't see any corporations with Win 10 panicking to switch.

Usually the biggest security risk is whoever's sitting in front of the keyboard.

 

[otherclive]

I have found your comments on this thread very interesting. But in this last post I’m not clear on what you are saying about Apple devices. I have a Mac Mini with OS Sequoia 15, and an IPhone and IPad on IOS 18. If I were to change the MAC Mini I would run its disk erasure option at its highest level. On the phones or IPAD I’d revert them to manufacturers settings. Should I be doing anything else?


PS this is what Apple say wrt the MAC MINI. I have ticked all the necessary boxes so hopefully it is sufficient. There are some passwords that I do not keep on the machines, predominantly those that could cost me big bucks if they were hacked. I can remember those, (at present).

Security features for Mac mini​

Your Mac mini with Apple silicon provides security features to protect what’s on your computer and prevent unauthorized software apps from loading during startup:

• Secure startup: Support for secure startup is turned on automatically. It’s designed to verify that the operating system software loaded on your computer at startup is authorized by Apple.
  If your Mac mini doesn’t start because it detects an untrusted component, it starts up from a secure recovery partition and automatically corrects issues if possible. To learn how to set security options, see Change security settings on the startup disk of a Mac with Apple silicon.
• Secure storage: Your Mac mini storage drive is encrypted with hardware keys to provide advanced levels of security. In the event of a catastrophic failure, data recovery may not be possible, so you need to back up your files to an external source. See Use macOS Recovery on a Mac with Apple silicon.
  You can set up Time Machine or another backup plan to regularly back up your files. See Back up your files with Time Machine, and the Apple Support article Back up your Mac with Time Machine.
• System integrity: The Apple silicon in your Mac mini is designed to verify that the version of macOS software loaded during startup is authorized by Apple, and continues behind the scenes to protect the authorizations established for macOS. This makes it harder for malware or malicious websites to exploit your Mac.
• Data Protection: In addition to the default storage drive encryption in Mac mini, third-party app developers can use file-level encryption to better protect sensitive data, without impacting system performance.

Note: In rare circumstances, such as a power failure during a macOS upgrade, your Mac mini may become unresponsive and the firmware on the chip may need to be revived. See the Apple Support article How to revive or restore Mac firmware.
Learn more. See the Apple Platform Security Guide.

My daughter asked my to get rid of her old laptop, so I ran a deleting programme at military level deletion. Took ages, then I removed the drives and did similar to you with a hammer and chisel.

 

[Dustydog]

My daughter asked my to get rid of her old laptop, so I ran a deleting programme at military level deletion. Took ages, then I removed the drives and did similar to you with a hammer and chisel.

Oh dear. When I retired I didn’t delete anything on the old computer.
Just removed the hard drives and smashed the whole thing to pieces.
Should I have deleted?

 

[Sam Vimes]

No, I doubt anyone is going to take the trouble to piece together a single consumer drive that's smashed to pieces

 

[Dustydog]

No, I doubt anyone is going to take the trouble to piece together a single consumer drive that's smashed to pieces

Don’t forget the Stasi had a team of people glueing shredded paper back together😜

 

[otherclive]

Don’t forget the Stasi had a team of people glueing shredded paper back together😜

Yes but in East Germany loo paper was in short supply. 😂

 

[Guzzilazz]

Thanks for all the interest being shown in my posts on this subject
Rather than replying to individual comments, I'll try to encompass each comment on one.

Firstly, Otherclive. You are basically working in a secure environment and are fine. I can't speak with authority on mac OS, but you can tell what level the disk erase is at; if the erase takes a minute or so, the data could be recovered, if it takes an hour it's done a proper job.

WIndows people: As far as disk erasure is concerned, you need to understand how disk storage works. All file systems have a "file allocation table" (FAT) type record. If you imagine a pre-IT library, there was the index drawers, and us humans could find the name of the book, it's library "entry" (in the Dewey-Decimal system usually) and location. But you knew if you went to the area of the library where the book was, but it would also be the place where all books on the same subject are located.
The disk is similar... EXCEPT... that the data in a single file is randomly spread all over the disk. This is because the write process is slower than the read process, and saving your file would take a much longer time, so it's like having the pages of a book being spread through the whole shelving in the library. So the computer reads the FAT and then goes off and reads all the parts and delivers the data into the computer memory (RAM).
When you find (say) a duplicate file and delete it, all you do is delete the entry in the FAT... The data of that file is still on the disk but the sector where it is stored are marked as "available", i.e. they can be overwritten, but using the right tools if that hasn't been overwritten then the data is still there to be read. This explains why a proper disk clean takes a long time as each sector has to be deleted,

There's a lot to be written about securing (as in preventing a hardware failure stopping access to your data) and I'm happy to go into it in more detail, but that's too much to continue in this post. And I'll explain what made me learn that lesson. and why I spent quite a few quid on securing my data.


PS Several years ago a friend of my then wife disposed of her PC and then experienced security issues from Nigeria. The PC had been exported as electronic waste to Nigeria and refurbished. Ok she hadn't deleted the disk at all, but it's interesting that someone DID find that PC "interesting" enough to fiddle!

 

[otherclive]

Guzzilazz thank you for your detailed reply. When I deleted the hard drive on my daughter’s MAC laptop I chose for the most comprehensive deletion option (DoD 5220.22) and from memory it took most of a morning. So that combined with physical destruction of the disk should see her okay. Reading up on the topic I now find that my MAC MINI OS system that uses SSD and erasure is carried out by destroying the encryption keys.

 

[Guzzilazz]

As promised, I've written a short document covering protecting your data. Questions welcome. I hope you can see the link.

Data Protection

 

[otherclive]

As promised, I've written a short document covering protecting your data. Questions welcome. I hope you can see the link.

Data Protection

Thank you the link opens easily, and I will give it a read when the inevitable showers drive me back indoors from the green.

 

[Sam Vimes]

Some useful information there Larry, thankyou, although I'm not sure if the average consumer I've come across will be able/capable of implementing what you recommend.

Most people I know and read about on forums these days use laptops which generally preclude installing a physicaly separate drive. Separating the OS from Data is a good idea and one which I do as far as possible. A separate partition on one drive is part way there but doesn't help if the drive dies. Some applications I have won't even let me put data other than on C:

As for Raid arrays same problem if you can't install additional drives but is it really worth it and requires some technical knowledge which may be above that of the average user.

Backups are essential. The choice of Cloud backup may seem appealing but comes at a cost if you have lots of data. Plus you'd need to way up the cost and risk of paying a company like MS monthly....with potential price rises....and the possibility of getting locked out of your account like someone in this thread has had happen.

Personally I back up to external hard drives which I can leave with a friend or neighbour if away for an extended time.

Hardware is very reliable these days and probably less of a risk of failure than being scammed or one of your online accounts getting hacked.

 

[otherclive]

Some useful information there Larry, thankyou, although I'm not sure if the average consumer I've come across will be able/capable of implementing what you recommend.

Most people I know and read about on forums these days use laptops which generally preclude installing a physicaly separate drive. Separating the OS from Data is a good idea and one which I do as far as possible. A separate partition on one drive is part way there but doesn't help if the drive dies. Some applications I have won't even let me put data other than on C:

As for Raid arrays same problem if you can't install additional drives but is it really worth it and requires some technical knowledge which may be above that of the average user.

Backups are essential. The choice of Cloud backup may seem appealing but comes at a cost if you have lots of data. Plus you'd need to way up the cost and risk of paying a company like MS monthly....with potential price rises....and the possibility of getting locked out of your account like someone in this thread has had happen.

Personally I back up to external hard drives which I can leave with a friend or neighbour if away for an extended time.

Hardware is very reliable these days and probably less of a risk of failure than being scammed or one of your online accounts getting hacked.

I back up and store to the ICloud as it's a pretty low price to store my stuff. 50gb is 0.99pm and 200gb is £2.99 pm. Over some years Apple have been very reasonable in price increases for cloud storage. It also allows me access when away from home on mobile devices. But each day on the MAC Mini my Time Machine app backs up to a free standing SSD drive. That's for the MAC OS. For iOS devices they just get iCloud back ups daily.

 

[Sam Vimes]

Pays you money etc...😁

I have several Terabytes of data which at Apples prices would be about £15 per month per TByte. Whereas a 4TByte external hard drive is about £100 one time cost.

Plus I don't need access to all of it when away. Over the years I've accumulated many old drives which I put into external cases or caddies. These are useful for occasional use when travelling when I just need a few Gigabytes.

Also at the back of my mind is the time it would take to up and download that amount of data.

 

[Guzzilazz]

Pays you money etc...😁

I have several Terabytes of data which at Apples prices would be about £15 per month per TByte. Whereas a 4TByte external hard drive is about £100 one time cost.

Plus I don't need access to all of it when away. Over the years I've accumulated many old drives which I put into external cases or caddies. These are useful for occasional use when travelling when I just need a few Gigabytes.

Also at the back of my mind is the time it would take to up and download that amount of data.

Since the late 1990's my total data which I have on the NAS is 250GB, and 1TB on OneDrive costs me nothing as I choose to use Microsoft 365 Family. By choosing the time of year to extend my subscription I generally only pay c.£50 a year - buy it through Amazon on Black Friday-Cyber Monday. The NAS online back up costs about £70 a year for 1TB (just in case). That's all digital photos since 1998, and all my music including CD's ripped to digital as well as downloads.

I agree that a lot of the stuff I have talked about would not be the capability of most users, but it does give a sort of "hierarchy" of things to consider, what you feel are acceptable risks for your data and where you draw the line. Automation is a better step than anything else, because people are not good at performing routine tasks; an off premise copy of data that you can replicate is probably the best first step.