2023-06-11

Okay.. Setting up MFA

(2FA is just MFA where "multiple" == "two")

Have you got your FaceBook page up?

1. Click on your profile picture -- top right in English, North America. A menu will drop down.

2. You'll want to click on "Settings & Privacy" with an angle bracket to the right. Clicking it will produce another menu.

3. You'll want to click "Settings" and that will lead to a page titled "Your Facebook Information". If you haven't been here for awhile, you may get a pop-up window telling you that account security management has been moved to a Meta page.

4. On the left, of "Your Facebook information", under "Settings" there's a "Meta Account Center" (mis-spelled because of course this is an American page, not a Canadian one -- it's called "Centre" up here) an item called "Password and security". Click on that.

5. Annoyingly, the result will look like you're Starting All Over Again...<sigh>

6. And again, on the left, there'll be a "Password and security" item. Click it. (Didn't I click that already?)

7. And now, on the right there's a Two-factor authentication item. Click on that. With Meta, you may need to choose between a Facebook and an Instagram account. (Remember. Computers are stupid. They're the idiots here, not you)

8. If you don't already have it set up, Meta will probably ask you to do 2FA through SMS messages (text) on a cell phone first. Go ahead and follow the steps.

Choose a cellphone that you have exclusive use of, if you can. If you can't, I hope it's held by someone you can trust. Enter the cellphone and when you get the text message, enter the number in the browser.

9. Then go back into the 2FA selection and choose the app.

10. Fire up the app on your phone and choose "Scan a QR Code".

11. Back on the computer, when Meta gives you a QR code, scan it with your phone and a 6-digit number will start being generated on your phone (whenever you need it).

12. Enter the "current number" (you'll have a minute after the next time it changes) in the field on the web site.

13. Then, make sure Meta wants to use the app, not SMS to your phone going forward.

There. You're done. There were more steps there than I thought there would be (or in all honesty, more than I think there should have been) but it wasn't that hard, right?

Can you do the same thing in gmail? It'll start with the "Gear" icon and choosing "See all Settings" but I'll leave the rest for you to discover and feel accomplished for yourself.

And now it'll be just that little bit harder for someone to take over your account. You won't be able to prevent someone from choosing a name like yours on Twitter or Facebook, but your. own. account. is just that much safer than it was.

One last thing. Can you pay it forward? Maybe you know an elder or other person with practical challenges who could be helped with this?

But now this is out there and maybe when someone else does the google search, they'll find my explanation, and maybe it'll help in a more generic way than any one web site's explanation. 🧵4/4

(click older to get parts 1 to 3)
Posted by at No comments:
Labels: , ,

One more thing first...

Every online tool you use does MFA slightly differently -- that's the first bad news. It means I can't say "just do this", "just do that" and it'll explain for all times.

But it's not that bad. For one thing, the mechanisms are all pretty similar. Once you know one, you'll have a hint when you get to the other ones. That's good news.

Even better... as multiple services consolidate -- something I'm not really happy about but there are upsides -- there's a certain uniformity the services gain so that if you know how to do it in one service by, say, Meta, you'll know how to do it in another of their offerings. That's even better news.

And yet... online services are constantly looking for ways to "improve" their web pages, not realizing that change is a downgrade by default -- until we find the new places things have been stuck -- and that can be bad news.

All that is to preface my instructions and justify their sketchiness. What I'm describing is Summer 2023 on Facebook, on a desktop. There's a difference here between my preference and my wife's. She does everything on her phone. I do everything on a laptop/desktop. I view things on a phone but most of what I do is on a desktop.

You can do all these things on a phone, too, but maybe the first time you'll want to do this on a computer? If you have one, great.

If you don't, maybe your public library is a good option? Ask them before you try, "How sure you are that my credentials are safe if I enter them on those computers?" Librarians are cool and if you press a bit (respectfully, remember) and there is a problem, they'll crack and may suggest a better local option.

If they're firm that there's no problem, there's no problem, at least not in most western countries. Remember, these are the people who resist book bans. Let me say it again in my best Henry Winkler voice: Librarians are Cool! 👍 (Leather jacket extra, motorbike? I prefer my pedals)

When it comes to doing MFA, you'll find it easier to do on a desktop regardless. We did one MFA for my wife on her phone and switching from one app to another was a bit tricky. It was possible but took a few tries. We did the next one on a laptop and it was a lot easier, switching from one device to another instead of switching from one app on the phone to another.

Have you got your FaceBook page up? Bring it up and click newer. 🧵3/4

(click older to get parts 1 and 2)
Posted by at No comments:
Labels: , ,

What is MFA?

Wait a sec. What on earth is MFA? That's short for Multi-Factor Authentication and the quick answer is the entrance to Edna Mode's design studio.

Did you see? Watch it again. How many factors did Edna verify against? Watch it again and watch for these points:
  1. 0'04": she entered a password
  2. 0'06": she offered a handprint
  3. 0'08": she offered a retinal scan
  4. 0'10": she offered a voice sample
  5. 0'14": she acknowledged Helen (Elastigirl) Parr's presence
That's. Too. Many. Factors. for you but it demonstrates the point, right? Especially when you remember that once she's in the door, into her studio, MFA never bothers her again.

For you, when you first log into your social media with MFA on your phone or your computer, you'll have to enter one more thing. Once you're there, you'll probably have to log out in order to be challenged by it again. The other time would be when you change your password. Do you change your password now and then? My employer makes me change certain passwords regularly. Personal accounts tend not to insist on it but, if you can come up with a way to NEVER forget your new password, you may want to change passwords periodically.

Oh, and yeah... you're not using the same password for all of your social media, are you? You are? Well, there's a reason to do some password changing right away after all then. It's obvious, right? If you use the same password everywhere, an attacker who cracks your password in one place gets an entré to all your accounts, right?

If you want the background, if enough people want a background, I'll try to add that later.

Otherwise, why not arm yourself now? Click newer to find out how. 🧵2/4

(click older to get part 1)
Posted by at No comments:
Labels: , ,

Help! My Account Has Been Hacked!

Many too many have stood where you stand.
Too many more will stand here too.
I hear your account's been hacked,
you've had to change your name
Build your contact lists again. (with apologies to Genesis - Many Too Many, 1978)

This hasn't happened to me --- yet. But I've been doing something I thought everyone knew about and I think it's helped prevent it. And yet, when my wife mentioned the lengths a friend of hers had to go to, in order to move heaven and earth to convince some social media site that, yes, yes! I really am that person! someone stole my account and I want it back! I turned to her and said, "Did she have MFA?"

She said, "I don't think so. How do I do that, anyway?" And I realized that I'd probably let her down on this one.

"Wait a sec," I said, "You have MFA don't you?" I'm geeky enough, we've been together long enough that she knows what MFA is, but she hadn't figured out how to do it for herself. Other things got in the way before now, but today, those were put aside for about 30 minutes and I made sure she had MFA on all her accounts and understood how to use it.

It's not hard and all of you, my neighbours, deserve to have the same protection for yourselves (and it's REALLY not that hard to do).

There's a community I'm a part of, attached to a weekly youtube rant with graphics, song parodies, guests, open source intelligence deep dives (you know who you are) -- you can't "just believe" everything they say (there are a couple of points on which I disagree with them or at least have my strong doubts) but they're a tribe I don't mind hanging with (@the_five8) though I'm pretty stodgy in a bunch of ways compared to them. Recently, several of them have changed their names several times, so it's made me wonder if either:
  1. this MFA thing isn't as effective as I thought (and I've been lucky) OR
  2. this MFA thing isn't as widespread as I thought
Adding MFA to ALL your account is, like, so 90s or 00s, you know? Oh. You don't? Oh yeah. I'm a geek, a nerd. Worn with pride but sometimes I miss the implications.

Some of the OSInt people on the Five 8 have really angered a few people. One of them (not one of the hacking victims) has had to leave home, never to return until the local powers that be are no longer mobsters who'll cause injury or death if a return is ever attempted. No. I'm not joking. The situation's broad strokes are a matter of public record in credible press reports and other places.

Anyways... another one said, when I poked at the MFA subject, that they had no younger relatives to appeal to for help setting up MFA, so I decided to write this -- a blog thread, if you will. Oh Arthur, that is just so 90s.... and you do threads on twitter! not on a blog... (I don't care. I'll do it this way anyway).

So, what is MFA? click newer to find out. 🧵1/4
Posted by at No comments:
Labels: , ,

2023-05-02

CMAKE and Windows Executables

Make no mistake about it. I LOVE cmake. CMake, git and post-2011 C++ reinvigorated my love for what I do and confirmed for me that whatever development I do, I want it to be in C++, extra marks for cross-platform, and can we be test-driven please? I'm doing all that on my own stuff, which has slowed to a crawl for a variety of reasons these days.

But this week, I bumped into a wrinkle. I needed to deploy an extension .DLL (it's called a .so in Linux, .dylib on macOS) with an installer, and it was working just fine... until I tried to test it on Windows 11, in which case my extension DLL just plain failed to load.

I speculated about what new thing on Windows 11 might be causing my problem. Was it some "property" -- no fiddling with icacls that I could do seemed to fix it. Overnight that night, I woke up thinking, "no, it's not that, it's something about the code underneath." What? I though? Like C++ and depending on the STL? So I implemented my way around that (which was fun), ran it as a test DLL and everything seemed to work. I put it the result into the build system and the DLL from there wouldn't load any more than my first attempt. Poring over the compile commands, between the Visual Studio-produced build properties and those generated from CMake exposed some odd differences but nothing that looked dispositive.

The link switches, though, that was another question entirely. The CMake-generated version was showing /SUBSYSTEM:CONSOLE in the link parameters; the Visual Studio created one was showing /SUBSYSTEM:WINDOWS. Google did NOT lead me to where I wanted to go easily. Instead, I found stale articles from 2008 (with no answer) and conflicting advice on StackOverflow. A co-worker pointed to an article that said to specify something in the add_executable command inside CMake. Only... I was writing a DLL (add_libraryand there wasn't the same option there. I did find one article that suggested a way to do it: the resulting DLL did indeed work on Windows 11, but it struck me as clunky, so I pushed a little harder on it and produced a one-line solution.

So, just to make sure I wasn't swallowing a horse unnecessarily (the STL free code that I wrote when I thought that was the problem?), I tried the same solution on my original code -- and it worked! So I had fallen prey to two sets of red herrings, not just one.

And so. I present here a formula, in one place, for forcing any EXE or DLL to be compiled for /SUBSYSTEM:WINDOWS, because sometimes  that's just what you gotta have.

For an executable, add "WIN32" to the add_executable command where you create your target, as:

add_executable(${target_} WIN32 .... )

For a Dynamic Link Library, add the line

set_target_properties( ${target_} PROPERTIES LINK_FLAGS "/SUBSYSTEM:WINDOWS")

You may also find this useful -- to prevent your DLL from reaching out and including other DLLs on systems where they aren't already installed:

set_property(TARGET ${target_} MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")

Simple solution and now, hopefully, it'll be easier for me (a) to remember it or if not (b) to find it when I need it again... okay google?
Posted by at No comments:
Subscribe to: Posts (Atom)