It seems like there’s a news story every other day about a data security breach, and when pretty much our entire lives are online, it’s important to keep up with the speed of technology. Patrick McFadyen is a digital security expert with a degree in computer science and years of experience in the tech industry. He’s here today to share his best cyber security tips on how to keep your family’s online world safe and private.
Cyber Security Tips to Stay Safe Online
In a world where kids use the Internet at an increasingly young age, cyber security isn’t just for businesses anymore. Our passwords hold the keys to our bank accounts, credit cards, personal and business emails, photos, and more.
This is not a topic our grandparents or parents had to navigate, but moms today are tasked with teaching their kids healthy (and safe) tech habits. There can be a learning curve for sure, so I’m grateful Patrick is here today to explain it step by step!
In This Episode You’ll Learn
- the 10 most commonly used passwords (you won’t believe how simple they are)
- why a password manager could be your best online bodyguard
- top tips for generating strong and secure passwords
- the words not to use where cyber security is concerned
- a surprising way to handle personal security questions
- ways to save headaches down the road by paying attention to cyber security
- the one account you don’t want hackers to find
- an important question to ask before opening any attachment or link
- what http:// actually means (and how https:// is different)
- why a biometric (fingerprint) password isn’t all it’s cracked up to be
- Patrick’s thoughts on the new iPhone face recognition
- why Internet security matters to our kids’ futures
- how to keep kids safe online and pass on healthy tech habits
Resources We Mention
Child: Welcome to my Mommy’s Podcast.
Katie: Hi, and welcome to the “Healthy Moms Podcast.” I’m Katie from wellnessmama.com, and today’s episode is not strictly about physical health but it may be one of the most important episodes you listen to because it’s about cyber safety and security, and especially how to keep yourself and your kids safe online. In the wake of the recent data breaches, it’s important to know what we’re facing when it comes to online security and how to stay safe. And today’s guest Patrick McFadyen has a background and degree in computer science. He’s worked in the tech and security industries for years, and it turns out that many of us are unknowingly doing things that make us vulnerable online. I’ve worked with Patrick personally to improve my own internet security and today he’s sharing his strategies and advice for keeping your family safe online. If you have follow-up questions related to this episode make sure to check the show notes at wellnessmama.fm. to find out how to contact Patrick with your questions.
So Patrick, welcome to the show.
Patrick: Thank you for having me. It’s a pleasure to be here.
Katie: I think this is gonna be awesome. It’s definitely a deviation from the normal for us but I think it’s really important for moms to know because moms kind of kinda are the key to the online world for a lot of their kids. And I know you and I have had conversations about how a lot of us are doing things without realizing that they may put us at risk online. And I know one of these is passwords, and you have a lot of data and a lot of research here. So let’s start with an easy one, what do we need to know when it comes to our passwords online?
Patrick: Well, there’s some very obvious knowledge about passwords, you know, longer is better. A phrase is better than a single word, but we can go a lot more in-depth and actually give some very good information, some quantifiable information that will help to give a little bit of background. It’s important to know that most companies shouldn’t actually be storing your password, what they should be storing is what’s called a password hash. And it’s just a very fancy, elaborate mathematical equation that takes the letters and numbers you type in and changes them into just a number, and it does the same thing every time. So the companies should never actually have your password. If you’ve ever received an email from a company, if you’ve requested your password be, you know, recovered and they send you your password, that is a major red flag. They should not have that information because if someone breaks into their systems they just get your password flat out.
So if you’ve ever gotten an email or have a company that sends you a password that you can read, you should definitely distance yourself from the company and work on letting them know for one, and find a better solution to whatever that company was providing you. As far as passwords go in general, to have a very secure one, you want longer than eight characters. Most passwords on the internet, people run statistics on the recovered password list that have been breached. Eight characters is the vast majority of them, so don’t use an eight-character password. To give you an idea, if you use a eight-character password that’s only lowercase letters, there’s a total of 217 billion possible combinations. And while that may sound like a lot, that number of guesses can be done in less than a second on modern hardware, so it is absolutely not a secure length or type of password.
What you’re looking for is a password that is strong in length and entropy. So the length is pretty obvious, longer is better, but entropy is just as important. Entropy is how diverse the characters are. So, for instance, the password 12345678 has almost no entropy, you know, every character is directly related to the one before it. You want ones that are very random. To give you an idea of using high entropy and using your full keyboard, that’s an important point, use lowercase, uppercase, numbers, and special characters. I know you’ve all gone through a password submission or creation online and they always have the weird requirements of you have to have at least one, you know, uppercase and one number. Just to give you an idea of the difference, if you’re talking about an eight-character length password, the difference between only using lowercase letters and using the full keyboard, like I said, 217 billion possible combinations for lower case. When you up to the full keyboard it becomes 6.7 thousand million, million possible combinations. So that should illustrate the vast difference between, you know, using only the lowercase set of letters and the full keyboard.
Now, if you look at the length, the difference between a 30-character password and an 8-character password only using lowercase is 217 billion to 2.93 million, million, million, million, million, million possible combinations. I know this is all a little difficult over voice and I apologize, but that should give you the ballpark. So it’s very important to use lots of entropy and a sufficient length.
Katie: That makes sense, so to go back to that one statistic, you said it takes under a second for current technology to get through 217 billion combinations, is that right, because they’re basically just using all the randomized potential combinations. So like, even if you think you’re being like super creative by spelling a word differently, it doesn’t matter.
Patrick: That’s correct, current password cracking systems are measured in terahashes per second, which is one trillion guesses per second if they have your password hash, and most of these go multiple terahashes. So, that’s what…you really want to have a very robust password.
Katie: And what about…so I mean, most of us are juggling like…I know I probably have 200 different online passwords that I have to deal with at any given time, and for a lot of years. I don’t do this now, thanks to your advice, but I would just use the same password for everything. I mean, if we’re talking about memorizing 200 passwords and trying to remember all these like highly complex 30-character passwords. Do you have any advice for that because I know that that’s where it gets confusing and that’s why I think a lot of people default to just a same simple password?
Patrick: Absolutely, and it’s completely understandable. I used to do that too, I would have the same password or, you know, the same password with a slight difference. The best solution to this is to use a password manager. The technology behind these currently has become very good and they are robust and user-friendly, which is very important. There’s a few options you have as far as managers go. If you want something online that is sync-able between devices, so if you need to log in on your phone and your computer or multiple phones, these are great a solution for those. I have the most popular four currently and those are LastPass, Dashlane, 1Passsword, and RoboForm 8.
These are all web applications that you can log in to and you are able to retrieve your password vault. And most of them have plugins that let you auto-fill the username and passwords forms on online form fields. There are some options for local systems, these are KeePass and RoboForm 8 also has a local option. This is a file you have on your computer or on a USB drive that you log in to and open with your master password and then that gives you access to your password vault on whatever device you have that connected to. This is my preferred solution just because I don’t like giving that information to a third party. But these companies are trustworthy and have handled any breaches that they’ve encountered very responsibly, and the technology is set up such that a simple breach will not result in the loss of your passwords.
Katie: That makes sense, and so these…because I’ve used a couple of these before. And so they basically like allow you to create basically a randomized password. Correct…like it could be that 30 characters or even longer?
Patrick: Yes, these utilities have either built-in, or KeePass actually has a password generator you can use online. Just Google, “KeePass password generator,” and it will give you options for your length and what character set you would like to include. This is by far the strongest way to store your passwords and create them. Humans are notoriously bad at being random. It’s incredibly difficult, we just aren’t good at it, computers actually are. So ideally use a password manager with a very strong master password for that. It’s only one password you will need to memorize or, you know, record, and that’s the best way to do it. If you don’t feel comfortable memorizing it, what you can do is write down part of it in your wallet and, you know, keep it there. Don’t keep the whole thing together, for instance, if you wanted to put…you could use a phone number of someone you know and put a list of phone numbers in your wallet, and one of them is, you know, part of your password that helps you get in. There are a lot of little tricks you can do that will help you remember strong passwords, which is what you want to do.
Katie: Got it. And so basically then you just remember the one single password and then you’ll have a different unique and long password for each online thing that you will log into. And of course, I wanna mention too like we’ll have links to them, ones you mentioned in the show notes because I know there’s a lot of companies that like impersonate password companies and you have to be careful. So the ones that I know that you said we can trust those will be in the show notes just to make sure you don’t accidentally Google your way into a dangerous one. But would you say in general like how much safer do you think it is to use a password manager versus just trying to think of your own password?
Patrick: It’s a vast difference, not only are the password cracking systems out there very fast and have a lot of processing power, they’re very intelligent as well. This has been actually a field of study in Computer Science for years. And so the password crackers will know to look at, okay, I will try the word ‘dog’ and now I’ll try ‘dog’ with a zero instead of an ‘O’ and all the permutations of that. They’ve become very sophisticated, robust and intelligent, so having a pseudo random password is by far your best option.
Katie: Okay. And just to highlight, are any of these actually like unhackable or are just they like highly reduce your odds?
Patrick: Nothing on the internet is unhackable, that’s a sufficiently motivated organization with sufficient resources will be able to break in to anything. That being said, LastPass I know for sure has had a breach in the past but they store the password hashes and vaults in separate places and they have steps that…and tricks with computing the hash that make it incredibly time-consuming to try to crack that password.
Katie: That makes sense, so what about…I’m sure there are people listening who for whatever reason don’t wanna use a password manager, are there any better ways to do this if you’re not gonna use a password manager but still try to have more secure passwords?
Patrick: Yeah, there are some tricks you can do, length is by far the most important, because when you’re trying to guess a password, when you’re trying to crack one you don’t get any feedback. It’s either a yes or a no. So you try a combination for that hash and you either know yes it matches or no it doesn’t. So definitely make the passwords as long as you can possibly remember and use special characters. Don’t use, for instance, an exclamation point at the end or a 1 in front. Anything that simplistic is going to weaken that password. Also here is a list of the 10 most common passwords from last year, if you are using any of these, please immediately just change them. They are: 123456, 123456789, Q-W-E-R-T-Y, 12345678, 1111111, 1234567890, 1234567, password all lower case, 123123, and 987654321. So any of these passwords or anything close to them should not be used. Look for something long. You can use words if you’d like, perhaps misspell them, that typically helps. Include special characters and make them as long and random as you can in a way that you can still record them. So for instance, if you’ve developed a random string, you can sometimes write that down in an inconspicuous place and then pad your password out with, you know, a misspelled word or two to give it the length requirement.
Katie: That makes sense, and what about names and birthday’s because I know that’s…at least I’ve done that in the past until I learned to stop doing it, but just to like pick a kids name or your name and a birthday or an anniversary, is that secure or can someone find that data?
Patrick: That is absolutely insecure, any publicly accessible information should never be used. And this leads in to security questions. I’m sure we’ve all seen those and, you know, just put in…okay, the old street I lived on, you put it in, you don’t think anything about it. If anyone remembers back to I think it was the ’08 election when Sarah Palin’s Yahoo account was hacked, that was done through security questions. Somebody Googled her name, looked at her Wikipedia entry and found all the information to her security questions, and reset her password, reset the email, and just got her information. You should really treat security questions as another password field, or at the very least fill them in with completely random answers that you can still remember, so you know, “Who was your first grade teacher?” “Toyota Camry,” you know, something that…at the very least do that. But try to treat it like another password and store those in your password vault. Most of them will give you a section under each site for additional notes and that’s a great place to put those.
Katie: That makes sense. So I know since you kinda coached me on this, all of my security questions are now randomly generated 35 to like 45 character things that, I mean, I would never remember but they’re stored in an online thing. What about having an offline backup, because that’s one thing I’ve always thought of, like what if something happens to the password manager I can’t get into anything. Is there any safe way to do that?
Patrick: So you can use one of the…like KeePass or RoboForm 8 for that backup and you can store that on a flash drive that you, you know, put in a safe in your house or somewhere, you know, hidden or relatively safe. Those will be encrypted so it’s not the end of the world if they get out but it’s a good idea to keep them safe. If you do that you will need to manually edit and update that key vault as you go…as any changes are made to your other one, but keeping an offline back up is not a bad idea.
Katie: That makes sense, and I know it seems like we are probably talking for like a really a long time on a really simple thing but most people don’t think about the fact like even places where I shop for kids’ clothing my credit card is stored there. So like passwords are a big deal when you look at the fact that like if you are saving your password in Amazon or anywhere for like one step checkout, then if someone hacks that they have access to a lot more data than just whatever they’ve gotten into. And especially with emails can like if someone hacks into that they can use it to get into almost anything else, right, if you use your email as a backup.
Patrick: Absolutely, the top of your priority list should absolutely be anything that holds health information, if it’s, you know, logging on to some sort of health record site that you use or anything related to health, your email, because if someone compromises your email account then they can start sending out password reset requests and start compromising any account that is linked to that email. And also any site that has like your financial information, or credit card data, please go back and look through it, update it, and give them robust passwords.
Katie: Yes, super-good advice. What about two factor authentication. I know that’s a term that’s come up a lot recently and is that something good to do, and if so explain what it is and how it works.
Patrick: So two-factor authentication is a way of supplementing the authentication process and it is absolutely something people should be using. It’s a great tool to use and it involves any time there’s a log in request with your credentials, the site will contact you through some other form of communication. And that will allow them to take another step to verifying that it is you. You’ve probably seen this, most email clients will, if you haven’t already, will notify you and pester you to do this, which you absolutely should. There are better ways to do it better than just the SMSs that most people are familiar with. There are authenticators out there like Authy and I think LastPass has an authenticator app as well that will choose another form of communication other than text message, which is unsecure. It’s not encrypted, it’s plain text, and you can get it very, very easily. That being said, if you’re using for instance KeePass for your password manager, I would use a different company for your authenticator. It just makes a little more sense to spread that out because that way if someone compromises your KeePass account they don’t compromise your two-factor authentication. So even if though they have a lot of your passwords you definitely…you still have a grace period to change them, to reset without them immediately being able to compromise your accounts.
Katie: Got it, that makes sense. So I feel like we have a pretty good grasp of passwords, and hopefully, I mean, if you’re listening and you aren’t doing those things like seriously pause the episode and go do that. It’s that important, I know, I have seen firsthand what happens when people have their emails hacked and it’s not pretty. So like I’m glad that you are highlighting how important that is, and I think another area that people often don’t realize how serious it is it’s just when it comes to email security and all the ways that there can be vulnerabilities there. So can we go into kind of email security and some things that are important to know about that?
Patrick: Yeah, absolutely. This is probably something you’ve heard a million times if you work at a company, your IT person has, you know, probably gotten upset about it, and that’s, you know, clicking attachments. And it’s the classic one, you should never open an attachment that you didn’t ask for and that’s the rule you should use across the internet. If you didn’t go looking for something, do not accept it. If you get a popup on a website that says, you know, “Hey, do you want to update.” No, no, you go and you update, or if it’s not from the browser itself or the program, you never want to open anything or accept anything that you did not ask for. This even applies to a lot of the scam phone calls people get, where they will get a phone call claiming the IRS is calling them about overdue unpaid taxes and there’s an arrest warrant. If you ever get a call, or a credit card company, simply hang up on them and then call whatever company or organization they were claiming to be. Never accept or give information to anything online or, you know, through phone that you didn’t specifically go looking for, that’s probably the best way you can stay safe.
Katie: Yeah, that’s good advice across the board. Let’s talk a little bit more about online scams because I know these, at least from what I’ve seen are becoming a lot more popular and widespread. I know we’ve even gotten a few calls that people were claiming to be, you know, the police because I was late for jury duty that I never got notice of, or whatever. They’ve gotten really creative with this, so what are some general rules to understand there? I know like for one thing the government is usually willing to send you mail correspondence first, but even if not you should never, never, never give out any information especially your Social Security number over the phone or online. But what are those things that we need to remember?
Patrick: So, online especially, there is a more common one that if you mistype Facebook or Google, you’ll get taken to a webpage that looks like, you know, the blue screen of death or some other error, and it’ll have a popup saying…claiming that Microsoft Windows has determined that your computer is infected, you need to call the number and talk to them about removing the viruses from your computer or something along those lines. These are all scams, Microsoft tech support will never contact you about viruses. They don’t have that information nor the resources to handle that on this scale. So if you ever see that popup, don’t call it, it’s gonna be a scam.
Katie: Yeah, that makes sense. I know a recent one that someone in our extended family had happened is, I think she received an email or something saying her Yahoo email had been hacked. But it was sent to her Yahoo email and there was like a number to call and she didn’t know this, so she called the number and they were like, “Yes, we can help you unhack it for $250.” And it was this whole thing, and we had to explain to her that it was a scam and it took a while actually to get through to her that like this is not actually real, like they’re trying to hack, you have not been hacked yet. But it is scary, people are getting really creative especially with the ones that spoof sites, I think that’s important. I also have seen some come through that it looks like it’s from for instance Facebook or Amazon, but if you actually look at the email address itself it’s not, it’s from like something that is very close but not actually it. So is that a good rule, it sounds like should we actually check the email addresses or just like not click on anything just always go to the site itself?
Patrick: So, not clicking on them is by far the safest way but that is something that you should be prepared for having clicked on things. There’s gonna be a day you haven’t had your coffee and you are looking at your email, you click it. Try to avoid that, if it all possible, but take a minute before you do anything and think about it. Think about would Microsoft be calling me about a virus on my computer? That seems a little far-fetched, you know, would the IRS be calling me? Probably not, look at what’s being requested and think about why this company would want me to do that. And if it seems like it could be a valid reason, then close that tab on your browser, or hang up, and then go look up what the correct number is and call the company. It’s a little more work and you have to deal with the automated phone systems but it’s completely worth the security to do that.
Katie: That makes sense. And I think another thing that I’d love to delve into is just online use in general and online browsing. Because I think most of us if we don’t really have a background on this, our default is just to go to Google or go to our browser and just search for whatever we need, or like I know that people don’t often think about what their internet…you know, what they’re doing when they are on the internet. They just browse or they click on links, they go to YouTube, or whatever it maybe. So are there any good rules of thumb, just for safe internet usage in general like browsers that are better or worse or things we can be doing just to protect our security while browsing the internet?
Patrick: So as far as browsers go Edge, Chrome, Firefox, Safari. Those are all…like the big ones, they’re safe. You know, make sure wherever you download them you go to the official site. This is kind of, you know, don’t go to shady links. It’s a very similar mindset of, you know, go find what you’re looking for through Google or a good search engine but if you’re on a site, don’t necessarily trust every link you find on the internet. You know, you can hover over the link and at the bottom of your browser it will give you a preview of where that link will take you. And what the link actually reads on your screen may not be where it takes you. You can edit the HTML so that it displays a different address than where it will lead to. So you know, hover over any links you see and see if they look legitimate. You can also use incognito or private mode while you’re browsing and that will prevent your computer from recording cookies for the session or for the tabs you’ve opened and the history, and will block a lot of the tracking that can happen. It will not make you invisible on the internet, that’s kind of a myth that the name implies and it’s something to be aware of.
Katie: Got it, what about…can you explain the difference between http and https on a website? Because I know we went through a lot of work to make sure Wellness Mama was https. But can you explain like basically what that is and why it matters?
Patrick: Absolutely, so http is the hypertext transport protocol and https is the secure version of that. What this means is whenever you make an http connection to a website so you visit a website that is http. Any information you transmit to that website or receive from that website will be unencrypted in what’s called plain text, so it’s just human readable to anyone on the network between you and that website. This is clearly not ideal if you’re sending user names and password information to websites, so if you ever find a login page, or whenever you go to a login page, look at the top left and most browsers will tell you in one or two kind of ways. Chrome for instance, will have a green lock symbol and it will say secure if you are using https. This means that it’s safe to put in sensitive information and you can feel pretty safe in sending that information out. That’s something to be aware of on the internet and something to get in the habit of checking, you know, if a website’s ever asking for information, be sure to check that. Because even websites that are very well-intentioned may have made a mistake somewhere and have forgotten to implement https. And that’s something to be aware of and most of the web is moving towards https, which is a great step and it means less work and worry for a majority of people and consumers out there, which is good, but occasionally you’ll run into this. So be aware of it and keep an eye out.
Katie: Got it. And another thing I’ve thought about is most of us will use our computers but really like we’re attached to our phone. It’s like our phones go with us everywhere we go. There is a whole fascinating field of psychology emerging about how literally like our phones are changing our brain and that’s obviously a topic for another day, but are there special things we need to consider or be aware of when we’re using smartphones for most of our online activity these days?
Patrick: Sure, these smartphones are often very overlooked as far as security goes because it’s just my phone, right? Like it’s my Facebook machine and my text messaging machine. The problem comes in that smartphones hold an enormous amount of data about you. They hold basically everyone you know, all your contacts, your Facebook friends if you have Facebook installed, you know, any social media has a whole bunch of data associated with it. So what you would ideally like to do is make sure that full disc encryption or whole device encryption is enabled on your phone. By default, on most current phones it should be, both android and iPhone have been updated in their more recent releases to have this enabled by default. This is a very important aspect to have because if someone steals your phone they won’t be able to get into it even if you have a passcode. If your phone is not fully encrypted you can get a lot of the data out of the phone without the passcode. And this is an important point because having someone’s phone to just sell to a pawn shop is one thing but stealing someone’s phone and going, I’m going to take all the information and, you know, you can ruin someone’s life just by taking their phone. So use full disc encryption, Google online. Google this because it’s important and there’re guides to checking and enabling. Use strong passcodes, passcodes on phones are not as secure as a password would be. So if you have that option go ahead and use it but use at least six digits on a passcode and please don’t use 11111, 123456, same rules apply. You know, you want decent length and decent entropy on any passphrase that you have.
Katie: What about, I know a lot of phones now are using like thumb prints or some are even using facial recognition, and I know like our lawyer has had his opinion on these, but I’m curious to hear yours and then I’ll also share kind of what he said.
Patrick: This is a very interesting aspect of technology that’s developing. Biometrics…they’re very peculiar because a password is technically something you know. A fingerprint is something you have, and this is a very weird distinction to make but it’s important. I mean, you leave your fingerprint literally everywhere you go and it’s easy or it’s doable to take someone’s fingerprint and actually unlock their phone with it. Getting a high quality picture of someone is relatively easy, there are ways to, you know, fool the biometric face scan that’s coming out. Apple’s new facial ID is…it’s robust and it works well from everything I’ve read on it, but it’s not immune. Also, a weird distinction is for law enforcement. If you are ever arrested or, you know, under investigation, a judge can issue a warrant for your fingerprint or your face because that is something you have. Whereas a judge cannot order a warrant for something you know. That’s under the Fifth Amendment of not testifying against yourself. I’m not saying anyone out there, you know, listening to the podcast is a criminal but that’s a fact and it’s interesting. If that seems weird to you or interesting, Google that because there is a lot of really cool articles on them.
Katie: Yeah and I know we can put some links in the show notes as well, that was pretty much what the legal team had advised as well was that because you don’t…basically anything protected, like you said, if it’s knowledge that you have, it’s protected by the Fifth Amendment. So if you are for instance going through TSA and they for some reason request to get on to your phone you can refuse if it’s information that you have but they could legally force you to use your fingerprint, or they could put the phone up to your face for facial recognition because that’s something that you have that’s…so I think that’s an important distinction, hopefully one that none of us ever have to face or know but something good to know nonetheless. So for phones that’s kinda the thing, we’ll put some links as well about full disc encryption because I think that’s something a lot of people miss. Another question I wanted to at least touch on because I hear the term tossed around a lot. I’m guessing everybody’s heard it but probably doesn’t really know what it is, is net neutrality, so can you kind of give us a primer on that?
Patrick: Sure, net neutrality basically means that internet service providers, you know, Comcast, Spectrum, Verizon, AT&T. Whoever, you know, your ISP is, can’t control what content goes through or how fast that content. So net neutrality says that ISPs, internet service providers, must treat all data equally. They can’t protect their own interests by shutting out competition. It’s just equality of the data that’s passing through the internet.
Katie: That makes sense and I think, yeah, that’s one of those things that’s easy to hear a sound bite on a, you know, a news channel or something and thinking that you understand either take a firm position one way or the other, but it’s a much more complex issue, we can have some links in the show notes as well on that. But I wanna also tie in a lot of this because if you look at it, this is all stuff that pretty much our generation has had to learn to navigate. Like our parents at our ages were not facing these same security concerns online, which means for our children especially these things are gonna become really imperative to know and to understand, and we’re just now learning I think a lot of the things we are gonna need to be able to teach our kids.
The recent data breaches of the credit agencies, I think brought a lot of people realization that even your child’s credit for instance, can be hacked even if they’ve never used it. And on that scope you can do things like freezing your children’s credit to keep them safe, but the same applies to children’s internet usage because a lot of us, the internet is such a part of our lives. It’s easy to just give your children kind of unfettered access to the internet, but taking into account everything we just talked about that definitely doesn’t seem like the best approach. So I wanted to like kinda dial this all down to from a family and a child’s perspective how can we take steps to keep our kids safe online? Obviously realizing like every aspect of parenting, you can never keep your child totally safe but you can do a lot of things to help mitigate a lot of the things they would encounter. So when it comes to children and the internet what are some good guidelines that we can start with?
Patrick: Well, first off, this information is from research I’ve done. This is not firsthand knowledge. I don’t have any children yet, so this is some steps I’ve gathered around. And Katie, you may even have some good suggestions here. From what I’ve looked up and read about, one of the most important things to do is to use devices with your children. So, you know, if your child has an iPad, sit down with them, you know, once every week, month, you know, a couple days, however much, you know, whenever you can get the time to do it. Sit down and just watch them use the device, see what they do, ask them questions, engage, and like use the same services they are using. If they are playing a little game, sit down, play with them, watch it for a while, make sure that it doesn’t have ads that pop up that can, you know, start micro-transactions and, you know, that’s a potential way for you to incur some harm from your child using their device.
Make sure they’re not Googling around for unnecessary things, or you know, that they’re staying and they know where to stay on the internet. That’s important. Let them watch you browse around. Do it together, make it a family event, and let them pick up on your habits. And you know, these implies that you should have good habits, which you should, so work on that and let them see. You will never be able to prevent your child from getting into trouble on the internet. The internet’s too big, there are too many devices. It’s literally everywhere these days, you need to be able to teach them what to do and set the example. You know, use a good password manager, use strong security practices. You know, don’t go to shady websites. If you have these habits they will pick it up and whenever they get old enough make sure you talk to them about passwords, hopefully you’re using a password manager for them when they’re very young for any accounts they may have. And any accounts that they want to get, make sure they’re restricted and not full admin privileges. And you know, keep them fairly as restricted as you can while they’re young, but as they age, back those restrictions off. Give them the tools to make mistakes but make sure that those mistakes are small so they can learn from the mistakes without severe consequences.
Katie: Yeah, that’s such a good point. I think, like I said, this is a whole new world that parents of our time today are gonna have to learn how to navigate. Because I even think when I was a kid, my mom took pictures in the scrapbooks but it wasn’t like she could share that to all of her friends that she knew in her online world. And I think that’s something that my husband and I have put a lot of thought into is how do we wanna introduce our kids to the online world and how do we wanna teach them responsibility in that. And for us that meant…and this is not a judgment of anyone who does it differently, but that means that we don’t put them online until they consent. And I know that’s kind of like touchy point for a lot of people but I look back and think some of the things that are in my scrapbook from when I was two years old I would not really want online. And we have to assume, I think it’s a good rule…or at least to assume that anything that goes on the internet may or may not be able to be taken off the internet. You have to assume that once it’s out there it could potentially be out there forever, and I know I’ve heard a lot of parents jokingly or not so jokingly say like, “Oh man, I’m glad social media didn’t exist when I was in college or I’d probably would have gotten into a lot of more trouble,” or those kind of comments.
But the same applies to our kids, and so that’s why our general rule has been we don’t even on our own personal Facebook pages or Instagram put pictures of our kids’ faces or use their names. Because in our eyes we want them to be able to consent to if or when they wanna use social media because probably we know like future employees or colleagues or anyone that they encounter could potentially Google them and find this information that they may or may not want to share. The point being we feel like it’s not our place to share it, but I think that what you said is key that obviously we can’t protect our children from the internet. Technology is not going away, it’s gonna be a part of their lives but modeling for ourselves using the internet safely and also giving them independence at an appropriate age and teaching them before we do, the ways to stay safe. I think I say that same correlation with food a lot, that we often underestimate kids and how they actually can make really good decisions if we give them the knowledge to do so and the independence to do so. And that’s always the hard part is giving them the independence.
So I think that’s an important point and I think…like I said, I think this is gonna be a whole new world that our kids have to face that we did not at their age. And our parents certainly did not at our ages, so I’m glad that there are people like you out there giving the information of how to navigate it safely. And I think there might be a lot of follow-up questions to this episode. So if there are, I know this is like a pretty complex topic, so if there are we may have to do a round two one day, but you mentioned a lot of things, there’ll be links in the show notes to a lot of those in case people have follow-up questions or they can contact you through the show notes as well. But do you kind of wanna just give us a good conclusion of like do’s or don’ts to remember when you are online?
Patrick: Yeah. And we’ll start with passwords and the main things to remember are password managers are a good thing. Take the time, and research them, investigate and choose one and stick with it. Use it for all your accounts and remember that even if your password manager is holding your passwords, those passwords still need to be strong. They need to be long and they need to have high entropy, they need to be very random. So remember that and that’ll help you a lot. Enable two-factor and also treat security questions like they’re another password. And don’t use any publicly available information for your passwords. With your children, remember to sit down with them, use the internet with them. Show them and teach them good practices that will help them as they grow because technology is not going anywhere and this will only become more important as they go. One suggestion I found was to have a central charging station in your home. You know, in the living room or a hallway not in the bedroom, and that’s where any iPhones, iPads, tablets, anything like that, they leave there at night and that’s where you charge them. So if you want to use it you have to leave it there at night. And I know you’ve talked about sleep a lot on your podcast and having phones in the bedroom while you’re sleeping, this is a good way to kind of kill two birds with one stone. And I would suggest that.
Katie: Yeah, I think that’s a great piece of advice, especially I know I’ve seen some recent news stories of people’s like pillows catching fire because they tried to sleep with it. It’s something like a technology device underneath that or like we even just know it with their studies that blue light is harmful to your melatonin at night and it can reduce your sleep. And what parent wants their child to sleep less? So I think that charging station is like a super, simple thing that you can implement that also allows you to just keep an eye on their tablets, or their devices, and their online activity, and to make sure that you’re teaching them those habits as they go. And I think that’s just a super important point. But we’ve covered so many things, like I said, I think we might have to do a round two one day, all the links will be in the show notes.
But thank you, Patrick, so much for your time and being here. Please, you guys listen to the advice he’s given and stay safe online because it is a crazy world out there. So Patrick, thank you.
Patrick: Thank you very much.
Katie: And thanks to all of you for listening and I will see you next time on “The Healthy Moms Podcast.”
If you’re enjoying these interviews, would you please take two minutes to leave a rating or review on iTunes for me? Doing this helps more people to find the podcast, which means even more moms and families could benefit from the information. I really appreciate your time, and thanks as always for listening.
Do you feel you know how to protect yourself on the Internet? What questions would you ask Patrick? Share below!