DEV Community: Fernando A. S. Serra

Support Tips #2 - The importance of your toolbox

Fernando A. S. Serra — Wed, 08 Jun 2022 12:14:08 +0000

A few years ago, I shared an apartment in the Historic Center of São Paulo with a very dear friend. During this period his mother had some difficulty at her house and needed to spend time with us. It wasn't a problem for me, as we had agreed on things like that, about sheltering family members in difficulty or even other friends before we signed the partnership.

Everything ok so far. There were no problems during her stay, we became friends, we talked a lot about many things and it was a very gratifying experience to learn from someone with more experience than me, even nowadays I have more contact with her than with him, but a thing struck me during this period and that was the reason for writing this article today.

I don't remember the exact day, but I was taken by surprise when we were cleaning the apartment with a quote from her:

– I don't know what you have a toolbox for if I've never seen you use it.

I laughed, it was funny that she pointed this out, in fact, I hardly ever used that toolbox and only cleaned it once or twice a year, to check for rust or sometimes when I needed some pliers and remembered it existed. . At the moment I just replied:

Oh, it's there for when you need it. Better to have than not to have.

And we go on with life.

What do this situation and the Technology Support Sector have in common?

All.

Your toolbox doesn't need to have pliers, a hammer, a little slurry in an old mayonnaise jar, and pounds of recycled screws from things that no longer fit me, like mine. The truth is, you may not even need a physical toolbox, it may be easier to hire a professional for woodworking services or to tinker with your plumbing if you find that more convenient.

But when we bring this concept of the toolbox to the technological environment, we have a slightly broader notion of the importance of having the right tools to carry out your work or your hobbies.

I explain. When my friend's mother said that having a toolbox was useless for me, a guy with more PC skills than the physical disposition to sand a wall, for example, she wasn't looking further. Who has never had a problem with the shower in the middle of the night, a melted wire, or a switch that stops working and had to open it using a kitchen knife and several minutes of patience?

Well, having the right tools and not needing them is much better than not having the tools and needing them. After all, as the proverb said: "It is better to be a warrior in a garden, than a gardener in a war.".

Photo by ThisisEngineering RAEng on Unsplash

Knowledge, more knowledge and a lot of knowledge.

This week, I started a new job. I was all excited and found myself thinking about this article and how I should write it, after all, the idea had been hammering in my head for a week.

The new job brought bigger challenges for me, I already have a good background working in the area of support and technology, so it was not a surprise for me when some new concepts appeared in the job description and a training path was presented to me.

I really liked the content and went through the paths, until at one point, one of the topics that the trail suggested was a training at Bonnie Biafore's LinkedIn Learning, on Project Management Fundamentals. I opened a wide smile, it was very nice to see it there, because about three weeks ago I had already completed this course.

It just served as an example for me about how important it is for you to have the right tools in your head, nestled right there in their corner. When I took the course, I thought: "Wow, it will be a cool experience, it will add things to my curriculum and well, knowledge is not lost."

But I didn't expect this knowledge to be used so quickly and especially recommended by my managers. The fact is that having the tools, or knowledge prepared in advance, saved me precious time and I was able to dedicate myself more to the specific areas of knowledge that the role requires.

This also happened with my recycling in Excel, since I had completed a very fruitful and extensive trail on LinkedIn Learning (see it here again) with instructors like Karine Lago, Laennder Alves and Cristiano Galvão. I thought to myself that I didn't use Excel a lot in my daily life, but it was really good to recycle and review the concepts I learned years ago, that is, polish the tool and fight rust, get the cobwebs out of the set.

It was great to have done that, because the test for the vacancy was exactly that, an Excel spreadsheet with several needs for advanced formulas and PivotTables that, to be honest, I knew how to do it, but I didn't even remember where to start before the course .

And what are the best tools to have in my box?

Well, that's relative.

If you work in development and are an excellent Java programmer, why not take a look at alternative languages to the model, which follow the same paradigm? You won't lose anything by learning a little Kotlin, or keeping up to date with recent advances in using the Go Language.

If you are a project manager, Scrum Master or something similar, why not increase your knowledge by seeing similar cases of people in the same role, or even studying other agile management methods and taking the best of them to apply in your day-to-day tasks?

It is always possible to learn something new and, even if that knowledge seems useless or unnecessary for the moment, having a brief notion about the most varied areas will be very important in some unexpected situation and maybe even give you a competitive advantage in specific points of the your career.

That's all folks, I hope you liked it! See you next time.

Support Tips #1 - Digital Security Basics

Fernando A. S. Serra — Mon, 11 Apr 2022 12:40:18 +0000

Cover Photo by FLY:D on Unsplash

Good morning, Good Afternoon, Good Evening! I don't know the time you're gonna read this, so be greeted!

Digital inclusion has given voice to almost every community in the world. We live in a wonderful era to discover new cultures and learn new things. There are several learning platforms, social networks where you can share your opinions, follow religious and community leaders, artists... The possibilities are almost infinite and if they are not infinite, they are very diverse.

With the diversification of access, security flaws multiply and, like a crumb on the floor, attracts cockroaches, flaws attract SCAMMERS.

This guide was designed for you, the connected person, who has doubts about security and wants to be prepared to avoid network security breaches and the headache resulting from the scams that have been reinvented more and more.

Step 1 — Do I use secure passwords?

123@password, god123, love123, john2304, StacyandBill1501… Passwords like these are all good examples of what NOT to USE.

The simpler your password, the easier it is for someone to figure out your access mechanisms, and as much as service providers try to prevent your data from being compromised, it's not too difficult for a social engineering scammer to get what he wants from you with a small talk on facebook, for example.

Social engineering is a technique that allows you to evaluate a person by what is important to him and what he demonstrates in conversations. A social engineer is nothing more than a person with great interpersonal skills, able to detect how you think through what you say. That way, he can “Kick” your passwords and try to access your account.

Although this method is common, it is not very effective, but there are other ways to try to circumvent your password, all of them based on what you post and what you make public out there.

As much as it sounds like I'm suggesting this, no, you don't have to stop posting your lunch photo, or your cat's birthday video, you just need to be a little more careful.

A secure password, for example, does not need to be generated by Norton's utility or your iphone's native algorithm (although this is recommended). You can create very reliable passwords yourself with a little logic.

For example, let's suppose that you, like me, have a cat named Priscilo. Priscilo has a birthday on May 3rd and as I believe in signs, I decided that he is a very stubborn Taurus. A good example of a password generated from this fact would be Pri03@stubborn05.

Note that in this example, we have a capital P heading the password, two numbers arranged in the body of the word, and a special symbol.

It's still not ideal, but you can get an idea of how a little creativity can improve your security on at least a couple of levels.

Another alternative is to use password managers to generate secure passwords. One that I really like is Norton Password Generator, from Symantec, a well-established security company in the market, which offers this free solution for those who don't want to waste time on it.

Step 2 — Testing Password Security

How do I know if my password is secure? Well, this question is not that difficult to answer, but don't worry, you won't have to ask Karen's son, who spends all day doing "computer stuff" to try to hack your instagram. It's easier to go to HAVE I BEEN PWNED and check it out.

No, I'm not sending you to a strange site with dangerous words. This site belongs to an Ethical Hacking community (basically, security agents and “good” hackers) that tests your passwords and emails, to verify that they are not in leaked databases. The term PWNED is an expression used by cybersecurity professionals for dominated, or compromised, data.

I have two cases here to show what this site does. The first is an email that I know has been leaked and the second is my podcast email that I recently created. Let's see what the website tells us.

As you can see, my data has been leaked and this is terrible to know, but all is not lost. We'll talk about what can be done later. If you, however, were luckier than me and your email wasn't leaked, the site will look a lot less scary, with this face:

Now you must be wondering, hey Fernando, you said I would be able to check my passwords, but you mentioned email. Well, that was on purpose. It's no use changing your facebook password if the hacker has access to your email. So, knowing now that your email may have been leaked, you will consider changing his password as well.
Let's go back to passwords. In the header of that site, there is an option to check if your passwords have been leaked or not:

Clicking there on Passwords, you will see this screen here:

Well, let's check our passwords. I'll start with one that I'm sure was leaked:

You can laugh, I used to use the same password for everything, but now let's see the password we tested at the beginning of this guide: Pri03@stubborn05.

Good! Yummy like hot popcorn in butter! By the way, do you like popcorn?
All kidding aside, this site serves as periodic prevention for your passwords, so whenever you consider reviewing your security, make sure the password you're thinking of using hasn't already been leaked.

Step 3 — I've Changed All My Passwords, But I Don't Think I'll Remember Them

If you're like me, running out of ideas and starting to forget things in your mid-30s, you're going to think, “Gee, now support, how do I remember this bunch of passwords? Isn't it better to use the same one everywhere to remember more easily?”.

Never use the same password on different websites, emails or apps. Always ensure that your passwords, especially those for emails and access to telephony and communication apps, are unique and strong.
As remembering all these combinations can be a problem even for those who memorized the phone book, uncle recommends the Bitwarden software:

Look how beautiful and free:

Here you will be able to store several information at once, such as trusted URLs within the Login, Password, username combo and the best, it even has a built-in secure password generator, which I will teach you how to use NOW!

First, click on that pretty button, with the plus sign there:

Then it will open a new form on the right:

Here you can choose whether the item you want to add is a login, a credit or debit card, an identity or a secret note.
The name is basically the title of that credential, for you to associate the password and the user with facebook, for example:

The password, you can manually fill in with one of your choice, or you can click on those two circular arrows, to generate a new one.
It will generate one according to the preset pattern and you can copy it for immediate use, but don't forget to click on the confirmation symbol before exiting Bitwarden:

After that, just fill in the url, if you want, to facilitate future navigation using BitWarden and click on the disk there to save:

If you don't know what a floppy disk is, sorry, it's that icon next to the CANCEL button.

The good news is that now that you have made an account on bitwarden and saved your passwords, they will be safe under an umbrella called “MASTER PASSWORD”. This, by the way, is the only password that I recommend that you memorize and preferably write it down on paper and keep it in a drawer in your house.

Another cool thing about Bitwarden is that you can install it on your desktop at home, on your work laptop and on your smartphone. It is also possible to open it in the browser, and your passwords will all be synchronized with the open instance, for you to use when you need it.

Step 4 — Two-Factor Authentication, when and how to use it?

The answer to these questions is as follows. The When, is always, the How, I will need to elaborate below.

Two-factor authentication is an extra layer of protection adopted by many software companies, basically this layer works with an application that generates a numeric or alphanumeric code continuously or an email that sends a numeric or alphanumeric code whenever an access is made. your account.

This also works for SMS, but this third option I strongly recommend that you don't adopt and I'll explain now why.

Basically, we live in a country where 63 cell phones are stolen per hour in capital cities (Information on Brazil). With this alarming number of devices being subtracted, it is to be expected that a scammer can, for example, try to access your email, or reset your password and use a code that arrives by SMS, right? Absolutely right. This is what is done most nowadays and there are even gangs specializing in scams with pix (an agile method of bank transfer, common in Brazil) and theft of devices.

Therefore, if you have SMS authentication, even if your device is locked, on some operating systems, most users leave the option of notifications on the lock screen available. With this, it is possible for them to see your code and from there, start a password reset process.

To get around this loophole, I recommend that you use Microsoft Authenticator. It is the best authenticator available on the market and in case your smartphone is removed, you can access your codes online, whether to quickly reset passwords, remove authentication or block the app on the device.

While google authenticator is just as good if your phone is stolen, it doesn't provide an online solution for you to access codes or remove your old authenticator from your account, so I don't recommend using it.

As well as providing a way to recover your access, Microsoft Authenticator can also help you with automatic filling of passwords, addresses and cards, being a wonderful alternative to BitWarden.

Step 5 — Biometrics and why we should be careful.

Biometrics can make your life and banking transactions much easier, but it can be a thorn in your side when it comes to theft.

If your cell phone is stolen and falls into the hands of advanced users, they can register additional biometrics and with it, access their banking applications whose configuration is allowing access through this means. Therefore, I strongly recommend that you avoid using bank accesses linked to biometrics as much as possible, as comfortable as it may seem.

If possible, have a cell phone with only your banking applications and other important information registered and leave on your daily use cell phone only a digital wallet app such as Paypal, Venmo, CashApp or similar. So, you can go to a more distant place, with your digital wallet card, the app and more secure that if you are robbed, not all will be lost.

That's all, folks!

If these tips were helpful to you, please like the post.

The topic is vast and the post was huge, I know I could summarize the information a lot more, but well, this was written during a coffee, so reading should take the same time and you will leave here, much more informed than when you arrived !

The original text was written in Portuguese and translated during another coffee, I apologize in advance for any errors and gladly accept corrections!