Maybe our students aren’t so savvy after all

And maybe we aren’t either.

An article in this week’s Chronicle suggests that we’re on shaky grounds if we assume our students know tons about how the Internet works and what that means for their (and our) future.

A couple of faculty  at Northwestern (Eszter Hargittai and Brayden King) teach a course called ‘Managing your Online Reputation’, where they encourage students to find out what the Internet knows about them and think about what it’s advertising to the world.

Their idea is that students should be encouraged not only not to post videos of stupid things they might have done, but also to think about posting (tweeting, instagramming, tumblr-ing) positive views about their skills, attainments, knowledge and capabilities in a way that the usual searches will turn up not only nothing bad, but rather some good stuff.

The course was based partly on research by one of the faculty (Hargittai) that showed that, contrary to what many of us believe, many students today know less about online life than most of us. For example,

about one-third of the survey respondents could not identify the correct description of the ‘bcc’ email function. More than one-quarter said they had not adjusted the privacy settings or content of social-media profiles for job-seeking purposes.

My experience has been that I have a few students who are really tech-savvy, a few who have no idea what they are doing, and the rest somewhere in between. And, of course,  being tech savvy is a moving target. I’ve been doing email since 1990, so I certainly understand how that works. But I only joined Instagram about a month ago, and Tumblr  a few weeks earlier than that, mostly to follow a nephew who’s traveling around the world and documenting it on Tumblr.

On the third hand, I actually understand what the Heartbleed vulnerability is exploiting (and I even understand what that last sentence means…).

Anyway, some food for thought.

And, for a contrary view, try this. And for an even more contrary view on brand-building, there’s this.

 

How to prevent your heart from bleeding

By now probably everyone has heard about the Heartbleed problem, but just in case you haven’t, here’s a quick summary. One of the programs1 that websites use to communicate securely with customers, called OpenSSL, turns out to have a vulnerability that would let bad guys snoop on traffic to and from those websites even though the data exchanged between them is supposed to be encrypted (as indicated by the icon of a closed padlock in the address bar, and https in the address itself).

The accidentally unlocked ‘door’ has been around for a while, and so there is a chance that your communications with Gmail, Facebook, tumblr and others have been snooped on. There is even a chance that your password has been swiped, and, of course, if you use the same password in various sites, any stolen password will work on all those sites.

What can you do? First of all, all your Wayne State data is safe–the WSU systems were not running OpenSSL, so they are all safe. The Wayne VPN is vulnerable, but the VPN itself was protected from external attacks in another way, so there is no risk there. But, of course, you have passwords on many other sites, and for some of those you should probably consider some password ‘maintenance’. Specifically, you should probably change those once a month for a while. I’ve already changed my Gmail and Dropbox passwords, and am working on several others.

The real takeaway from this event is that you should not reuse passwords from site to site. Of course, that’s easier to say than to do–most of us have dozens, if not hundreds of passwords, so some kind of password management device is becoming more and more necessary. I, myself, use Lastpass, which stores my passwords online (of course I use a unique, complex but rememberable password for that). It not only stores all my passwords, it even suggests complex non-memorable passwords. Since it will automatically fill them in for me I don’t need to remember them. If you don’t like having it fill things in automatically you can invoke it (there’s a plug-in for every popular web browser), display the password and copy it into the relevant website as you log in.

Note that I have no connection with Lastpass, and there are other worthy competitors such as Keepass and Roboform. You can read a review of them here

Lastpass has an interactive form you can use to see whether your favorite websites have been protected. You can find that here.

If you are interested in the technical details on how Heartbleed works you can watch this video , which lasts about 8 minutes. It’s not horribly abstruse–if you kinda know how websites communicate with your computer you can follow it.

Mashable  has a good summary of which websites you need to worry about.

One final thought. NEVER send your password to anyone for any reason through email. And, in fact, if an email tells you to change your password, if you think it actually is authentic, don’t follow a link in the email to change it. Instead, use a bookmark, or type in the web address yourself, so that you know you are changing the password in the right place, and not in a rogue server in Tuvalu.

———-

1 I know that calling it a ‘program’ oversimplifies things, but this characterization will suffice for our purposes.