Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
78 lines (51 sloc) 4.11 KB

Connected App Hygiene

Overview

Overview: Don't let orphaned apps degenerate into an unlocked back door to your account.

About This Lesson Plan

Review date: October 9, 2017
Lesson duration: 30 minutes

Level

Introductory. This is a great exercise to do as a group. Sometimes people need to convene and be reminded together to do this little bit of homework. This could also be a great icebreaker to a longer and more challenging lesson -- everyone will leave knowing that they got something done! Think of it as an install party, for uninstalling.

What materials will participants need?

Everyone should have their laptop.

What materials will the instructor need?

You want some way to share links with folks. https://etherpad.opennews.org/ is handy for that, or you can send out this URL in advance.

How should the instructor prepare?

Review the recommended reading.

Take stock of any social networks that your own office is active in that aren't on this list and find the privacy settings and connected apps for that network. Consider filing an issue or pull request if those instructions should be part of this lesson plan.

Lesson Plan

Imagine that every time you gave someone a key to your place -- an overnight guest, a contractor, a cleaning service -- that key continued to work even after you changed your locks. And imagine the last contractor you gave your keys to hung it on a board full of keys, with your address on the tag. Picture the contractor throwing a party in their shop. Or quitting the contracting business and opening a bar without ever clearing up that key wall. Abandoning the whole warehouse to go find themselves at Naropa. Those are your connected apps. Side doors to your social media accounts that stay open, even if you change your password.

Even if you have great password policies and two-factor authentication in place, you might be vulnerable to some hacks if you've left old apps connected to your social media accounts.

So go through the apps connected to your social media accounts and make sure that they're all things you're still using. Disable anything you aren't using anymore. Be ruthless.

Google

Twitter

Facebook

Github

What's Missing?

It is worth taking a moment to take a look at any additional social networks that you're active on but aren't on this list. Look around in the privacy settings and tweak them as appropriate.

Bonus: Recognized Devices, Cookies, Keys

This is also a good opportunity to explore the "recognized logins" section of each platform. Even though old logins and expired keys are less likely to serve as a vector for an outsider, it's a great opportunity to spot any suspicious logins or behavior.

Github

Facebook

Twitter

Google

Recommended Reading

Other Great Tutorials

Links in the News

You can’t perform that action at this time.