security

According to non-partisan PolitiFact, economists estimate that American household costs will rise by $1,700 - $4,300 per year if Trump acts on his tariff promises. That will raise inflation, which in turn will keep interests rates high, resulting in more costly mortgages and more expensive cars. Our last round of inflation, caused by the pandemic and nearly over now, has caused so much pain. For people voting on the economy, I hope you're paying attention to the economic costs of radical policies like this one.

I am a strong proponent of bringing American manufacturing back (I'm not just a fan... this is the focus of much of my work... I put in the effort). But it could take decades to build back American manufacturing jobs lost since the 1980s to low-cost manufacturing countries like China. So the impact of dramatic tariffs will increase household costs instantly and unavoidably, and will not be offset quickly by increased manufacturing at home.

So... are tariffs necessary to bring American manufacturing back?

Tariffs can be part of the answer, but certainly not at 60% (or even 20%) - not without hurting American families.

What WILL work? INVESTMENT. Since 2020, over $1.5 TRILLION dollars in incentives have been put in place to promote American manufacturing. 

Under the Biden administration billions of dollars have been allocated to reinvest in American manufacturing:

• The Chips & Science Act (2022) allocated $52 billion to promote semiconductor manufacturing in the US. That's a lot of manufacturing jobs.
• The Infrastructure Investment and Jobs Act (2021) authorizes $1.2 trillion for transportation and infrastructure spending, with $550 billion of that going to new investments and programs - money that fuels manufacturing jobs.
• The Inflaction Reduction Act (2022) offers massive tax incentives - estimated to create $370 billion in manufacturing sector investments over a decade - to boost domestic production (manufacturing) of clean energy systems.

In addition, the State Small Business Credit Initiative (SSBCI) is a nearly $10 billion program that supports small businesses across the United States by providing capital and technical assistance... all of which is available to support small manufacturers. That's a lot of money... and I still think we can do more.

But there is a lot of misinformation out there about these programs, and people mistakenly believe that these dollars are just for building electric cars and electric car infrastructure! So incorrect. 

The Chips act has little to do with electric vehicles .. other than the fact that ALL vehicles need computer chips today and we are almost entirely dependent on China for them - and chips needed for every other electronic Americans buy, from laptop computers to smart home devices to mobile phones.

The Infrastructure Investment and Jobs Act is for bridges, roads, public transit, railroads, airports, and ports, upgrading the power grid, internet accessibility... and yes, EV infrastructure. This year I took road trips across Wisconsin, Iowa, Illinois, Indiana, Ohio, Pennsylvania, New Jersey, and Kentucky. My travels via airplane took me to California, Nevada, New Mexico, Georgia, Arizona, Colorado, and Texas. Everywhere I saw infrastructure work going on. Infrastructure work creates American jobs to not only do the infrastructure work, but to produce the cement, steel, aggregates (sand, gravel, crushed stone) asphalt, pipes, electrical conduits, and pre-cast concrete components. It also causes American manufacturers to order other American-manufactured equipment like excavators, bulldozers, cranes, and other heavy equipment, buses, rail cars, switchgear... etc. This Act is a huge boon to all American manufacturing.

I was recently in Washington DC for a major conference that brought the manufacturing sector, US Military, and politicians together to talk about how critical manufacturing is to our national security.  And every politician, both Democratic and Republican alike, spoke to how much work HAS BEEN DONE and still needs to be done to keep manufacturing jobs in the US.

When the politicians are out stumping, the Republican politicans keep blaming Democrats for losing manufacturing jobs. In fact, both parties, over time, were responsible for that. But when they come together for important meetings right now, the Republicans in that conference were very clear that a lot has been done the past four years - and that we need to maintain these investments.

Please take a look at what Trump plans to do with these investments. Because he is already on the record that he will pull back on them, and US manufacturing progress will be lost. The Republicans in the room at that conference I was at? They know it, and they're worried about it.

INVESTING in our own manufacturing is the only road to bringing back American manufacturing. INVESTING in our children by providing education to work in manufacturing (our trade schools have been gutted in the past 30 years) is critical to bringing back American manufacturing. INVESTING in existing manufacturing operations to upgrade their business operations so they can afford to compete with foreign manufacturers who rely on cheap labor is critical to bringing back manufacturing. INVESTING in our workforce and communities by creating competitive businesses that can afford to pay good wages is critical to our future. The path to a healthy middle class and a healthy country won't come from just cutting off foreign imports.

We must keep INVESTING in America.

What is 2FA?

You’ve been using 2-Factor Authentication (2FA, also sometimes called Multi-factor Authentication) for a long time, though you may not even realize it. Every time you use your ATM card, you present the card (factor 1) and you use a pin number (factor 2). Even if someone steals your ATM card, it’s only useful to them if they also know your pin.

That’s what 2-Factor Authentication is – a security process that requires two forms of identification from two separate categories of credentials. The 2-Factor Authentication used by your bank for your ATM card doesn’t make it impossible to steal cash from your checking account, but it makes it much more difficult.

You should be using 2-Factor Authentication for your most sensitive internet access points as well. “But wait!” you say. “My online banking doesn’t use my ATM card, and no other internet provider uses a plastic card either!” And you’re right – plastic cards are not the medium of the internet – they’re the medium for physical machines. But you have another credential device you can use, you likely have it with you all the time, and you already know how to use it.

It’s your mobile phone.

At its most simple, 2-Factor Authentication uses a text message. You enter your username (factor 1a) and your password (factor 1b), and then you receive a text message with a code to enter (factor 2). The average hacker won't be able to access your account even if they have your username and password, because they don’t have your mobile phone.

You can also use a 2-Factor Authentication app to receive your authentication codes. A 2-Factor Authentication app generates a temporary login code, in sync with the site(s) you program to work with it. The codes refresh every 30 seconds (you don’t have to do anything – they just automatically refresh every 30 seconds, 24/7). So instead of triggering a text message when you log in, you input your username (factor 1a) and your password (factor 1b), and then you get the latest login code from your 2-Factor Authentication app.

The text version is easiest to set up, but sometimes you experience delays. The app version will not suffer from any delays in text relay, but the apps are a bit more difficult to set up. In reality, you will end up using a mix of both. For instance, Twitter only offers text authentication, but if you use LastPass for your password management, you will need an app.

Unfortunately, 2-Factor Authentication isn’t available on every website yet (the most notable gap is banks, which have been terribly slow to implement 2-Factor Authentication for their online services), but adoption rates continue to climb.

Which 2-Factor Authentication app should I choose?

The five most popular are Google Authenticator, Duo, Microsoft Authenticator, Transakt, and Authy. These are all free and all work well. Each one has a bit different approach to setup, so be prepared to follow their instructions carefully. It’s not difficult, but it can be confusing the first time you do it. So take your time and read the instructions once or twice before starting.

Why Do I Need 2-Factor Authentication?

I was talking about 2-Factor Authentication with a business acquaintance last week, and he said, “2FA is stupid. If a hacker really wants to get into your system, 2FA won’t stop him.”

This is true. If hackers really really want to get into your computer, they’ll get in. But the hackers who have the sophistication to beat 2-Factor Authentication are going after big targets: Discover, AMEX, the Social Security Administration. Hackers work for one of two things: notoriety or money. Your personal accounts are unlikely to deliver either (unless you are Bill Gates. And Bill, if you’re reading this blog, can we talk?). Does this mean you don’t actually need it then? Not really. You still need it.

Here’s an analogy to explain why. My granddaughter and I recently stopped at Walgreens to pick up some prescription allergy medicine. It cost $4.00. It was in the little paper “I’m a prescription” Walgreens bag. When we got out of the car at our next stop, I asked her to please put the bag in the glove compartment.

“Why?” she asked. “It’s not worth anything. We could always get a new one.”

“Because I don’t want to pay the deductible for fixing a broken car window,” I replied.

The world isn’t just filled with sophisticated hackers. It’s filled with baby hackers; perhaps the kid next door, one of your students, or one of your kids’ acquaintances. These baby hackers might be working themselves up to something Department-Of-Defense-worthy, but right now they’re just practicing. Don’t let them practice on you. 2-Factor Authentication will stop this type of hacker.

2-Factor Authentication will also stop the robot hackers that are programmed to breach as many accounts as possible looking for big fish. But just as catch-and-release still leaves a hole in that poor fish’s mouth, these robot fishermen tend to leave messes behind in the accounts they break into – messes that can lead to anything from minor embarrassment to computer replacement or costly computer repairs.

Finally, if you have a website, it is always at risk of being infected with a socially engineered Trojan. This is a hack that creeps into your website and then tricks unsuspecting visitors to download a piece of malware. By the time you find out it’s happening, Google has blacklisted you and your customers and visitors are angry. Using 2-Factor Authentication to access your own website administration area will deter these kinds of hacks from all but the most motivated hackers.

So while it’s true that 2-Factor Authentication won’t stop the best hackers, it can still save you a lot of time, frustration, money, and loss-of-face.

Which accounts should I protect with 2-Factor Authentication?

You don’t have to protect every access point. The average internet user has somewhere between 35 – 50 online accounts. Here’s a list of the account types you should provide with this extra layer of security:

• Online email accounts (Gmail, Yahoo, AOL, Live, Hotmail, etc.).
• Password protection systems (LastPass, Dashlane, Keeper, Authentic8, etc.).
• Cloud storage (Box, Dropbox, Google Drive, OneDrive, etc.).
• Online bank accounts (And if your bank does not offer 2FA services, use the contact form on their website to say you want them to do so for your protection).
• Any social media accounts that you use for business or which are particularly important to you..
• Your website (Wordpress, Joomla, Drupal, or any CMS website with back-end access and/or a database).
• Your hosting and domain providers (GoDaddy, MediaTemple, Amazon Web Services, Rackspace, etc.)
• Cloud-based business services (Quickbooks Online, Salesforce, etc.)

You can certainly protect more than these, but at a minimum you should use additional security to protect your money and your business interests.

How do I start the process?

A good place to start is with Facebook or Twitter. Most people have at least one of those, and both sites use text message authentication. Once you set up your first account, the whole concept will make more sense to you. Here are links to step-by-step instructions for each:

How to set up 2FA on Twitter

How to set up 2FA on Facebook

For all other sites, just google “instructions to turn on 2FA in XXXXXXX” and you’re likely to find what you’re looking for. I wish I could be more helpful on this point, but with so many different sites to choose from and so many different approaches, being more specific would make for a very long blog post!

When you use 2-Factor Authentication it does take a few more seconds to access your protected accounts. But you quickly get used to grabbing the additional code from your mobile device, and saving yourself from just one hack will more than compensate for the few extra seconds of security. The internet keeps evolving and so must we. Right now, your best bet for protecting yourself online (in addition to good password behavior and hygiene) is 2-Factor Authentication.

**************************************************

 Update 2020-7-29

A reader requested an update on this article, after realizing it was five years old. In truth, very little about using 2FA has changed since 2015. The encryption and coding behind it have been hardened, but as users, things function largely the same way.

One way in which 2FA is changing is that some software systems - notably Google, Dropbox, and Amazon - are using push inquiries to their mobile apps now instead of sending a code through text.  For example: If you are logging in to Dropbox on your desktop, instead of sending a text message, if you have the Dropbox App installed on your mobile device, they push a question to your app asking, "Are you trying to log in from such-and-such computer right now?"  And you have the option to press "Yes" or "No."

But text authentication is still the dominant mode as of this date.