Tag: 2018 Year in Review

Posted on

Tesla CEO Elon Musk’s year in one chart

Three point eight.

From the first day of trading in 2018 to the last, that was the final percentage difference in Tesla’s share price. Taken on its own, the number is a modest and positive gain — and far more fruitful than automakers Ford, GM and Fiat Chrysler. It’s a number that suggests a consistent year of upwards momentum for Tesla, steady and diligent like a tugboat, even-keeled and untouched from stormy market seas.

Those two bookends of the stock market calendar — January 2 and December 31 — and the 3.8 percent gain they produced obfuscates what really happened to Tesla and CEO Elon Musk in 2018.

It wasn’t quiet. It wasn’t calm. It wasn’t constant or consistent. Tesla wasn’t a tugboat in 2018; it was a whipsaw.

The year was a dizzying ride that took Tesla shareholders and fans, critics, car owners, employees, the media and Musk himself to extreme highs and troubling lows — sometimes flip-flopping twice or more in a few days’ time.

And it was exhausting, because so much of it seemed self-inflicted and avoidable.

The chart illustrates the ups and downs of Tesla’s share price, along with specific highlights. But there were so many more.

As Tesla floundered early in the year, hamstrung by the production hell of its Model 3, Musk’s company SpaceX made history when it completed a test of its Falcon Heavy rocket, the heavy-lift orbital vehicle that can carry twice the weight of its closest competition in active operation. 

As production hell dragged on through the first quarter and into the second, Musk locked in a performance-based package that granted him $2.6 billion in stock options over 10 years. Moody’s would downgrade Tesla’s credit rating to negative from stable and Musk would make an untimely April Fool’s Day joke that the company was “bankwupt.”   

It turns out those jokes weren’t so far off.

Tesla was burning through millions of dollars a day as the company tried to solve production bottlenecks in its factory.

“Tesla really faced a severe threat of death due to the Model 3 production ramp,” Musk said in an interview with Axios in November. The company was within “single-digit weeks” of dying, he added.

Other problems emerged as Musk and his employees scrambled to solve that very real and impending existential threat to Tesla. There was the unfortunate unhinged analyst call and a spat with the National Transportation Safety Board over a fatal crash and investigation into the automaker’s semi-autonomous Autopilot system.

And then it happened. Tesla, which appeared to be in a death spiral, produced 5,000 vehicles in a week. It was a triumph. The naysayers were proven wrong; the critics were silenced; the shorts would convert!

And it was only July 1.

The rest of the year played out much the same way the first half did, just with a few new characters and twists, from the “pedo guy” episode that played out on Twitter and Musk’s “funding secured” tweet to pot-smoking, SEC investigations and earning its first profit in two years.

The last quarter of the year was marked by advancements in its Autopilot system, lawsuits and subpoenas, a new Tesla chairman, two new board members Larry Ellison and Kathleen Wilson-Thompson and further expansion into China.

Tesla’s roller coaster ride of a year was stomach-churning — or thrilling, depending on your point of view — without Musk engaging in Twitter. But his frequent use of the social media tool repeatedly pulled the company, or himself, back into an abyss of petty fights, distractions and, at its worst, potential derailments to a company in which he has invested so much of his time, money and emotion.

In 2019, with the Model 3 moving into new regions of the world and hints of other grander plans, Tesla deserves, and will need, a captain with both hands on the wheel. Elon, take the wheel.

Posted on

Here’s what to expect in cybersecurity in 2019

Around this time every year, my inbox fills with the same repetitive junk.

“Would you consider putting [any random company] in your gift guide?”, “are you going to CES and if so can I pitch you [a gadget that literally won’t be around this time next year]?”, and, “do you want to cover [a company you’ve never hard of’s] predictions for next year?”

To which I always respond: “No,” “absolutely not” and “predictions are not news.”

The “predictions” emails piss me off. Most of the companies that offer predictions don’t seem to fully understand the security field outside their particular niche, or worse, have an agenda they’re trying to push. This year was no different. I trawled through my inbox, scanning literally dozens of emails pushing “predictions” for the coming year.

“Artificial intelligence will stop a data breach,” said one email. “The supply chain will face more attacks,” said another. And, my personal favorite, “bad actors will combine multiple attack types to create synergistic super threats.”

Hate to break it to you, but “super threats” are not a thing.

If you thought 2018 was a tough year for tech, 2019 is going to be so much worse. The groundwork we laid this year will roll over into the next, and that’s when things will start to hit hard, from new laws and political (in)decisions to privacy issues and how employees — not companies — will start to call the shots.

Here’s what you need to know for 2019 in security.

Expect more data leaks and exposures — but not just breaches

2018 saw a rising trend in data leaks and exposures — specifically data that’s not protected with even the most basic security, like a password.

We’ve seen a ton of sites and services exposed in the past year — from gym booking sites, anonymous social network Blind, Urban Massage, FedEx, Canadian internet provider Altima, Amazon and fitness app Polar, to name a few.

Exposed databases and user data can be easily found, yet are entirely preventable — often simply by setting a password. Breaches, where a hacker exploits a vulnerability, are more difficult and require some level of skill, making them less common. But human error, a lack of security smarts or just sheer laziness makes exposed data more discoverable, and yet there’s no sign of data exposures dying down any time soon.

At Blind, a security lapse revealed private complaints from Silicon Valley employees

California’s privacy rules will come to a head

After a long fight, California passed its consumer privacy law — set to go into effect at the end of 2019.

Think of the law as like GDPR for California, which will mandate that companies disclose how they collect user data and what they do with it. The law will allow authorities to impose fines on companies that don’t comply or which violate the rules. It’s particularly important for consumers, given most of the world’s largest tech companies have their headquarters in the state.

Tech companies opposed the law. After spending collectively billions of dollars to comply with GDPR, many didn’t want to face another hefty bill to comply with more privacy rules. Instead, many companies pushed for a federal law to overrule and upend California’s soon-to-be-enacted rules. With enough lobbying power in Washington, DC, tech companies and telcos want lawmakers to roll out weaker legislation.

With almost exactly a year to go before California’s rules are set to go into effect, expect to see Silicon Valley work together — for once — to get their own way at a federal level.

California passes landmark data privacy bill

Brexit will hamper U.K. tech, startup growth

Brexit, the U.K.’s departure from the European Union, is set for March 29 — and all signs point to a “no deal” that will cause serious, if not as of yet untold problems with immigration, trade, and even intelligence sharing and security arrangements with the U.K.’s European partners.

Leaving the EU without any trade or immigration deals in place will hurt startups and the wider tech scene. Attracting good overseas talent will be difficult without knowing what the immigration rules will be. Even practical things like GPS will begin to struggle, as well as data transfers in and out of the U.K. without a deal in place once the U.K. goes over the cliff-edge. It’ll be a nightmare for companies trying to comply with what’s left of the EU data protection and privacy laws.

Certain technology industries will see more trouble than others, like the gaming industry, which contributes £2 billion ($2.5 billion) to the U.K. economy every year. And, startups won’t get off easy either.

Brexit-related concerns remain key for UK tech, says UK gov report

Australia’s draconian encryption laws will begin to hurt

Following in the footsteps of the U.K., Australia passed an anti-encryption law that compels companies operating in the country to turn over encrypted data on request from several government departments.

Many U.S. tech companies, including Apple and Cisco, called on the Australian parliament to ditch the proposals for fear that the law could be abused or harm its customers’ privacy. That didn’t stop a bipartisan effort to pass the bill in time for the Christmas break.

Some companies have already said they can’t — and therefore won’t comply. Signal, the encrypted messaging app, said in a blog post that it “can’t include a backdoor in Signal,” despite the mandate from the country’s capitol. Other companies will find themselves facing the same dilemma. It might force companies to think about their presence in the country altogether.

US tech giants decry Australia’s ‘deeply flawed’ new anti-encryption law

Facebook’s privacy woes will spread to other Silicon Valley giants

Silicon Valley is split largely into two camps: your data for money, or your data doesn’t make money. You have Facebook, Google and to a lesser degree Twitter and Snap in the first bucket — then you have mostly hardware makers, like Apple, chip manufacturers like AMD and Intel and computer makers like HP and Dell in the other.

Facebook had scandal after scandal this year, after years of playing fast and loose with users’ data. Facebook claims it doesn’t sell your data, but it made money from it at every opportunity. And when it wasn’t actually selling access to your data, it was giving it away.

Many have wondered why other data-hungry, ad-focused companies haven’t had their reckoning yet — and many are asking the same questions. Facebook may be one of the biggest consumers of user data going, but it’s not the only one in the game. In making some of the world’s largest social networks and ad platforms, these companies have inadvertently become mass surveillance tools — either for governments with access already, or hackers and nation states that punch their way through the company’s defenses.

Their time will come — and hot on the heels of Facebook’s slew of scandals, expect it to be sooner rather than later.

Silicon Valley’s year of reckoning

Employees, not companies, will dictate how the technology they build is used

This year saw a resurgence of tech employees rising up against their employers for — in their eyes — misusing the products, services and technologies they made for uses outside their moral parameters.

Amazon employees complained that the company’s facial “Rekognition” shouldn’t be sold to law enforcement after the technology was found to racially discriminate against African-Americans. Microsoft staff complained that the company had a $19 million contract to serve U.S. Immigration and Customs Enforcement, during a time where the agency was separating children from their asylum-seeking parents at the border. And Google employees complained when they found that the technology they helped to build would go on to serve Chinese users that enables state surveillance.

Now it’s employees who are trying to call the shots. So far, they’ve had mixed success. Amazon executives didn’t care; neither did Microsoft’s — but Google buckled. Given it’s the talented folk at the companies that make the products, they believe they have a right to say how their products are used and who gets them.

This isn’t something likely to change in the new year, as the government continues to rely on tech companies for enforcement and surveillance. Whether they will be successful, however, will be something to watch.

Protesters call on Salesforce to end contract with border patrol agency

One incident away from sparking another Apple v. FBI crypto-war

Two years ago, the Apple v. FBI dispute could have taken a completely different path. The FBI was pushing a legal challenge that would forever undermine encryption protections — making it easier for the government to compel companies into complying with orders to undermine their own software security. This year, we saw the government approach Facebook to force the company to rewrite its Messenger app to allow federal agents to wiretap calls. It was all in secret — and only became public thanks to leaks.

We’re still dangerously close to another “crypto-war” (that’s “crypto” for cryptography) that could result in heavy-handed legislation or a legal precedent.

Nobody wants a mass casualty event. But as with San Bernardino and the apparent threat from MS-13 — whether inflated or not, lawmakers and prosecutors use bodies as a bargaining chip to push for more access to our data under the guise of preventing another national crisis.

Inquiry finds FBI sued Apple to unlock phone without considering all options

Gloves are off for U.S. and China in cyberspace — again

The 2015 pact between the U.S. and China that promised to curb each others’ cyberespionage efforts amid rising tensions and escalating attacks between the two nations was delicate and frail, but it was almost inevitable that it would fall apart someday.

In December, when the Justice Department accused two Chinese spies of conducting state-backed hacking on dozens of U.S. companies and government departments, including the Navy, the gloves were off, and the pact was over. The writing was on the wall for a while. Security firm FireEye said in its look-ahead at 2019 that China’s reorganization of its offensive cyber operations units “will inform the growth and geographic expansion of Chinese cyber espionage activity through 2020 and beyond.”

In other words, expect the U.S. and China to begin sparring in cyberspace again.

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants

Posted on

Test your tech knowledge in TechCrunch’s 2018 Year In Tech Quiz

Think you know tech? Square off against TechCrunch editors with 2018’s year in tech quiz.

Posted on

Crawling from the wreckage

Things are tough all over — but especially in the digital media business of 2018.

Probably the most high-profile flameout this year was at Mic, which laid off most of its staff ahead of an acquisition by Bustle. Mic had raised nearly $60 million in funding, with major media organizations like Time Warner and Bertelsmann writing checks for the company’s vision of delivering news to a millennial audience.

But Mic’s issues were just the capstone to a long year of shutdowns and layoffs. Among the headlines:

It may not be entirely fair to group these stories together — some companies likely failed because of specific management or business issues, while others fell victim to broader shifts and still others may bounce back after figuring things out. But collectively, they paint the picture of an intensely challenging time.

Peter Csathy, an industry veteran and occasional TechCrunch columnist, has just published a book, “Fearless Media,” about the changes in the media landscape.

In an interview with TechCrunch, Csathy argued that it’s become a best-of-times, worst-of-times world. The worst-of-times side seems obvious — the companies that are struggling due to the “devastation of certain business models,” particularly reliance on big platforms like Facebook, and on an online ad business that’s currently “under tremendous pressure.”

At the same time, he said, “The best of times are the companies like Netflix, the Amazons, the Apples — some of these major new tech-driven media companies.”

Of course, Amazon and Apple make most of their money outside the media business, leaving Netflix as the industry’s big success story. But even there, Csathy predicted that in 2019, “Netflix will be challenged like never before” as it tries to compete with a vast array of new streaming services, many of them created by the same companies that have been selling content to Netflix.

A remote control is seen being held in front of a television running the Netflix application on October 25, 2017. (Photo by Jaap Arriens/NurPhoto via Getty Images)

“Ultimately, the question becomes whether Netflix can prove long-term that it is more than a ‘House of Cards,’” he added via email.

And what about companies that aren’t already big, dominant players — the entrepreneurs who want to build the next Netflix or the next BuzzFeed? It won’t be easy, particularly when it comes to convincing venture capitalists to come on-board. Still, there were some digital media startups that successfully raised funding in 2018, like podcast network Wondery and theSkimm, maker of female-focused newsletters.

And New York-based startup studio Betaworks recently announced an early-stage program focused on “synthetic media,” which Partner Matt Hartman explained is an area taking advantage of advances in graphics and artificial intelligence. This could include companies fighting against misleading, manufactured news stories and videos (“The need for deep fake detection is growing”), but also the ones trying to create new kinds of content, like “virtual” characters such as Instagram celebrity Lil Miquela.

More broadly, Hartman suggested that business models in the media world are changing, particularly as publishers experiment with paywalls and also explore bundling their products together.

Lil Miquela

“I think that next year, we’re going to see a lot of experiments — skinny bundles, thick bundles, companies you wouldn’t expect to come together saying, ‘These things work together,'” he said.

And even if many of these experiments fail, Hartman suggested that they’re pushing things in the right direction: “The last 10 years have been about building companies that have turned out to be harvesting our attention. I think what we’re really excited about is companies that treat their users more humanely. How do we align the incentives for the companies that are entertaining us and educating us and informing us, but also being respectful of our time and our attention?”

Csathy made a similar point, saying, “These new companies that are ad-driven have no choice but to reinvent their business models. [Otherwise] they’ll be lost in the shuffle, because the monetization just isn’t there.”

Does that mean that as a reader and a viewer, you’re going to keep hitting paywalls everywhere? It will probably become increasingly common (New York magazine, for one, just introduced a paywall), but Parse.ly CEO Sachin Kamdar suggested that subscriptions won’t solve things on their own.

“The best publishers are probably going to have five or six revenue streams,” Kamdar said. “It’s not just going to be one.”

Subscription hell

As the CEO of an analytics company that sells its products to publishers (as well as marketers), Kamdar has a vested interest in the continued health of the media business.He worried that in the industry’s “echo chamber,” publishers may simply follow the latest trend, but he warned, “Just because everybody else goes that direction doesn’t mean it’s going to work for you.

The key, he suggested, is “figuring out the existential thing — who you are as a publisher.” So he’s hoping they move on from “a very short-term view” of chasing the latest platforms and sources of traffic: “Now, I think, people are finally coming to the conclusion that sustainability needs to be a priority.”

And despite the current business climate, Kamdar said there’s a straightforward reason for optimism.

“More time is being spent reading things and watching things,” he said. “You take the long-term picture, there’s a big opportunity to figure out what is happening with that, where they’re going, how you can capture those audiences.”

Posted on

Venture capital, global expansion, blockchain and drones characterize African tech in 2018

Jake Bright Contributor
Jake Bright is a writer and author in New York City. He is co-author of The Next Africa.
More posts by this contributor

2018 saw Africa’s tech sector become more dynamic and international. VC firms on the continent multiplied. There were numerous investment rounds. And startups pursued acquisitions and global expansion. Here’s a snapshot of the news that shaped African tech over the last year.  

Surge in VC funds

A notable 2018 trend was Africa’s VC landscape becoming more African, with an increasing number of investment funds headquartered on the continent and run by locals, according to Crunchbase data released in this TechCrunch exclusive.

Drawing on its database and primary source research, Crunchbase identified 51 viable Africa-focused VC funds globally with at least 7-10 investments in African startups from seed to series stage.

Of the 51 funds, 22 (or 43 percent) were headquartered in Africa and managed by Africans. Of those 22, nine (or 41 percent) were formed since 2016 and nine were Nigerian.

Four of the nine Nigeria-based funds were formed within the last year: Microtraction, Neon Ventures, Beta.Ventures and CcHub’s Growth Capital fund.

The Crunchbase study also tracked more Africans in top positions at outside funds and the rise of homegrown corporate venture arms.

One of those entities with a corporate venture arm, Naspers, announced a $100 million fund named Naspers Foundry to invest in South African tech startups. This was part of a $300 million (4.6 billion Rand) commitment by the South African media and investment company to support South Africa’s tech sector overall, as reported here at TechCrunch.

Another DFI came on the scene when France announced a $76 million African startup fund administered by the French Development Agency, AFD. TechCrunch got the skinny on how it will work here.

Investment and expansion

If African VC investment headlines were scarce a decade ago, in 2018 we became overwhelmed with them. This was largely a result of several recently closed Africa funds — TLcom’s $40 million, Partech’s $70 million, TPG’s 2 billion — beginning to deploy that capital.

In March, Nigerian consumer data analytics firm Terragon raised $5 million from TLcom. Kenyan business enterprise software company Africa’s Talking raised $8.6 million in a round led by IFC.

Investment startup Piggybank.ng closed $1.1 million in seed funding and announced a new product — Smart Target, for traditional savings groups. Trucking Logistics company Kobo360 raised two rounds, for a total of $7.2 million. Kenya-based agtech supply chain startup Twiga Foods raised $10 million. B2B retail supply chain Sokowatch closed a $2 million seed round led by 4DX ventures.

White-label lending startup Mines.io secured a $13 million Series A round. South African SME payment venture Yoco raised $16 million. Paga Payments added $10 million in fresh funding.

And then there were the three huge raises of the year. Kenyan digital payment company Cellulant hauled in $37.5 million in a Series C round led by TPG Growth. South African lending startup Jumo raised $52 million led by Goldman Sachs. And just this month, The Carlyle Group invested $40 million in Africa-focused online travel site Wakanow.com.  

Acquisitions and expansion

In 2018, African tech demonstrated it can travel, as several digital companies expanded on the continent and abroad. In May, MallforAfrica and DHL launched MarketPlaceAfrica.com, a global e-commerce site for select African artisans to sell wares to buyers in any of DHL’s 220 delivery countries.

Paga announced plans to expand in Africa and internationally, with an eye on Ethiopia, Mexico and the Philippines, CEO Tayo Oviosu told TechCrunch. Kobo360 is moving into in new markets — Ghana, Togo and Cote D’Ivoire.

On the back of its $52 million round, Jumo said it would expand in Asia and started by opening an office in Singapore.

On the acquisition front, Terragon bought Asian mobile marketing company Bizense in a cash and stock deal. The company is exploring greater growth opportunities in Latin America and Southeast Asia, CEO Elo Umeh told TechCrunch.

TPG Growth acquired a majority stake (of an undisclosed value) in Africa entertainment content company TRACE. After previous investments, Naspers acquired  96 percent of Southern African e-commerce venture Takealot.

And in December, California-based Emergent Technology Holdings acquired Ghanaian fintech payment company InterpayAfrica.

Partnerships

Collaboration between local tech firms and big global names continued in 2018. Liquid Telecom and Microsoft continued their partnership to offer connectivity cloud services such as Microsoft’s Azure, Dynamics 365 and Office 365 to select startups and hubs. This is part of Liquid Telecom’s strategy to go long on Africa’s startups as its future clients and the continent’s next big companies.

Facebook teamed up with Nigerian tech hub CcHub to launch its NG_Hub high-tech incubator.

Blockchain

As crypto fever gripped many leading economies in 2018, Africa was shaping its own blockchain narrative — one more grounded in utility than speculation. 500 Startups-backed SureRemit launched a crypto token product aimed at disrupting Africa’s multi-billion-dollar remittance market and raised $7 million in an ICO. South African payments venture Wala and solar energy startup Sun Exchange also had ICOs.

For blockchain as a platform, agtech startups Twiga Foods and Hello Tractor partnered with IBM Research to use the digital ledger tech to advance small-scale farmers and agriculture on the continent.

Ride-hail boda bodas

Ride-hail tech expanded into the continent’s frequently used motorcycle taxi market. Uber entered the three-wheeled tuk tuk moto taxi market in Tanzania in March and Uber and Taxify launched motorcycle passenger services in East Africa, including Kenya and Uganda.

Fails

Last year saw Y Combinator-backed VOD startup Afrostream shutter. In February 2018, Nigerian e-commerce startup Konga — backed by VC — was sold in a distressed acquisition. There were high expectations for Konga and its much-liked founder Sim Shagaya. I made the case that Konga’s acquisition was one of Africa’s first big startup fails that flew under the radar.

Drones

TechCrunch did a deep dive into Africa’s drone scene, talking to several experts and looking at emerging use cases across delivery services, agtech and surveying. On the regulatory side, several countries — Rwanda, Tanzania, South Africa, Zambia and Malawi — are doing some interesting things around regulation and creating drone-testing corridors for global players.

TechCrunch and Africa

In 2018 TechCrunch did more with Africa than any previous year. In addition to more content, there was a market engagement trip to Ghana and Nigeria, with meet-and-greets at Impact Hub, MEST Accra and Lagos, and CcHub.

TechCrunch also had its first Africa panel on Disrupt SF’s main stage, an Africa session at Disrupt Berlin and held the second Startup Battlefield Africa in December in Nigeria.

Fifteen startups competed in Lagos in front of a Pan-African and global crowd. South African virtual banking startup Bettr was runner-up. Ultra-affordable ultrasound startup M-Scan from Uganda was the winner.

More Africa-related stories @TechCrunch

African tech around the ‘net  

Posted on

The 10 largest US venture rounds of 2018

Three U.S. companies raised more than $1 billion in just one funding round in 2018, a year in which total deal value for U.S. startups is expected to surpass $100 billion for the first time.

For the most part, it was the usual suspects, and yes, SoftBank was an accessory in many of these rounds. Here’s a look at the 10 largest venture rounds of 2018.

Epic Games: $1.25 billion

The video game Fortnite Battle Royale was the star of the year 2018; more than 200 million players worldwide are registered online. (Photo Illustration by Chesnot/Getty Images)

Given the absolute phenomenon Fortnite became in just one year from its original release, it was no surprise private investors wanted to put money into Epic Games, the company behind it. In October, Epic Games announced a whopping $1.25 billion round at $15 billion valuation from KKR, Iconiq Capital, Smash Ventures, Vulcan Capital, Kleiner Perkins and Lightspeed Venture Partners to continue growing its Fortnite empire. That game alone is expected to bring in $2 billion in revenue in 2018 and reports 200 million registered players — not too shabby.

Cary, N.C.-based Epic Games’ monstrous fundraise was a standout in a year when funding for gaming and esports startups really took off. According to Crunchbase, global venture investment in the industry increased nearly 75 percent, to $701 million in the first half of 2018. Given Epic’s round, Discord’s $150 million infusion of capital this week and several others since June, the second half of 2018 undoubtedly set major records in the space.

Uber: $1.2 billion

Travis Kalanick, co-founder and former chief executive officer of Uber Technologies Inc., speaks during the TiE Global Entrepreneurs Summit in New Delhi, India, on Friday, December 16, 2016. Kalanick said the company will introduce Uber Moto across India. Photographer: Udit Kulshrestha/Bloomberg via Getty Images

One of the largest rounds of 2018 was also one of the first big financings of the year. To be fair, the negotiations behind Uber’s $1.2 billion SoftBank investment and much of the press coverage surrounding it came in 2017, but the deal officially closed in January. This deal was monumental for many reasons. First of all, it made Uber founder and former chief executive officer Travis Kalanick a billionaire — not just on paper — and it cemented SoftBank’s position as the ride-hailing giant’s largest shareholder.

The financing brought San Francisco-based Uber’s total raised to date to just over $20 billion at a valuation said to be around $72 billion. Of course, Uber has since privately filed for an initial public offering slated for the first quarter of 2019.

Juul Labs: $1.2 billion

Juul Labs, the maker of the popular e-cigarette brand that has recently come under fire from health officials over its popularity with young adults, plans to introduce a line of lower-nicotine pods. Photographer: Gabby Jones/Bloomberg via Getty Images

Juul, one of the buzziest companies of 2018, raised $1.2 billion from private investors Tiger Global, Fidelity and more in mid-2018. Then, this month, the developer of e-cigarettes popular among teenagers accepted a $12.8 billion investment from the makers of Marlboro that valued it at $38 billion. Not only has Juul created significant controversy surrounding the ethics, or lack thereof, of its core product and its marketing to the younger generation in a short time, but it has also accumulated value at a clip rarely seen before. Juul, for context, surpassed a $10 billion valuation just seven months after its first round of VC backing — that’s four times faster than Facebook.

2019 is poised to be an interesting year for San Francisco-based Juul as it navigates public scrutiny, regulations and the completion of its partnership with Altria Group, which, according to Juul’s CEO Kevin Burns, will “help accelerate [Juul’s] success switching adult smokers.”

Magic Leap: $963M

Magic Leap’s flagship product, the Magic Leap One AR headset, began shipping to consumers this year.

It wouldn’t be an end of the year round-up of the largest VC deals without any mention of Magic Leap, the extremely well-funded virtual reality company. Tucked away in Plantation, Fla., 8-year-old Magic Leap has closed round after round, raising more than $2 billion to develop its hardware and software. The key investors in this year’s big round, which valued the company at $6.3 billion, were Temasek and AT&T, which announced it would become the exclusive “wireless distributor” of Magic Leap products in the U.S. starting this summer. Magic Leap is also backed by Google, Alibaba and Axel Springer.

Magic Leap is real and it’s a janky marvel

Not only did Magic Leap land one of the largest VC deals this year, but it also finally began shipping to consumers its flagship product, the Magic Leap One AR headset. That was a long time coming — years, in fact. So long, many doubted whether the buzzy headsets would ever see the light of day. Now, the headsets are available to buyers in 48 states, though it’s worth mentioning they cost more than two grand.

Instacart: $600M

Founder and CEO of Instacart Apoorva Mehta and moderator Megan Rose Dickey speak onstage during TechCrunch Disrupt SF 2016 at Pier 48 on September 14, 2016 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)

Instacart has a lofty goal of delivering groceries to every household in the U.S., and it needs a lot of cash to get there. The company has raised VC every year since it completed the Y Combinator startup accelerator in 2012, and 2018 was no different. In October, the service brought in $600 million at a $7.6 billion valuation in a round led by D1 Capital Partners. Headquartered in San Francisco, the company has raised $1.6 billion to date from Coatue Management, Thrive Capital, Canaan Partners, Andreessen Horowitz and several others.

Instacart CEO Apoorva Mehta told TechCrunch at the time that the startup didn’t really need the capital and that this was more of an “opportunistic” battle. The market is hot, after all, and Instacart has ambitious plans to scale and it has a fierce competitor in Amazon to take on. As for an IPO, Mehta said “it will be on the horizon.”

Katerra: $865M

SoftBank-backed Katerra says it’s brought in more than $1.3 billion in bookings for new construction ranging from residential to hospitality and student housing.

One of SoftBank’s first major bets of 2018 was on construction technology, with an $865 million investment in Katerra at a $3 billion valuation out of its Vision Fund. Katerra, a tech startup based out of Menlo Park, develops, designs and constructs buildings. At the time of its January fundraise, Katerra told TechCrunch it had brought in more than $1.3 billion in bookings for new construction ranging from residential to hospitality and student housing. Founded in 2015 by three former private equity barons, the company has raised a total of $1.1 billion to date from SoftBank, Foxconn, Greenoaks Capital and others.

In June, Katerra announced it would merge with KEF Infra, an offsite manufacturing technology specialist, and would begin operating in India and the Middle East markets.

Opendoor: $725M

Yet another SoftBank investment, San Francisco-based Opendoor is also backed by Fifth Wall Ventures, GV, Andreessen Horowitz and more.

Opendoor’s two big SoftBank-backed investments this year totaled $725 million, valuing the company at $2.5 billion. The deal gave SoftBank a minority stake in Opendoor, an online real estate marketplace, and put one of its five managing directors, Jeff Housenbold, on the company’s board of directors. The round brought Opendoor’s total funding to slightly more than $1 billion — most of which it acquired in 2018, a major year for the company. Founded in 2014, the San Francisco-based startup is also backed by Fifth Wall Ventures, GV, Andreessen Horowitz and more.

According to TechCrunch’s Connie Loizos, Housenbold had hoped to work with Opendoor co-founder and CEO Eric Wu for some time. “The minute he joined [SoftBank] he reached out to me and let me know … saying if there was an opportunity to work together, to reach out to him,” Wu said.

Lyft: $600M

Uber competitor Lyft expanded aggressively in 2018, raised hundreds of millions in additional venture capital funding, and filed confidentially to go public.

Lyft managed to stay quite busy this year. Not only did the ridesharing company raise a $600 million round at a $15.1 billion valuation, it also acquired bike-share operator Motivate and filed confidentially to go public. Founded in 2012 by Logan Green and John Zimmer, the company has long competed with Uber, and will continue to do so as the pair race to the public markets in early-2019. Lyft, much smaller than Uber and only active in the U.S. and Canada, has raised nearly $5 billion in venture backing from KKR, Mayfield, Didi Chuxing, Floodgate and others.

San Francisco-based Lyft has spent much of the last two years expanding rapidly across the U.S. market, as well as pursuing its autonomous vehicle ambitions.

Automation Anywhere: $550M

Automation Anywhere raised a monstrous $550 million Series A in 2018, with support from the SoftBank Vision Fund.

The only surprise to make this list is Automation Anywhere, a 15-year-old provider of robotic process automation. The company raised a total of $550 million in Series A funding, a large chunk of which came from the SoftBank Vision Fund, as well as NEA, General Atlantic and Goldman Sachs. The round valued Automation Anywhere at $2.6 billion. According to PitchBook, this was the first round of institutional backing for the San Jose, Calif.-based company.

In a conversation with TechCrunch, Automation Anywhere CEO Mihir Shukla said they were attracted to SoftBank because of Masayoshi So — the CEO and founder of SoftBank: “[He} has a vision and he is investing in foundational platforms that will change how we work and travel. We share that vision.”

Peloton: $500M

SAN FRANCISCO, CA – SEPTEMBER 06: Peloton Co-Founder/CEO John Foley speaks onstage during Day 2 of TechCrunch Disrupt SF 2018 at Moscone Center on September 6, 2018 in San Francisco, California. (Photo by Kimberly White/Getty Images for TechCrunch)

Peloton’s growth exploded in 2018 as it launched its $4,000 treadmill, doubled down on original fitness streaming content and raised an additional $500 million in equity funding at a $5 billion valuation. The New York-based startup, often referred to as the “Netflix of fitness,” has raised nearly $1 billion in venture capital funding in the six years since it was founded by John Foley. It’s backed by  L Catterton, True Ventures, Tiger Global and others.

It’s likely Peloton will take the public markets plunge in 2019 much like Uber and Lyft. Foley earlier this year told The Wall Street Journal that though he doesn’t have any concrete plans, 2019 “makes a lot of sense” for its stock market debut.

5 unicorns that will probably go public in 2019 (besides Uber and Lyft)

Posted on

We finally started taking screen time seriously in 2018

At the beginning of this year, I was using my iPhone to browse new titles on Amazon when I saw the cover of “How to Break Up With Your Phone” by Catherine Price. I downloaded it on Kindle because I genuinely wanted to reduce my smartphone use, but also because I thought it would be hilarious to read a book about breaking up with your smartphone on my smartphone (stupid, I know). Within a couple of chapters, however, I was motivated enough to download Moment, a screen time tracking app recommended by Price, and re-purchase the book in print.

Early in “How to Break Up With Your Phone,” Price invites her readers to take the Smartphone Compulsion Test, developed by David Greenfield, a psychiatry professor at the University of Connecticut who also founded the Center for Internet and Technology Addiction. The test has 15 questions, but I knew I was in trouble after answering the first five. Humbled by my very high score, which I am too embarrassed to disclose, I decided it was time to get serious about curtailing my smartphone usage.

Of the chapters in Price’s book, the one called “Putting the Dope in Dopamine” resonated with me the most. She writes that “phones and most apps are deliberately designed without ‘stopping cues’ to alert us when we’ve had enough—which is why it’s so easy to accidentally binge. On a certain level, we know that what we’re doing is making us feel gross. But instead of stopping, our brains decide the solution is to seek out more dopamine. We check our phones again. And again. And again.”

Gross was exactly how I felt. I bought my first iPhone in 2011 (and owned an iPod Touch before that). It was the first thing I looked at in the morning and the last thing I saw at night. I would claim it was because I wanted to check work stuff, but really I was on autopilot. Thinking about what I could have accomplished over the past eight years if I hadn’t been constantly attached to my smartphone made me feel queasy. I also wondered what it had done to my brain’s feedback loop. Just as sugar changes your palate, making you crave more and more sweets to feel sated, I was worried that the incremental doses of immediate gratification my phone doled out would diminish my ability to feel genuine joy and pleasure.

Price’s book was published in February, at the beginning of a year when it feels like tech companies finally started to treat excessive screen time as a liability (or at least do more than pay lip service to it). In addition to the introduction of Screen Time in iOS 12 and Android’s digital wellbeing tools, Facebook, Instagram and YouTube all launched new features that allow users to track time spent on their sites and apps.

Early this year, influential activist investors who hold Apple shares also called for the company to focus on how their devices impact kids. In a letter to Apple, hedge fund Jana Partners and California State Teachers’ Retirement System (CalSTRS) wrote “social media sites and applications for which the iPhone and iPad are a primary gateway are usually designed to be as addictive and time-consuming as possible, as many of their original creators have publicly acknowledged,” adding that “it is both unrealistic and a poor long-term business strategy to ask parents to fight this battle alone.”

The growing mound of research

Then in November, researchers at Penn State released an important new study that linked social media usage by adolescents to depression. Led by psychologist Melissa Hunt, the experimental study monitored 143 students with iPhones from the university for three weeks. The undergraduates were divided into two groups: one was instructed to limit their time on social media, including Facebook, Snapchat and Instagram, to just 10 minutes each app per day (their usage was confirmed by checking their phone’s iOS battery use screens). The other group continued using social media apps as they usually did. At the beginning of the study, a baseline was established with standard tests for depression, anxiety, social support and other issues, and each group continued to be assessed throughout the experiment.

The findings, published in the Journal of Social and Clinical Psychology, were striking. The researchers wrote that “the limited use group showed significant reductions in loneliness and depression over three weeks compared to the control group.”

Even the control group benefitted, despite not being given limits on their social media use. “Both groups showed significant decreases in anxiety and fear of missing out over baselines, suggesting a benefit of increased self-monitoring,” the study said. “Our findings strongly suggest that limiting social media use to approximately 30 minutes a day may lead to significant improvement in well-being.”

Other academic studies published this year added to the growing roster of evidence that smartphones and mobile apps can significantly harm your mental and physical wellbeing.

A group of researchers from Princeton, Dartmouth, the University of Texas at Austin, and Stanford published a study in the Journal of Experimental Social Psychology that found using smartphones to take photos and videos of an experience actually reduces the ability to form memories of it. Others warned against keeping smartphones in your bedroom or even on your desk while you work. Optical chemistry researchers at the University of Toledo found that blue light from digital devices can cause molecular changes in your retina, potentially speeding macular degeneration.

So over the past 12 months, I’ve certainly had plenty of motivation to reduce my screen time. In fact, every time I checked the news on my phone, there seemed to be yet another headline about the perils of smartphone use. I began using Moment to track my total screen time and how it was divided between apps. I took two of Moment’s in-app courses, “Phone Bootcamp” and “Bored and Brilliant.” I also used the app to set a daily time limit, turned on “tiny reminders,” or push notifications that tell you how much time you’ve spent on your phone so far throughout the day, and enabled the “Force Me Off When I’m Over” feature, which basically annoys you off your phone when you go over your daily allotment.

At first I managed to cut my screen time in half. I had thought some of the benefits, like a better attention span mentioned in Price’s book, were too good to be true. But I found my concentration really did improve significantly after just a week of limiting my smartphone use. I read more long-form articles, caught up on some TV shows, and finished knitting a sweater for my toddler. Most importantly, the nagging feeling I had at the end of each day about frittering all my time away diminished, and so I lived happily after, snug in the knowledge that I’m not squandering my life on memes, clickbait and makeup tutorials.

Just kidding.

Holding my iPod Touch in 2010, a year before I bought my first smartphone and back when I still had an attention span.

After a few weeks, my screen time started creeping up again. First I turned off Moment’s “Force Me Off” feature, because my apartment doesn’t have a landline and I needed to be able to check texts from my husband. I kept the tiny reminders, but those became easier and easier to ignore. But even as I mindlessly scrolled through Instagram or Reddit, I felt the existentialist dread of knowing that I was misusing the best years of my life. With all that at stake, why is limiting screen time so hard?

I wish I knew how to quit you, small device

I decided to talk to the CEO of Moment, Tim Kendall, for some insight. Founded in 2014 by UI designer and iOS developer Kevin Holesh, Moment recently launched an Android version, too. It’s one of the best known of a genre that includes Forest, Freedom, Space, Off the Grid, AntiSocial and App Detox, all dedicated to reducing screen time (or at least encouraging more mindful smartphone use).

Kendall told me that I’m not alone. Moment has 7 million users and “over the last four years, you can see that average usage goes up every year,” he says. By looking at overall data, Moment’s team can tell that its tools and courses do help people reduce their screen time, but that often it starts creeping up again. Combating that with new features is one of the company’s main goals for next year.

“We’re spending a lot of time investing in R&D to figure out how to help people who fall into that category. They did Phone Bootcamp, saw nice results, saw benefits, but they just weren’t able to figure out how to do it sustainably,” says Kendall. Moment already releases new courses regularly (recent topics have included sleep, attention span, and family time) and recently began offering them on a subscription basis.

“It’s habit formation and sustained behavior change that is really hard,” says Kendall, who previously held positions as president at Pinterest and Facebook’s director of monetization. But he’s optimistic. “It’s tractable. People can do it. I think the rewards are really significant. We aren’t stopping with the courses. We are exploring a lot of different ways to help people.”

As Jana Partners and CalSTRS noted in their letter, a particularly important issue is the impact of excessive smartphone use on the first generation of teenagers and young adults to have constant access to the devices. Kendall notes that suicide rates among teenagers have increased dramatically over the past two decades. Though research hasn’t explicitly linked time spent online to suicide, the link between screen time and depression has been noted many times already, as in the Penn State study.

But there is hope. Kendall says that the Moment Coach feature, which delivers short, daily exercises to reduce smartphone use, seems to be particularly effective among millennials, the generation most stereotypically associated with being pathologically attached to their phones. “It seems that 20- and 30-somethings have an easier time internalizing the coach and therefore reducing their usage than 40- and 50-somethings,” he says.

Kendall stresses that Moment does not see smartphone use as an all-or-nothing proposition. Instead, he believes that people should replace brain junk food, like social media apps, with things like online language courses or meditation apps. “I really do think the phone used deliberately is one of the most wonderful things you have,” he says.

Researchers have found that taking smartphone photos and videos during an experience may decrease your ability to form memories of it. (Steved_np3/Getty Images)

I’ve tried to limit most of my smartphone usage to apps like Kindle, but the best solution has been to find offline alternatives to keep myself distracted. For example, I’ve been teaching myself new knitting and crochet techniques, because I can’t do either while holding my phone (though I do listen to podcasts and audiobooks). It also gives me a tactile way to measure the time I spend off my phone because the hours I cut off my screen time correlate to the number of rows I complete on a project. To limit my usage to specific apps, I rely on iOS Screen Time. It’s really easy to just tap “Ignore Limit,” however, so I also continue to depend on several of Moment’s features.

While several third-party screen time tracking app developers have recently found themselves under more scrutiny by Apple, Kendall says the launch of Screen Time hasn’t significantly impacted Moment’s business or sign ups. The launch of their Android version also opens up a significant new market (Android also enables Moment to add new features that aren’t possible on iOS, including only allowing access to certain apps during set times).

The short-term impact of iOS Screen Time has “been neutral, but I think in the long-term it’s really going to help,” Kendall says. “I think in the long-term it’s going to help with awareness. If I were to use a diet metaphor, I think Apple has built a terrific calorie counter and scale, but unfortunately they have not given people nutritional guidelines or a regimen. If you talk to any behavioral economist, not withstanding all that’s been said about the quantified self, numbers don’t really motivate people.”

Guilting also doesn’t work, at least not for the long-term, so Moment tries to take “a compassionate voice,” he adds. “That’s part of our brand and company and ethos. We don’t think we’ll be very helpful if people feel judged when we use our product. They need to feel cared for and supported, and know that the goal is not perfection, it’s gradual change.”

Many smartphone users are probably in my situation: alarmed by their screen time stats, unhappy about the time they waste, but also finding it hard to quit their devices. We don’t just use our smartphones to distract ourselves or get a quick dopamine rush with social media likes. We use it to manage our workload, keep in touch with friends, plan our days, read books, look up recipes, and find fun places to go. I’ve often thought about buying a Yondr bag or asking my husband to hide my phone from me, but I know that ultimately won’t help.

As cheesy as it sounds, the impetus for change must come from within. No amount of academic research, screen time apps, or analytics can make up for that.

One thing I tell myself is that unless developers find more ways to force us to change our behavior or another major paradigm shift occurs in mobile communications, my relationship with my smartphone will move in cycles. Sometimes I’ll be happy with my usage, then I’ll lapse, then I’ll take another Moment course or try another screen time app, and hopefully get back on track. In 2018, however, the conversation around screen time finally gained some desperately needed urgency (and in the meantime, I’ve actually completed some knitting projects instead of just thumbing my way through #knittersofinstagram).

Posted on

Why you need to use a password manager

Getty Images

If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.

Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password.

How do you make them better? You need a password manager.

What is a password manager?

Think of a password manager like a book of your passwords, locked by a master key that only you know.

Some of you think that might sound bad. What if someone gets my master password? That’s a reasonable and rational fear. But assuming that you’ve chosen a strong and unique, but rememberable, master password that you’ve not used anywhere else is a near-perfect way to protect the rest of your passwords from improper access.

Password managers don’t just store your passwords — they help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you.

And because many of the password managers out there have encrypted sync across devices, you can take your passwords anywhere with you — even on your phone.

Why do you need to use one?

Password managers take the hassle out of creating and remembering strong passwords. It’s that simple. But there are three good reasons why you should care.

Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft.

But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password.

The other problem is the sheer number of passwords we have to remember. Banks, social media accounts, our email and utilities — it’s easy to just use one password across the board. But that makes “credential stuffing” easier. That’s when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager makes it so much easier to generate and store stronger passwords that are unique to each site, preventing credential stuffing attacks.

And, for the times you’re in a crowded or busy place — like a coffee shop or an airplane — think of who is around you. Typing in passwords can be seen, copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in at all.

Gift Guide: The best security and privacy tech to keep your friends safe

Which password manager should you use?

The simple answer is that it’s up to you. All password managers perform largely the same duties — but different apps will have more or relevant features to you than others.

Anyone running iOS 11 or later — which is most iPhone and iPad users — will have a password manager by default — so there’s no excuse. You can sync your passwords across devices using iCloud Keychain.

For anyone else — most password managers are free, with the option to upgrade to get better features.

If you want your passwords to sync across devices for example, LastPass is a good option. 1Password is widely used and integrates with Troy Hunt’s Pwned Passwords database, so you can tell if (and avoid!) a password that has been previously leaked or exposed in a data breach.

Many password managers are cross-platform, like Dashlane, which also work on mobile devices, allowing you to take your passwords wherever you go.

And, some are open source, like KeePass, allowing anyone to read the source code. KeePass doesn’t use the cloud so it never leaves your computer unless you move it. That’s much better for the super paranoid, but also for those who might face a wider range of threats — such as those who work in government.

What you might find useful is this evaluation of five password managers, which offers a breakdown by features.

Like all software, vulnerabilities and weaknesses in any password manager can make put your data at risk. But so long as you keep your password manager up to date — most browser extensions are automatically updated — your risk is significantly reduced.

Simply put: using a password manager is far better for your overall security than not using one.

Check out our full Cybersecurity 101 guides here.

Posted on

Two-factor authentication can save you from hackers

Getty Images

If you find passwords annoying, you might not like two-factor authentication much. But security experts say it’s one of the best ways to protect your online accounts.

Simply put, two-factor authentication adds a second step in your usual log-in process. Once you enter your username and password, you’ll be prompted to enter a code sent as a text message or an email, or sometimes as a push notification on your phone.

In all, it usually only adds a few extra seconds to your day.

Two-factor authentication (sometimes called “two-step verification”) combines something you know — your username and password, with something you have — such as your phone or a physical security key, or even something you are — like your fingerprint or another biometric, as a way of confirming that a person is authorized to log in. You might not have thought much about it, but you do this more than you think. Whenever you withdraw money from an ATM, you insert your card (something you have) and enter your PIN (something you know) — which tells the bank that it’s you. Even when you use your bank card on the internet, often you still need something that you know — such as your ZIP or postal code.

Having a second step of authentication makes it so much more difficult for a hacker or a thief to break into your online accounts.

Why is two-factor important?

Gone are the days where your trusty password can protect you. Even if you have a unique password for every website you use, there’s little in the way to stop malware on your computer (or even on the website!) from scraping your password and using it again. Or, if someone sees you type in your password, they can memorize it and log in as you.

Don’t think it’ll happen to you? So-called “credential stuffing” or brute-force attacks can make it easy for hackers to break in and hijack people’s online accounts in bulk. That happens all the time. Dunkin’ Donuts, Warby Parker, GitHub, AdGuard, the State Department — and even Apple iCloud accounts have all fallen victim to credential-stuffing attacks in recent years. Only two-factor accounts are protected from these automated log-in attacks.

Two-factor also protects you against phishing emails. If someone sends you a dodgy email that tries to trick you into logging in with your Google or Facebook username and password to a fake site, for example, two-factor can still protect you. Only the legitimate site will send you a working two-factor code.

Enabling two-factor is a good start, but it’s not a panacea. As much as it can prevent hackers from logging in as you, it doesn’t mean that your data stored on the server is protected from hackers breaching a server elsewhere, or a government demanding that the company turns over your data.

And some methods of two-factor are better than others. As you’ll see.

Gift Guide: The best security and privacy tech to keep your friends safe

The best way to two-factor your accounts

Let’s get something out of the way real quick. Even if you want to go all-out and secure your accounts, you’ll quickly realize many sites and services just don’t support two-factor. You should tell them to! You can see if a website supports two-factor here.

But as credential-stuffing attacks rise and data breaches have become a regular occurrence, many sites and services are doing everything they can to protect their users.

There are four main types of two-factor authentication, ranked in order of effectiveness:

A text message code: The most common form of two-factor is a code sent by SMS. It doesn’t require an app or even a smartphone, just a single bar of cell service. It’s very easy to get started. But two-factor by text message is the least secure method. These days, hackers can easily exploit weaknesses in the phone networks to steal SMS two-factor codes. Because SMS messages aren’t encrypted, they can also just leak. More recently, researchers found that this can be done on a massive scale. Also, if your phone is lost or stolen, you have a problem. A text message code is better than not using two-factor at all, but there are far more secure options.

An authenticator app code: This works similarly to the text message, except you’ll have to install an app on your smartphone. Any time you log in, you’ll get a code sent to your app. There are many authenticator apps to choose from, like Authy, Duo, and Google Authenticator. The difference here is that they are sent over an HTTPS connection, making it near-impossible for anyone to snoop in and steal the code before you use it. But if you lose your phone or have malware on your phone — especially Android devices — those codes can be stolen once they arrive on your device.

A biometric: Smile! You’re on camera. Often, in industrial or enterprise settings, you’ll be asked for your biometrics, such as facial recognition, an iris scan or, more likely, a fingerprint. These usually require specialized hardware (and software) and are less common. A downside is that these technologies can be spoofed — such as cloning a fingerprint or creating a 3D-printed head.

A physical key: Last but not least, a physical key is considered the strongest of all two-factor authentication methods. Google said that it hasn’t had a single confirmed account takeover since rolling out security keys to its staff. Security keys are USB sticks that you can keep on your keyring. When you log in to your account, you are prompted to insert the cryptographically unique key into your computer and that’s it. Even if someone steals your password, they can’t log in without that key. And phishing pages won’t work because only the legitimate sites support security keys. These keys are designed to thwart even the smartest and most resourceful attackers, like nation-state hackers.

There are several security keys to choose from: Google has its Advanced Protection Program for high-risk users, like politicians and journalists, and its Google Titan key for everyone else. But many security experts will say Yubikey is the gold standard of security keys. There are a few things to note. Firstly, not many sites support security keys yet, but most of the major companies do — like Microsoft, Facebook, Google and Twitter. Usually, when you set up a physical key, you can’t revert to a text message code or a biometric. It’s a security key, or nothing. A downside is that you will have to buy two — one as a backup — but security keys are inexpensive. Also, if one is stolen, there’s no way to determine your account from the key itself. But, if you lose them both, you might be done for. Even the company that stores your data might not be able to get you back into your account. So, be careful and keep one safe.

That’s what you need to know. You might want to create a checklist of your most valuable accounts, and begin switching on two-factor authentication starting with them. In most cases, it’s straightforward — but you can always head to this website to learn how to enable two-factor on each website. You might want to take an hour or so to go through all of your accounts — so put on a pot of coffee and get started.

You should see two-factor as an investment in security: a little of your time today, to save you from a whole world of trouble tomorrow.

Check out our full Cybersecurity 101 guides here.

Posted on

How to protect your cell phone number and why you should care

Getty Images

Assuming you have your strong passwords in place and your two-factor authentication set up, you think your accounts are now safe? Think again. There’s much more to be done.

You might think your Social Security or bank account numbers are the most sensitive digits in your life. Nowadays, hackers can do far more damage with little effort using just your cell phone number. But unlike your Social Security number, you’re far less likely to keep your cell phone number a secret — otherwise nobody can contact you!

Whether you’re an AT&T, Verizon, Sprint or T-Mobile customer, every cell phone number can be a target for hackers. And it takes remarkably little effort to wreak havoc to your online life.

Why you need to protect your phone number

Your cell phone number is a single point of failure.

Think about it. You use your cell phone number all the time. You use it when you sign up to sites and services, and sometimes you’ll use it to log into an app or a game on your phone. Your phone number can be used to reset your account if you forget your password. And, you use it for two-factor authentication to securely login to your accounts.

If someone steals your phone number, they become you — for all intents and purposes. With your phone number, a hacker can start hijacking your accounts one by one by having a password reset sent to your phone. They can trick automated systems — like your bank — into thinking they’re you when you call customer service. And worse, they can use your hijacked number to break into your work email and documents — potentially exposing your employer up to data theft.

Just think of every site and service that has your phone number. That’s why you need to protect your phone number.

Gift Guide: The best security and privacy tech to keep your friends safe

How do hackers steal cell phone numbers?

It’s easier than you might think. Phone numbers can be found anywhere – thanks in part to so many data breaches.

Often, hackers will find the cell phone number of their target floating around the internet (or from a phone bill in the garbage), and call up their carrier impersonating the customer. With a few simple questions answered — often little more than where a person lives or their date of birth, they ask the customer service representative to “port out” the phone number to a different carrier or a SIM card.

That’s it. As soon as the “port out” completes, the phone number activates on an attacker’s SIM card, and the hacker can send and receive messages and make calls as if they were the person they just hacked.

In most cases, the only sign that it happened is if the victim suddenly loses cell service for no apparent reason.

From there, it’s as simple as initiating password resets on accounts associated with that phone number. Facebook, Gmail, Twitter — and more. A hacker can use your hijacked phone number to steal all of your cryptocurrency, take over your vanity Instagram username or maliciously delete all of your data.

You can read what happened to TechCrunch’s own John Biggs when his phone number was hijacked.

In the worst cases, it can be difficult or impossible to get your phone number back — let alone the accounts that get broken into. Your best bet is to make sure it never happens in the first place.

What you can do to protect your phone number

Just like you can apply two-factor authentication to your online accounts, you can add a secondary security code to your cell phone account, too.

You can either call up customer services or do it online. (Many feel more reassured by calling up and talking to someone.) You can ask customer service, for example, to set a secondary password on your account to ensure that only you — the account holder — can make any changes to the account or port out your number.

Every carrier handles secondary security codes differently. You may be limited in your password, passcode or passphrase, but try to make it more than four to six digits. And make sure you keep a backup of the code!

For the major carriers:

If your carrier isn’t listed, you might want to check if they employ a similar secondary security code to your account to prevent any abuse. And if they don’t, maybe you should port out your cell phone number to a carrier that does.

Check out our full Cybersecurity 101 guides here.