Wednesday, April 9, 2014

Five Things to Do Right Now To Secure Your Digital Life

The internet is reeling today from the announcement of "Heartbleed" - a fairly severe security vulnerability discovered in software that over half of web sites use.  The news and hype may make some question what they can do to stay safe online.  As bad as this problem is, there are things that you can be doing that will greatly reduce the chance of being hacked - now and for whatever future nasties arise.

Creative Commons Photo by elchode 


1 - Get a Password Manager
A password manager will greatly simplify your life.  These run on any device and let you securely save and retrieve all of your passwords.  At first it may seem counter intuitive- storing all your passwords in one place means if somebody _does_ get to it, they have "keys to the kingdom".  But, unless you have a really good memory and use different long, cryptic passwords everywhere, you probably are worse off.  By letting you use different random passwords everywhere, and by remembering them for you, a password manager means you can change your passwords more frequently and keep more secure ones.  Good ones, such as LastPass and 1Password use state-of-the-art encryption to secure your data and only decrypt it on your device, meaning even if somebody were to hack into LastPass, they could likely not steal your passwords.  Step 3 will show you how to really ensure this is the case.

Update:  Lastpass has just announced a tool to check to see if your sites contain the Heartbleed vulnerability or have been patched. 

2 - Don't Use the Same Password Everywhere, and Change Them Often
If you've done the first step, you are likely good on this one as well.  Go through all of the sites and change your password to something unique.  Preferably do this once a month or so.  It won't be the most fun thing you do in the month, but maybe incentivize yourself with a nice cold beer while you do it.  If you have LastPass, this just means visiting the 'Change Password' page on your sites and changing your password.  LastPass will keep up with these changes for you and prompt you to save the new password.  If you don't have a password manager, one technique to getting fairly secure passwords is to use a passphrase with some pattern you can remember.  For example for FaceBook, you might use [email protected] this month and remember it as "2255 pound A word that starts with F and a word that starts with B..."  This can be easier to remember, and since it's longer can be harder to hack.  

3- Setup Two-Factor Authentication Wherever Possible
Where the above techniques fail, two factor authentication can really save your bacon.  The best security is "Something you have and something you know", meaning to gain access, you need both something from your head and something in your hand.  This comes in many flavors and differs from site to site, but in general they involve an additional step to logging in from new devices.  For example, if you got a new computer and went to log into Google, it would prompt you to enter a code that they send to your phone in addition to your password.  Once you got it right one time, then it offers to remember the computer for the next time so you don't have to do this every time.  This way, if a person _were_ to steal your password they still wouldn't be able to get into your stuff.  Gmail, Facebook, and many other larger sites have this, with smaller sites starting to implement it as well.

TwoFactorAuth.org is a great site listing major sites that implement this scheme.

4- Don't Do Questionable Things Online
Downloading music, movies, and browsing to _ehem_ less-than-reputable sites are all vectors for getting hacked.  In the same way that walking down a dark alley at night whistling Dixie is a bad idea, so is taking part in the darker web.  Are there ways to do this stuff without getting hacked? Probably.  Does your best friend's cousin who is, like, a computer expert know an app that gives you tons of new movies free without any viruses or other vulnerabilities?  Probably not.  Stay away, stick to the main road, and your computer will be happier for it.

5- Keep a Balanced Perspective
Yes, there are risks online.  Your credit card can be stolen if you're not careful, but often if you are quick to notice, you can get the charges canceled before they hit your account.  Your Facebook password can be stolen, or in some cases even hacked without stealing the password.  It won't be fun, but usually you can recover from it.  The key is realizing that there are risks _everywhere_ and using an appropriate but not debilitating amount of caution. 

No comments: