5. Password policy

Tue, 22 Nov 2016 13:26:07 GMT

Passwords are the keys to our online lives. With our passwords, people can read our email, post on our social media accounts, see our banking data... and lock us out of our own accounts. So it's important to treat them with great care. But how? Here are a few hints on a good password policy.

Do not reuse passwords, ever. Reusing passwords means that breaking into one of your accounts also compromises others. At the very least, add some letters that differ for each site.

Switch to two-factor authentication wherever you can.

Do not keep the same passwords forever. It's good practice to change them every year, especially the important ones.

Do not use passwords such as your date of birth, partner's first name, or pet's name. People can find those easily by looking at social media or even talking to you or your friends.

Do not rely too much on often-used substitutions of letters by numbers. A zero instead of the letter o is not exactly hard to guess.

If you have trouble remembering your passwords, use a password manager. Read more about that here.

It's not a horrible solution to write important passwords down, as long as you make sure you're not leaving them in places where others can find them.

An option could be to create them in the form of fake 'people', stored in an address book (either digital or physical), whose made-up names help you remember what they belong to, and whose address or telephone numbers are the password. If you saw 'Amalia 035-3445899' written down in my little black book, would you think that was a password hint for my Amazon password? It's not, but it could have been.

Another way to make a decent password that's easy to remember is to make a sentence that's meaningful to you, and use the first letters of each word to form your password. For example: the sentence 'My old aunt Emmy has 3 pretty cute Greyhounds' stands for the password MoaEh3pcG but is a lot easier to remember, especially if you use it for your account on the website where you buy your dog food, or the social network where your aunt always posts pictures of her dogs.

If it's allowed, you could also use four (or more) random words that you can easily remember by drawing a picture of them in your mind, instead of a hard to remember and much shorter 'normal' password. Let XKCD guide you here (just do not reuse his example).

Further reading on good password practices:
Cnet
HowToGeek

Back to Index

comments

2. A list of things you can do

Tue, 22 Nov 2016 11:52:42 GMT

A lot of people are worried about their level of online privacy and safety lately, for reasons that shouldn't be too hard to understand. The big thing here is that US companies collect data, and the US government can grab hold of that data if they feel there's a need; if you are now under a government that you distrust, it makes sense to reduce the amount of data that you hand over to US-based companies.
Here's a list of things you can do. Some are easy and some are hard, but every one of them can help. Even if you can only do one of these things, it's worth doing.

Here's the hardest one, for many of you: Get off of Facebook. Facebook collects a LOT of data, even when you're not on it. It's not just what you post on Facebook, it's also about your surfing habits on other sites, and a lot more. All this data is under the control of a man who called his users 'dumb fucks' for trusting him. If that offends you, good! It should. If you feel you cannot do without Facebook, consider abandoning your account and setting up a new one, using an altered version of your name, and reconnecting with your friends on that. Changes like that help obfuscate your digital trail.

Get away from Google. I will post in more details about this later, because Google is an ecosystem that consists of a lot of services. Most of them have good replacements! The very fact that Google has all these services is also why it's so potentially dangerous: they collect a LOT of different data from all those sources and combine it all into a very detailed profile. Need a good search engine? Try StartPage.

Get your e-mail off of US soil. Use an e-mail provider that's hosted in Europe and offers encryption. There are plenty of them and some of the good ones are free. More information on that is now posted here.

Compartimentalize. Use different browsers for different purposes. Use different providers for different services, so that your data is split up and therefore less meaningful. Keep your profiles on social media and other websites separate. (I know, I don't always do that either. But I do have a few online hangouts that you probably don't know about.)

Here's another hard one. Don't use a smartphone. If you must, be very wary of the apps you install. Review and think about the permissions your apps ask to use. Can they also operate with less? Switch it off when it's not in use. If you can make do with a nonsmart cellphone, or use that for phone calls and use your smartphone for data only, do that. That's compartimentalizing too.

Here's some easy stuff! Use adblockers and other browser add-ons that improve privacy. Your surfing experience will be safer and faster and the sites you visit will look nicer! This is another good topic for a separate post, but for now I'll throw out some names: UBlock Origin, Ghostery, BetterPrivacy, PrivacyBadger, DecentralEyes, SelfDestructing Cookies. If you use Ghostery, be sure to check the settings carefully, as the default is not great.

Also easy: if a service you are using offers two-factor authentication, set that up. It makes your accounts a lot harder to break into. This is especially important for webmail accounts, since they are often the key to a lot of other things, because many services use email to reset passwords.

Another fairly easy one, and we should all be doing this already: use good, strong passwords and be smart about using them. Read more on that here.

Learn to use an e-mail client that supports encryption. You may not need it now, but it's a good option to have. Thunderbird is just fine for this; with the add-ons Enigmail and GPG installed, it works well. It's also an all-around good e-mail program. And if more people use encryption, those who use it won't stand out anymore. Remember when mail used to be private? E-mail should be private, too.

If you haven't yet, consider getting away from Apple and Microsoft. Linux isn't just for geeks anymore. There are several good looking, easy to use Linux based OSses nowadays, they can run on most of the hardware that you are using, and they are free. Ask your friendly local nerd or cybersmart cousin to show you Linux Mint. Bonus: your computer will probably run faster, and will not need to be replaced as rapidly!

One of the best things you could do would be to attend a cryptoparty: an interactive workshop about cybersecurity, often aimed at beginners. Find out here when and where they are happening. A good place to ask about this would also be your local hackerspace; hackerspaces are physical spaces (as in, buildings/rooms) where people get together to tinker and to share knowledge about many things, cybersecurity being one of them. Don't worry about the bad reputations of hackers; there are good reasons why malicious hackers generally stay away from hackerspaces (they don't need them, they aren't welcome, and they don't want the extra visibility).

Back to Index

comments

Cybersecurity for the Trumped

5. Password policy

2. A list of things you can do