The Core Dump

You can’t undo this action

[By Nic Lindh on Saturday, 22 August 2015]

Digital hygiene for online security and safety

Nic provides some basic not-too-paranoid tips for securing your digital life.

As we lead more and more of our lives online the risks of losing control of your accounts get more dire, including both our money and our reputations.

You don’t want to end up completely paralyzed by paranoia, but you don’t want to make yourself a target, either. This post is written for “normal” people who aren’t likely to be targets for concerted attacks, but instead are more likely to get caught up in automated attacks perpetrated by criminals.

If you’re Jennifer Lawrence, you need to get way, way more paranoid than this. But you’re probably not.

The basic problem we have is that securing computers is incredibly hard—it’s something humans just did not evolve to be good at—so sooner or later some site you use will be cracked and criminals will make off with whatever information they found. This information will then be sold and traded and used in various creative ways to attack other sites and institutions in a chain of awfulness.

Remember, though, that for most people these are automated attacks that go for the low-hanging fruit, so some basic hygiene will protect you well. The steps below will help you lock your digital doors and windows. Let’s go through the steps.

Protect your email account above all else

Arguably your most important accounts are your email accounts—if somebody takes control of your email that person can send password resets from pretty much any other site and it’s game over.

This means yes, you should use a unique and complicated password for your email.

Again, your email accounts are the keys to all your other accounts—guard them carefully.

Use two-factor authentication everywhere you can

Two-factor authentication combines something you know (your password) with something you have (your phone). Some sites will send you a text message with a verification code, some will use a special app on your phone—such as Google Authenticator—to verify your identity.

If you use a site—like GMail or Dropbox—that offers two-factor authentication, turn it on, now!

This is the single most powerful thing you can do to increase your security online.

Don’t reuse passwords

This one is obvious—if attackers get a hold of your user name and password from one site, they will attempt to log in to any site they can think of with that same combination. If you’ve reused passwords across accounts, boom, they’re in.

But, you sigh, I have so many accounts there’s no way I can remember unique passwords for all of them.

True. Neither can I. Neither can Batman. In 2015 a password manager is required, not optional. Is it a pain? Yes. Is it more of a pain than having somebody break into your accounts? No, it is not.

A good password manager makes it easy to generate hard-to-crack, unique passwords for each one of your accounts. Personally I use 1Password on my Macs and iOS devices and it’s working great for me. (Not an affiliate link—I genuinely use and recommend it.) If you find another one like LastPass or KeyPass that works for you, go for it. Just pick one and use it.

Once you’ve converted over, you only need to remember the one (very strong) password you set up for the password manager itself.

Note that if you’re in the Apple ecosystem, Safari on the Mac and iOS has a very bare-bones password manager built in, which is certainly better than nothing.

Lie on the security questions

This one is a bit more paranoid, but with the ease of finding personal information these days, the shadow of an automated attack that finds out the answers to common security questions en masse is lurking. So, lie. If the question is, “What street did you live on as a child?”, answer “James Bond” or something nonsensical like that.

Obviously, you’re going to have to write down your dirty lies somewhere, like your password manager.

Conclusion

Increasing your online security mostly requires changing your thinking a bit to become more conscious of the risks. Follow the tips above and you’ll avoid at least automated trawls from criminals on the net.

Note: You might follow all these tips and still end up a victim. Nothing is guaranteed. Be careful out there.

Style note: The word “hacker” used to mean somebody who did clever things with computers and has since be co-opted to mean “computer criminal.” By not using it in that sense in this post I’m doing my tiny part to bring the word back to its real meaning. If you write for public consumption, please consider not misusing “hacker” to mean “computer criminal.” You can write two words instead of one. I believe in you.

« I like work: it fascinates me. I can sit and look at it for hours...

 »


You like to read about technology? What a coincidence—I like to write about technology!

The pro market, the nerds, and the vision

Apple’s neglect of the pro market is causing a lot of gnashing of teeth in Apple-nerd circles, but it’s true to Apple’s vision.

What to expect when you’re expecting a Hackintosh

There is unrest in the Mac community about Apple’s commitment to the platform. Some are turning their eyes to building a Hackintosh to get the kind of computer Apple doesn’t provide. Here’s what it’s like to run a Hackintosh.

The car is going digital and that’s a good thing

Car nerds are dealing with some cognitive dissonance as car technology changes.

Review: Kindle Oasis

The Oasis is Amazon’s best e-ink reader to date, but it’s not good enough for the price.

“Tea, Earl Grey, hot”

Nic buys an Amazon Echo and is indubitably happy with the fantasy star ship in his head.

It’s a content blocker, not an ad blocker

The problem isn’t ads. The problem is being stalked like an animal across the internet.

Review: Synology DS416j

The DS416j is a nice NAS for light home use. Just don’t expect raw power.

(Nerd Note) Moving to GitHub Pages

The Core Dump is moving to GitHub Pages. This is a good thing, most likely.

Apple Watch, six months in

Thoughts on Apple Watch after half a year of daily usage.

Magical thinking about encryption and privacy

Predictably, the Paris attacks brought the anti-encryption crowd back out of the woodwork. They're at best being willfully disingenuous.

Building a static site for an investigative journalism project

Things to consider when planning to build a site on a compressed time table.

Digital hygiene for online security and safety

Nic provides some basic not-too-paranoid tips for securing your digital life.

How to install Jekyll on Amazon Linux

Installing Jekyll on an EC2 Amazon Linux AMI is easy. Here are the steps.

Will Apple Watch be a success?

After wearing the watch for over a month, Nic has thoughts on its future. Spoiler: Depends on how you define success.

Let’s all chill out about the iPad sales numbers

Turns out “it's just a big iPhone” is a stroke of genius.

Tech terms you might be misusing

Some technical terms still confuse people who should know better, like journalists.

Naked root domain with Amazon S3 without using Route 53

How to host a static site on Amazon S3 with an apex domain without using Amazon’s Route 53.

New technology requires new thinking

People fear change, so new technology is used as as a faster version of the old. This makes technologists sad.

An HTML, CSS and JavaScript lesson plan

Nic provides a lesson plan for teaching total beginners HTML, CSS and JavaScript.

The glanceable wrist in your future

Nic loves his Pebble and looks forward to the Apple Watch, but realizes he’s in the minority.

It's the words, stupid

Nic loves books, but he loves their content more.

Our technology is bad and we should feel bad

Nic is worried about the fragile state of our technology and thinks you should be as well.

The WATCH is nigh, and I don't get it

Nic tries to understand the WATCH. It doesn't go well.

Apple might enter the home integration field

Nic thinks home integration could be Apple’s next major category. Read on to find out why.

An Apple ebook reader would be nice

Nic is frustrated with his Kindle and would love to see Apple make an e-ink reader.

The iPhone, devourer of technologies

The iPhone was announced Jan. 9, 2007. It now occupies a huge chunk of Nic’s life.

The A7 processor is your friend

Nic is very impressed with the speed of the iPhone 5S and iPad Air.

The 2013 Nexus 7

Nic buys a Nexus 7 to test the Android waters.

On azcentral.com outsourcing comments to Facebook

Nic outlines some of the risks of ceding comments on news stories to Facebook.

Lion and the angst of the greybeards

Nic is bemused by the sturm und drang surrounding the iOS-ification of Mac OS X.

Web publishing made easy

Web publishing used to require heavy-duty nerditry, but no longer.

How to create an e-book

Nic is creating an e-book. He shares what he’s learned so far.