As we lead more and more of our lives online the risks of losing control of your accounts get more dire, including both our money and our reputations.
You don’t want to end up completely paralyzed by paranoia, but you don’t want to make yourself a target, either. This post is written for “normal” people who aren’t likely to be targets for concerted attacks, but instead are more likely to get caught up in automated attacks perpetrated by criminals.
If you’re Jennifer Lawrence, you need to get way, way more paranoid than this. But you’re probably not.
The basic problem we have is that securing computers is incredibly hard—it’s something humans just did not evolve to be good at—so sooner or later some site you use will be cracked and criminals will make off with whatever information they found. This information will then be sold and traded and used in various creative ways to attack other sites and institutions in a chain of awfulness.
Remember, though, that for most people these are automated attacks that go for the low-hanging fruit, so some basic hygiene will protect you well. The steps below will help you lock your digital doors and windows. Let’s go through the steps.
Arguably your most important accounts are your email accounts—if somebody takes control of your email that person can send password resets from pretty much any other site and it’s game over.
This means yes, you should use a unique and complicated password for your email.
Again, your email accounts are the keys to all your other accounts—guard them carefully.
Two-factor authentication combines something you know (your password) with something you have (your phone). Some sites will send you a text message with a verification code, some will use a special app on your phone—such as Google Authenticator—to verify your identity.
If you use a site—like GMail or Dropbox—that offers two-factor authentication, turn it on, now!
This is the single most powerful thing you can do to increase your security online.
This one is obvious—if attackers get a hold of your user name and password from one site, they will attempt to log in to any site they can think of with that same combination. If you’ve reused passwords across accounts, boom, they’re in.
But, you sigh, I have so many accounts there’s no way I can remember unique passwords for all of them.
True. Neither can I. Neither can Batman. In 2015 a password manager is required, not optional. Is it a pain? Yes. Is it more of a pain than having somebody break into your accounts? No, it is not.
A good password manager makes it easy to generate hard-to-crack, unique passwords for each one of your accounts. Personally I use 1Password on my Macs and iOS devices and it’s working great for me. (Not an affiliate link—I genuinely use and recommend it.) If you find another one like LastPass or KeyPass that works for you, go for it. Just pick one and use it.
Once you’ve converted over, you only need to remember the one (very strong) password you set up for the password manager itself.
Note that if you’re in the Apple ecosystem, Safari on the Mac and iOS has a very bare-bones password manager built in, which is certainly better than nothing.
This one is a bit more paranoid, but with the ease of finding personal information these days, the shadow of an automated attack that finds out the answers to common security questions en masse is lurking. So, lie. If the question is, “What street did you live on as a child?”, answer “James Bond” or something nonsensical like that.
Obviously, you’re going to have to write down your dirty lies somewhere, like your password manager.
Increasing your online security mostly requires changing your thinking a bit to become more conscious of the risks. Follow the tips above and you’ll avoid at least automated trawls from criminals on the net.
Note: You might follow all these tips and still end up a victim. Nothing is guaranteed. Be careful out there.
Style note: The word “hacker” used to mean somebody who did clever things with computers and has since be co-opted to mean “computer criminal.” By not using it in that sense in this post I’m doing my tiny part to bring the word back to its real meaning. If you write for public consumption, please consider not misusing “hacker” to mean “computer criminal.” You can write two words instead of one. I believe in you.
Nic reports his experiences so far with voice computing from Amazon and Google and is a bit mystified at the reaction to Apple’s HomePod.
After a few weeks of using iPhone X I’m ready to join the congratulatory choir.
Nic is interested in smart homes. His contractor let him know how the wealthy are already using them.
Apple’s neglect of the pro market is causing a lot of gnashing of teeth in Apple-nerd circles, but it’s true to Apple’s vision.
There is unrest in the Mac community about Apple’s commitment to the platform. Some are turning their eyes to building a Hackintosh to get the kind of computer Apple doesn’t provide. Here’s what it’s like to run a Hackintosh.
Car nerds are dealing with some cognitive dissonance as car technology changes.
The Oasis is Amazon’s best e-ink reader to date, but it’s not good enough for the price.
Nic buys an Amazon Echo and is indubitably happy with the fantasy star ship in his head.
The problem isn’t ads. The problem is being stalked like an animal across the internet.
The DS416j is a nice NAS for light home use. Just don’t expect raw power.
The Core Dump is moving to GitHub Pages. This is a good thing, most likely.
Thoughts on Apple Watch after half a year of daily usage.
Predictably, the Paris attacks brought the anti-encryption crowd back out of the woodwork. They're at best being willfully disingenuous.
Things to consider when planning to build a site on a compressed time table.
Nic provides some basic not-too-paranoid tips for securing your digital life.
Installing Jekyll on an EC2 Amazon Linux AMI is easy. Here are the steps.
After wearing the watch for over a month, Nic has thoughts on its future. Spoiler: Depends on how you define success.
Turns out “it's just a big iPhone” is a stroke of genius.
Some technical terms still confuse people who should know better, like journalists.
How to host a static site on Amazon S3 with an apex domain without using Amazon’s Route 53.
People fear change, so new technology is used as as a faster version of the old. This makes technologists sad.
Nic loves his Pebble and looks forward to the Apple Watch, but realizes he’s in the minority.
Nic loves books, but he loves their content more.
Nic is worried about the fragile state of our technology and thinks you should be as well.
Nic tries to understand the WATCH. It doesn't go well.
Nic thinks home integration could be Apple’s next major category. Read on to find out why.
Nic is frustrated with his Kindle and would love to see Apple make an e-ink reader.
The iPhone was announced Jan. 9, 2007. It now occupies a huge chunk of Nic’s life.
Nic is very impressed with the speed of the iPhone 5S and iPad Air.
Nic buys a Nexus 7 to test the Android waters.
Nic outlines some of the risks of ceding comments on news stories to Facebook.
Nic is bemused by the sturm und drang surrounding the iOS-ification of Mac OS X.
Web publishing used to require heavy-duty nerditry, but no longer.
Nic is creating an e-book. He shares what he’s learned so far.