A client recently asked me my thoughts about digitally security. What do I do, should they consider doing suggestions that were made by others. I wrote back a lengthy email and realized it there was a post worth sharing with the world.
There are tons of tools and services out there. It can be overwhelming. I will admit it can also be time consuming. I took a lot of time to ensure I did not have to manually type in 60 character passwords anywhere — because honestly who wants to do that? Some of these I use and recommend. Others I think are a bit too much. Keep in mind I think we are a small fish in a big sea. Most of us are not in the spotlight. We are not a television or radio personality. We do not hold a high office in politics. These are people that would require another individual to help secure their digital life.
We also all make mistakes with security. I take it seriously, but others may not think I take it seriously enough. Yet others may thing I take it too seriously. Let’s take a look at the different facets of digital security. I am sure there are things I am missing. Others may have another point of view. I encourage you to comment below and tell me your thoughts.
Seriously Secure Passwords
The most secure password is one you don’t even know. The thought of that was terrifying a few years ago when I thought about password management. Until then I had remembered a 16 alphanumeric password that inconsistently varied depending on a few factors. Although that was better than using the word, “password” as my password there were still issues. If you use the same password in more than one place, and one of those places is hacked, now that password has been compromised with your name. Say you use, “password” for your Google and Apple accounts. Someone hacks your Google account. They can now find your Apple account and attempt to use the same password. It’s easier than you think.
This took me the longest to get used to, but I completely switched to a password manager. There are a few on the market. Lastpass and 1Password come to mind. I highly recommend 1Password. It took me a while before I started re-issuing new passwords with 50 to 60 characters anywhere a site or online identity let me but that was no longer an issue when I had 1Password synced, via Dropbox, to all my devices. My Apple laptop, Mac Mini, iPhone, iPad you name it. They all have access to 1Password. Agile Bits does a great job keeping up with the industry and has features like Watchtower that are created to solve problems as they come. You can even access it on Linux with 1Password Families, or by accessing another machine with it installed using TeamViewer*.
If you are using an iPhone, or something where it’s not exactly easy to use 60 character passwords, use as many characters as you can, mix case, numbers, and special characters. If you are on an iPhone use as many characters as you can. You can use a custom alphanumeric code, I would suggest that over the 4-digit numeric and custom numberic codes. Thumbprint authentication or two-factor authentication are even more important to put in place if you have a weaker password somewhere.
* TeamViewer is free for private use.
Two factor authentication works like this. If you log into a service that you have it activated on, it will send you a text message or email with a unique one time code to enter next. Sometimes that code expires in a few minutes. Email is a nice alternative for those who do not have cell phones. A weak password is safer with two-factor authentication activated. I suggest enabling it everywhere you can. Google, Dropbox, and Apple all have it to setup. Just do it.
One of the main reasons you want to do this is because your email inbox is the heart of your digital life. Where do all your password recovery emails get sent to? That’s right, if someone gets ahold of your email password they can reset the password for any other service (that doesn’t have two-factor authentication).
Encrypted Hard Drive
Have a personal computer? Laptop? Desktop? What happens to that computer when it is stolen? If you have ever done your taxes, or worse you have confidential information for your business on a computer you need to encrypt it so hackers cannot get to your data. Running Windows, macOS or Linux? Microsoft offers encryption via BitLocker, macOS via FileVault, and Ubuntu via EncryptedHome. It’s easy to setup and forget about. In 2016, you shouldn’t see any performance hit for it. Most corporate laptops have this enabled by default for obvious reasons.
This one is tricky, but I use it. There is strenght in your finger print bring an entry into your device. First of all it’s fast. Touch ID 2, Apple’s second generation is blazing fast. It reads your finger so fast it’s almost incredible. Those seconds saved from typing in a password, trivial to some, lovely to me. For Apple’s iPhones I enable both thumbs and index fingers. Why all four? Those are the four major finger you’ll need when trying to unlock from almost any angle. Share your phone with someone? Put their primary writing hand index finger and thumb on your device, too.
There is a weakness to your thumb being the entry point to your phone, mobile device, or digital device. The fifth amendment allows you to keep your passwords a secret but a court can compel you to unlock your phone with your thumb. You can’t change your thumb print either, but are you high profile enough for a theif to go through the trouble of getting your finger print? I’d argue not for most people. I would suggest using Touch ID and Androids equivalent.
This has changed over the years. I have been using Google Chrome exclusively and do enjoy that browser. For it, you have Ghostry which allows you to blacklist certain types of items. Advertising, Site Analytics, Customer Interaction, Social Media, Adult Advertising and more can be blocked with Ghostry. Incognito window is only so private. Advertisers have gone way beyond what I am comfortable with them knowing. Logging into Facebook and seeing the last thing you viewed on Amazon? Creepy! Ghostry solves that. For the most part.
Really, pay for sites you value their content so they don’t have to use these terrible ad agencies. I pay for YouTube RED and any other service I value. It’s a business. If they are not making money off you, they are making money off your information. That general rule of thumb is something to think about the next time you go for the free option.
Yeah, it can be a little much to digest. Don’t do it all at once. Like I said, we all make mistakes with security. The only thing we can do is incrimentally work towards being more responsible. I can tell you that even with the 1Password, it’s almost like I don’t have to think about it anymore. Becomes part of your life and you don’t notice. Private text messaging, TOR browser, Orfox, VPNs DuckDuckGo — the search engine that doesn’t track you — there are many more topics I haven’t touched. Most of these are a bit extreme for me. What did I miss? What do you use? Did I get something wrong here? Let me know in the comments below!