Random Observation/Comment #570: Protect your digital identity. Seriously.
People’s stupidity will always be the weakest link of any security policy, so make sure you’re careful with your passwords, apps you download, browsing, and general information you share.
Yes, I’m slightly more paranoid and careful with digital security than the average person, but it’s for good reason. Stories like this one from wordfence: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ makes me want 2-factor confirmations (e.g. phone calls and text messages) for all personal emails. It may also be true that we’ve already all been infected and the hackers are just waiting for us to be rich enough to be extorted.
Here are a few best practices I’ve been following:
- Never use your master password or variations of it for untrusted sites. Some sites may store the text instead of the hash. They may also take more data from your login than you think, so ALWAYS check what information you’re granting them.
- Sign in via social media (I personally use Google). With the caveat of rule 1 on the trusted sites, I’d mainly use this specifically to allow for revoke access via Google, FB, or Twitter.
- Make your master password super secure (at least 32 characters) and use a password manager (I use Lastpass for $1/month subscription) for mobile and browser. The wife says it’s buggy, but it’s worked for me.
- Mobile – I use the fingerprint reader to unlock. I also lock my phone after 10 seconds. Also I minimize the number of untrusted apps I install on my phone as many of them have backdoors.
- Laptop – I bought one with a fingerprint as well. I also keep my sleep time down to 5 minutes.
- Other devices – I’ve logged off of everything else besides the laptop and mobile phone.
- Public computers – Never. Especially email as I’ve used email as my portal for everything (forgot passwords and notifications).
- Review your accounts – I wouldn’t be surprised if people have created over 150 accounts on random sites. In reality, you only use around 15 of them, but what about the ones you created 3 years ago? Go through what you’ve logged into (Google Chrome keeps all passwords and autofills a lot of the time) and make sure you remove the ones you don’t use anymore.
- Remove phone numbers from any 2-factor – Recent bitcoin hacks have been through phone numbers. Exchanges can be compromised, but likely individuals can just call phone company customer supports and answer questions to re-route to new numbers. You can alternatively use a Google Voice number because that doesn’t have a human element. I recommend using Google Authenticator or Authy instead.
- Consider the “Secret Questions” as another password. Use different answers or ‘other’ to secure your secret questions – always opt for email password resets because your secret questions can likely be deduced by your online persona.
- Be wary of “Sponsored” content. This isn’t a hard and fast rule, but I am always more careful about sponsored content.
While this list isn’t exclusive, I’d generally just be smart about what information you expose on all forms. Don’t fall pray to clickbait sites and use Adblockers where needed.
~See Lemons More Secure