Written by Giuseppe Perrone
Would you put your hands on a hot stove? What about eating a sandwich which laid on the ground? Are you into dousing an oil fire with water? I hope not.
If you do none of those, chances are you have common sense, well done! We call it “common sense” because it comprises practical knowledge used by most people to stay out of danger, to avoid getting into troubles or to keep away from embarrassing situations.
Practices we know as common sense took centuries to develop and to spread, but they now work well for the world we live in. The problem is that, in the last few decades, our world changed; to be precise we have two worlds now to take care of.
We live both in the physical world and in the digital world; we have two personas to care about: our physical one and our digital one.
We have a well developed common sense that helps us protect the first one but what about the second? We need to develop a different kind of common sense to be safe in the digital world.
The first step is acknowledging how unsafe we are and what’s at the stake.
When we register to an online service, we give them an email address, a password and sometimes a nickname. Then, we may share our home address (food delivery), our phone number, our conversations (social media), and more. Given that, how important is to protect the keys to those informations? Do we need to worry?
LinkedIn, Dropbox, Adobe, and VKontakte are some of the companies that suffered data breaches. A data breach is an unwanted public release of private information as a consequence of an informatic attack. Simply put, thieves collect login information of users and sold or release them for either personal gain or to provoke a company damage. Collections of e-mails and passwords obtained this way and shared are called “data dump”.
How do we know if our credentials are compromised? We can use a service like
haveibeenpwned.com that searches for an email within “data dumps” to check if the address is present.
Having a different password for every different service will help us mitigate the whole data breach issue. Speaking of passwords, the webcomic xkcd gives a wonderful insight on how to make strong but easy to remember ones, you can check it out here:
The message is: “Create passwords easy to remember for a human but hard to guess for a machine”.
Do you need more advice? Use activate two-step verification on every service when available. It is an additional layer of protection that requires not only a username and password to login but also a piece of information that only the legit user may have (a code sent via SMS, for example). You can find it in the “Settings” section of every major service or check out twofactorauth.org for a complete list of services supporting it.
Last piece of advice. When it comes to emails and links to click, limit yourself to two approaches: The Scully and Mulder’s “trustno1” or, as Suzanne Massie told Ronald Reagan, “Doveryai, no proveryai”. Trust, but verify.
