Why you should care about security in day-to-day communications and transactions; 5 things you can do to secure yourself.
When you buy food on an app, to take an example from Arnav Gupta’s talk at 50p conference in 2017, different entities in the transaction pipeline use different SDKs which can read SMSes from your phone and emails from your inbox. You may not have influence on the technology underlying the apps you use for ordering food or making payments. But you can do simple things to secure yourself and your credentials online.
On 14 February, Gus Gustavo from the Tor Project and Kushal Das from the Freedom of The Press Foundation, conducted a Tor training with 30 participants at HasGeek House. Following from the discussions at the workshop, we asked Kushal and Gus to share top 5 things that each one of us can do to secure ourselves. Below is our pick from the list. We have also added a suggestion for 2FA, based on our experience at HasGeek.
1. Use strong and unique passwords
If someone gets hold of one of your commonly-used passwords, they can break into other sites/places with the same password. Consider using diceware to generate all of your passwords. More about diceware on this blog post.
2. Use password managers
Password managers will help you to store all your passwords in one place. Here is a guide on password managers. LastPass and 1Password are recommended cloud-based alternatives which work on mobile devices and on the web. KeePassXC is a good option on desktop.
3. Always lock your computer screen
Whether it be in your house, at your workplace, or anywhere else, make it a habit to set up screen lock for your laptop(s). Protecting your computer with a password will make sure that no one can access your computer even if you are not front of it for a few minutes.
4. Update all your software
Software updates almost always contain security patches and bug fixes, which if not patched, can be used by hackers and miscreants to exploit the vulnerabilities in the older version of the software or operating system you’re running and attach your computer. Install software updates — on your phone and your laptop — as soon as they are launched.
5. Setup 2 factor authentication (2FA)
Enable 2FA for all the websites and applications you frequently use. This will add a second layer of security in case someone finds your password.
If possible, stay away from SMS-based 2FA. Instead, use mobile applications like FreeOTP, Google Authenticator or Authy. These generate Time-based One Time Passwords (TOTP) which can be used as 2FA.
At HasGeek, we use Yubikey for 2FA. To know more about Yubikey and how it works, see the video below.
We have a few Yubikeys to give away, courtesy Yubico, for sponsoring Yubikeys for all participants at Rootconf 2016. Drop us a note on firstname.lastname@example.org if you want a Yubikey. We’ll find a way to get this across to you.
A more exhaustive list of suggestions for securing your credentials is published here: https://summertraining.readthedocs.io/en/latest/opsec.html