Funny thing. Sometimes you can’t see the forest through all the trees. Something along those lines happened to me just recently. Dropbox just recently announced it was compromised…from back in 2012. 68 million accounts were compromised. Including my own. I figured it would be a good deed to share with my friends via social media in case they didn’t know. Apparently people outside of infosec don’t follow major data breaches like I do. 🙂
For the next couple days, my friends (tech and luddite alike) hit me up with questions on how to improve their privacy online. That seems like such a simple thing from someone who’s occupation is security. All their questions are valid and I figured I should compile them all here so everyone can learn.
Q. What’s the best way to handle passwords?
A. Ideally you want the longest and most complex password possible. This password should be unique from every other password and changed on a frequent basis. That sounds almost impossible to do by yourself…and ultimately it is. That’s why people take shortcuts. Sometimes people will write their passwords down on a sticky note. Others will put them on a text file on their computer somewhere. Worse it’s the name of your pet/first born and the last 4 digits of your birthday or SSN (That’s probably the password people use more than any other right there). People reuse the same password over and over again. That’s the problem. Once a site like Dropbox or Last.fm are breached, hackers can then reuse those passwords to get access to your social media accounts or worse…your company email.
I strongly suggest you use a password manager. There’s several out there. Keypass, 1Password, and other. I personally recommend LastPass. No password manager is perfect. Each has their own strengths and weaknesses. Yes, Lastpass had a data breach themselves a while back, but the individual accounts were hashed and salted. So unless you have a major nation-state or hacker collective gunning for you, I doubt you have anything to be concerned over. Ultimately cyber-security is weighing how much risk you want to deal with while at the same time being able to do what you want online.
Q. What’s a VPN and why should I want one?
A VPN stand for Virtual Private Network. Think of it as a tunnel your internet traffic goes through of your choosing. Your (or the coffee shop’s) ISP won’t be able to read what traffic is actually happening instead all they’d see is a bunch of gobilty-gook (that’s a highly technical term FYI). This means people can’t listen in on your internet traffic. Bad guys can sniff your internet traffic and pull out things like what websites your viewing, listen in on your IM’s, and even snag your passwords. As long as your traffic is properly encrypted, all they see is lines and lines of trash.
This also has another good purpose. Some ISP’s don’t want you to use certain services. Services like Bit-Torrent are often used to pirate movies and software. Because of that ISP’s often will shut down your internet service if they see bit-torrent traffic. If you use a VPN service, then ISP’s can’t track the traffic.
There are LOTS of good VPN services out there. I personally recommend Private Internet Access. There are others that offer different features, but I like PIA simply because it’s easy. It just works. The agent installs on your computers, tables, phones, etc and you can connect/disconnect at will. Again, I recommend PIA because it’s simple, and works across multiple devices. You can step it up to the next level and connect your router to the VPN so devices behind it don’t have to install the software, but often that’s just overkill. The name of the game here is to implement simple changes that don’t complicate your life.
I can think of a lot of other suggestions that I’d like to share with everyone. Perhaps I’ll make this a semi-regular type of post. There’s lots of things to pay attention to that will go a long way in ensuring your security online. Encryption is a big one. You don’t have to understand the difference between Diffie–Hellman Elliptic curve and RSA 2048 encryption to use encryption to your benefit. You don’t have to everything about a motor to drive a car. Cyber-security is the same thing.