Hello World. In the re-awakening of my attempt at writing, I decided to write a simple guide to the necessities about protecting yourself online.
The purpose of this article is to list a number of actionable steps that you can do today. They are listed in terms of importance, #1 being the most important. If you are storing money (cryptocurrency) or important information on your computer, then I highly recommend implementing all steps.
Note: I am not a security expert. The following is meant for layman educational purposes only.
Let’s get into it…
1. Email is the crux
If an attacker can gain access to your email account, they can do most things. Resetting passwords, looking up confidential information, etc. Your email should have an abstract password which you never use anywhere else, and you should secure it with 2FA (explained below).
Another step which I recommend is opening a Protonmail email account, and never mention it to anybody or anywhere on the internet. The great thing about Protonmail vs something like Gmail is that it is completely encrypted, which means nobody can spy on your emails.
2. Change your WIFI router default login
Sure, you got a sweet-ass Wifi name (that makes the neighbors laugh) and password that nobody would guess. BUT did you know that almost all WIFI routers keep the default login details as ‘Admin’ and ‘Pass’? This makes it really easy for an attacker to access your network, which means they can access everything else. To configure this, look on the bottom of your router for its default IP address (usually 192.168.1.1) and then enter the default login details, and then change them immediately. As an example, Netgear’s defaults are “admin” and “password”. Here is a link to change Netgear’s defaults.
3. Use Two Factor Authentication (2FA)
2FA is a second line of defense if somebody is able to guess your username and password. Most people make their passwords the same across all accounts, so if a shitty website is hacked and the password is leaked, then hackers can easily access more important accounts. See Have I Been Pwned to check if your details have ever been exposed.
In terms of implementing 2FA, you will have to download either Google Authenticate or Authy from your phone app store. Then follow the steps on the website which you want to enable it on. You will generally have to write down a list of backup words, so write it down on a piece of paper and store it securely. Do not store these on your computer.
Authenticator apps generate a 6-digit code every 30 seconds and then you have to enter that code onto the website to get access. This is quite a hassle but makes your accounts infinitely more secure.
4. Do not link your cell phone to any accounts
Most websites will allow you to link your cell phone via SMS code instead of using a 2FA app. Do not do this. It is incredibly easy to perform SIM swaps through social engineering (prying on the emotions of call center employees). If this is done then the attacker can have full access to any of your accounts.
5. Use secure passwords
I know it is much easier to use the same simple password for all websites, but it’s wrong. One alternative to the ($%d~`/}*&) is to use a list of random words. It is just as secure. Also, make sure your security questions are something nobody would know except you. I’ve just started using 1Password because I have a billion passwords and it’s going great so far!
6. Never fall for phishing scams
Last but not least, phishing. Phishing is people/websites who as disguised as trustworthy businesses, who try and get your information. Here are some examples:
7. Disable Chrome synching across devices
Chrome’s syncing feature is convenient, but if one of your synced devices is compromised, then all your devices are compromised. Chrome’s syncing feature basically keeps all your autofill data across your devices. This includes your passwords, credit card details, logins, encryption keys, etc. Allowing data to sync across devices increases your exposure to risk.
8. Public WIFI is very unsafe
Public WIFI is generally very insecure, which means that people who are connected can access your devices or spy on your passwords. If you really need to use the wifi, get a VPN (Virtual Private Network) which abstracts your device. There is a free Chrome Extension called Zenmate which does a reasonably good job.
9. HTTPS websites vs HTTP websites
HTTPS adds what is called an SSL (Secure Sockets Layer) to a website, which means that the information sent to it is encrypted. If you are entering information into a website, make sure it is HTTPS or else your information can easily be intercepted. Most browsers now say ‘Not Secure’ if the website does not have SSL.
Check out Brave Browser which natively blocks all Ads and Forces HTTPS on websites. I really recommend using this browser.
If your website does not have HTTPS, send an email to email@example.com and we will sort you out.
10. Windows vs Mac OS vs Linux
If you need to use Windows, get good anti-virus software to protect yourself. Avast and Sophos are great anti-viruses. Linux and Apple Mac OSX are much harder to penetrate via Trojan Horses and Viruses. Mint Linux and Ubuntu are really easy to use and absolutely free!
And that my friends is my simple guide to Protecting Yourself Online. There is obviously a ton of other things you can implement, but this is for the simple human who just doesn’t want to get hacked. If you are looking for a guide to literally change your entire identity and become impenetrable online, check out Jameson Lopp’s article https://medium.com/s/story/a-modest-privacy-protection-proposal-5b47631d7f4c
Thanks, Folks! I hope to start writing more often so let me know if you liked this.