It’s time for the talk. Not that talk. The other one. The one about computers. Not the birds and the bees, but rather the bits and the bytes. It’s time to talk about computer security and what you can do to keep yourself safe.
The most important things to do are:
- Install updates!
- Have an anti-virus program installed.
- Use a password manager.
- Don’t give out your passwords no matter what.
- Don’t click links in email.
- If it looks or feels “funny” or “strange” or “wrong” don’t do it!
First, a bit about me and my credentials. My name is Ian Greenhoe. My profession is computers, and has been for the past 24 years. I’ve programmed them, administered them, and secured them — sometimes all at the same time. I’ve secured and protected personal computers, professional computers, and servers. I’ve made web servers for companies. I’ve worked for the company who literally is the world’s best at protecting against, catching, and cleaning up after the Chinese hackers. I’ve even created my own Linux distribution. My CV goes into some more of the details if you’re interested.
I could go on, but you get the point. So let’s move on to expanding on the above points.
First, installing updates. This is critical. There are literally bad people out in the world who take updates and reverse engineer (find out on a very technical level) what the changes were. They will then take this knowledge and use it to make malware (evil software) that can walk straight into computers that haven’t installed the updates.
Every major operating system — Windows, Mac (OSX), iPhone (iOS), Android (Linux), Chrome OS (Linux), Smart Devices (Mostly Linux), Linux, other modern Unix variants, and many others — has put significant effort into making it easy to install updates. Often annoying, but easy. Despite this, it is still hard to get people to install them. Don’t be one of those people — Just Do It and install those updates!
Next, it is vitally important to have anti-virus (“AV”) software installed and running on any desktop or laptop. Those same people who look at the software updates also look for other ways to break in. Some of those ways are pretty nasty and scary. Yes, I know a bunch of those details, and I have occasional nightmares about them — and I don’t scare about computer stuff easily.
While AV software won’t catch everything, it will catch many things. Think of it like a vaccine for your computer without bad side effects. Again, Just Do It.
Use a password manager.
Passwords are something that comes up time and again. They’re an annoying necessity, and used poorly they are worth (almost) nothing at all. You’re not supposed to reuse them, they need to be difficult to guess, and geeks were the ones choosing the “best practices” until recently. While it is possible to brute force memorize a random 12 letter password, it is difficult and unnecessary. (Yes I can memorize them, yes I have, and no, I don’t recommend it.)
This is why I recommend a password manager. My wife and I use 1Password on our laptops and phones, as it makes all of the passwords available on all of our devices. I’ve also heard good things about LastPass. There are others, but I’m not familiar with them. The way that the password manager works is that it securely stores all of your passwords for you, and you only need to memorize one password.
Here’s what I recommend:
- Choose a good password. Here’s a link about good, strong passwords: https://xkcd.com/936/
- Write it down using pen and paper. When you’ve got it memorized, put it in a secure location such as a safe or a safety deposit box. No matter how tempting, don’t put this in any electronic file, email, etc. The only place this should touch your computer or smart phone or tablet in when you enter it into your password manager.
- Use that password for your password manager. Do not use it for anything else!
- Use the password manager to create and store unique passwords for everything else that wants a password. Minimum 12 random characters and two symbols and 14 or 16 is better.
The goal here is to push all of your passwords from “one website was stupid and now everyone has your password” to what I like to call “GFL” (Good F***ing Luck).
Please keep in mind that physical items (such as paper) are always easier to secure than anything in a computer.
The next one is simple: Do not ever give out passwords.
Do not give passwords to the nice person from the bank who called you. Do not email passwords to the nice person who just wants to help you. Do not give out passwords to the person on the phone claiming to be from your company’s IT department. Don’t enter it into that handy form. Don’t write it down for some person, no matter how helpful or nice they are. Just DON’T do it!
The one possible exception is for spouses, parents, siblings, and children. Ask yourself “Do I trust this person to not clean out my bank account?” If the answer is yes, then you might consider giving them your password.
Next, don’t click links in email. A favorite tactic among evil hackers is to send you a link to you claiming to be about something safe or innocuous. They may even make it look like it’s coming from a friend, relative, coworker, boss, or colleague. Yes, really.
Always be suspicious. If you just signed up for something and they tell you that you’ll get a confirmation email, that is probably ok. An email claiming to be from your bank with a link? Forward it to your bank and then delete it. If you think the email is from someone you know, calling them is not a bad thing to do. The conversation can be as short as “did you send this?” It’s important to get a voice or video confirmation — text communications are far to easy to fake.
Lastly, be suspicious. If it looks or feels “funny” or “strange” or “wrong” don’t do it!
There are a lot of good people out there. Unfortunately, there are also enough evil people that you have to be careful. The evil people try to masquerade as good people. They know how to be polite. They know how to get you to trust them. They want to give you “good deals” that are anything but. They are really good at selecting targets. Don’t be one!
I use LastPass on my computer and on my Android phone. It is great to only have to memorize one password instead of the few dozen LastPass has recorded! Next I need to install it on my wife’s devices so things like our bank passwords can be shared back and forth.
Reply