5 simple tips to staying a little safer online

The Web
The web has been likened to the wild west, a lawless and truly anarchistic place.
But most of the problems people encounter online are caused mostly by their own behaviour and attitude rather than any inherent nastiness of the technology.
Widespread digital iliteracy leads many to think they are safe when they are not and to fear things that are totally innocuous.

Below are 5 simple tips to help you stay a little safer online;

1: Keep a different and hard to guess password for each site

This might seem like a burden, but passwords are the gateway that criminals use to get your personal information.
You would not leave your door open at night if you lived in a high-crime neighbourhood.
In fact you would fit a very secure steel door to protect yourself.
Do the same on the web.

I use a simple, and memorable, formula for secure passwords that is similar to the following;

(6 character random alpha numeric sequence) + site identifier + (4 character random alpha numeric sequence)

The two random character sequences are the same for all passwords, and the site identifier is unique and of variable length.

I used a tool to generate the two random character sequences. But you can make your own up.
An example for the first one would be; A[4i5Z

The site identifier is something you can personally use to remember the site;
For instance, for the site "remember the milk", you might use; milky
It is a simple mental name for the site.
If you hate microsoft, for instance, you could use fascist as the site identifier for your MSN account.

The suffix 4 characters are there to just make the password even longer more random
An example would be; g#d0

This would make the example password for remember the milk;
A[4i5Zmilkyg#d0
And for MSN;
A[4i5Zfascistg#d0

Once you have learnt the random segments of the password all you need to do is remember the site identifier for each site.

Downside: If a single password is compromised you are relatively safe, but if 2 passwords are compromised you will need to change ALL of your passwords unless your site identifiers are totally unique to you. And they won't be. The only positive of this is that you would only need to relearn the random bits. You can keep the site identifier.

2: Give an answer to a different question for the account recovery questions or create your own absurdist question

An awful lot of services give you the ability to recover your account should it be hijacked or blocked by getting you to answer some personally identifying question like; What is your mothers maiden name?

This is a two edged sword. If you have already been compromised such a question is simple. And thanks to all our data being on-line nowadays it could be a simple search of a government records site for a nominal fee to find such basic information.

If the site only allows for set questions like the above, then give an answer to a different question in the answer field and make sure you make this consistent across sites.
What is your mothers maiden name? : Lasagne (What is your favourite food?)
What was your junior highschool teachers name? : A980 TFK (What was the license plate of your parents car growing up?)

If the site provides an "ask your own" identifying question then this is your time to shine a light on your inner python and create something completely absurd.
Pi is to yellow as Einstein is to? : banana ( remember the yellow part...)

A CSR will think you are totally mad, but it will prove completely that you are who you claim.

3: Secure your WiFi and use a secure password

WiFi routers are the common currency of home web access.
The older WEP standard is totally compromised and criminals can easily access all your data should your WiFi router still use it.
The newer WPA and WPA2 standards are far more secure and you should use either of these as the only way to connect to your router.
The extra benefit of WPA is that you can use a secure password, like the ones explained above, rather than a short hexadecimal sequence.
Do a Google search for your router make/supplier to find out how to configure it for WPA.

Each router will have an administrator password to allow you to configure it.
Only you should know this password, even if you give the WPA password to family and mates who come around.
The first thing you should do when you get a new router is immediately create a secure password for the administrator.
Do a Google search for your router make/supplier to find out how to set the administrator password.

4: ABANDON Internet Explorer and NEVER install a Toolbar Plugin/Extension

There are 2 good reasons for not using IE;

  1. Internet Explorer has tons of security vulnerabilities that can be exploited by criminals to grab all your passwords and credit card numbers.
  2. Internet Explorer is used by the vast majority of people and so criminals focus all of their efforts on creating viruses and trojans for it and finding said vulnrabilities.

I currently recommend Google Chrome as the browser to install and use on a day to day basis.
It has an update in the background feature that makes sure you get the security patches as soon as they are developed. Which is better than Microsoft's policy of only bundling every month and then "asking" if you want to have these security patches installed. [Plus, Chrome only asks you to restart Chrome and NEVER asks you to restart windows!]

Browser Toolbar plugins seem like a major convenience.
Everyone has one, Google, Yahoo, Microsoft and even your Web provider will give you a Toolbar to make your browsing experience simpler.
But with great simplicity comes great vulnrability.
These Toolbars have access to; everything you type in your browser (including passwords and credit card numbers), the addresses of all the sites you visit, and the times that you visit them.
Google recently had to issue an urgent update to their Toolbar to fix a major vulnerability.
If Google cannot make a secure Toolbar plugin, then what chance does anyone else have?
Never install a Toolbar plugin!

Luckily, most of these Toolbar plugins only offer options that a browser bookmarklet can achieve in your normal bookmarks toolbar.
Go to the website of the Toolbar provider and search for bookmarklet or take a look at marklets.com to find them.
Even though these can also be compromised, they will only run when you click them.

5: Run a virus scanner daily

If you are using windows this should be mandatory.
A virus scanner will check to see that you have not inadvertently installed a virus or trojan onto your machine.
I recommend AVG Free as it is both free and very good. The premium edition does lots of other good stuff, but the free version does the most important task of identifying and removing viruses and trojans.

I used to suggest running a virus scanner weekly, but as more and more people are online nowadays, and for much longer durations, I recommend to perform it daily and first thing in the morning as you get your coffee.

Finally: Trust no one

Always remember that even though you personally might be relatively secure other people you know will not be.
Do not share with anyone online anything that you may want to keep from your parents (… or your government).
Pictures of quasi-legal naked and drunken escapades may be fun to share amongst participants, but you have no guarantee that all of your friends have secure passwords and then your will find these pictures all over 4chan and SA.

There are further ways to stay even safer on-line, but these 5 (+1) simple tips are a good starting point.

About these ads

One thought on “5 simple tips to staying a little safer online”

  1. Great write up of the common mistakes. I love your take on passwords and have been using a similar pattern for ages. There’s two things i’d like to add:

    - change your passwords at least once per year.
    Add a number to it so you know which passwords have been changed and which haven’t. For instance: 2011 passwords have an 11 whereas your new passwords will have a 12..
    This would make the example password for remember the milk;
    A[4i5Zmilkyg#d012
    And for MSN;
    A[4i5Zfascistg#d012

    - check url’s
    Many sites offering the abillity to edit your data over a secure line, always check for the “https://” in the url bar. Some site, most notably of financial institutions, will also display the domain that you should be looking at in the page. Make sure you’re on the right place.
    Make sure that:
    https://editprofile.yourbank.com
    isn’t
    https://editprofile.yourbank.com.fi.ru

    Just my 2cts..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s