Staying Safe Online
This program will highlight things you should be aware of and what you should do to be safer online. For example, you are using strong passwords with the aid of a password manager. In addition, confirm your identity with 2-factor authentication and avoid phishing attacks. We will also discuss security software.
Password Best Practices
Don’t reuse passwords:
- The best security in the world is useless if a malicious person has your legitimate username and password. They can do everything you can do.
- Some people’s passwords are simple to guess, like “password.” or using plain words easily guessed by a hacker’s program that tries every word in the dictionary.
- Using the same password for every site, a hacker only has to break it once or find it on another compromised website to access everything using that password.
Use robust passwords:
- A password needn’t be a word at all. It can be a combination of letters, numbers, and keyboard symbols.
- Use a password of at least fifteen characters long. Longer passwords are harder to guess or break.
- A password should not contain your username, real name, or company name.
- Upper and lower case letters, numbers, and keyboard symbols make the most robust passwords.
Avoid weak passwords; here are some examples.
- Using a common dictionary word as a password is a bad idea.
- Something easy to work out with a bit of background knowledge. For example, favorite football team, birthday, spouse’s name, etc.
- The most common password is ‘password,’ so that’s an obvious one to avoid.
Never disclose your passwords to anyone else.
- Don’t enter your password when others can see what you are typing.
- Change a compromised password as soon as possible.
- Don’t recycle passwords (e.g., password2, password3).
- Don’t send your password by email. No reputable firm will ask you to do this.
- If you think that someone else knows your password, change it immediately.
- Don’t write passwords down; use a Password Manager instead.
Choose A Password Manager
I suggest you start using a Password Manager to store login information for all your online sites. A password manager is the most important thing you can do to enhance online security. There are some good ones to choose from LastPass, Bitwarden, DashLane, 1Password, RoboForm, and Chrome Password Manager; these all are well vetted and safe to use.
Creating One Strong, Easy to Remember Password For use as a Master Password, see Appendix 1.
What is two-factor authentication?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication items to verify themselves. This process protects both the user’s credentials and account. For example, when you use an authenticator app, you bolster the password you know with your token or smartphone.
Two-factor Authentication Apps
Authy
Authy brings strong authentication to all of your devices. The free Authy app generates secure 2-step verification tokens on your device.
Why Authy is the best multi-factor authentication app:
- Setup: Easy to set up 2FA for any account.
- Secure: TouchID, Encrypted Backups, and more to keep you protected.
- Backup: Prevent account lockout when you lose your phone.
- Multiple Devices: Sync 2FA across mobile, tablet, and desktop.
Download Auth For Android, iPhone, Mac, and Windows Computers
LastPass Authenticator
LastPass Authenticator is separate from the LastPass password manager app, though it offers some synergy with the password manager. Installing LastPass Authenticator is easy. If you already have a LastPass account with MFA enabled, you can quickly authorize LastPass by tapping a push notification. In addition, it’s easy to create a backup of your authenticator accounts in your LastPass vault, alleviating some pain when transferring your data to a new phone.
Bitwarden Authenticator (TOTP)
If you use Bitwardrn password manager, then the Bitwarden authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use two-step login. Note: Authenticator key (TOTP) storage is available to all accounts. But TOTP code generation requires a premium or paid version (families or teams).
Some 2FA Info and Help Articles
- Secure Yourself by Using Two-Step Verification on These 16 Web Services
- What Happens If I Use Two-Factor Authentication and Lose My Phone? by Lifehacker.com
- How to Avoid Getting Locked Out When Using Two-Factor Authentication by How-To-Geek
- Secure Yourself by Using Two-Step Verification on These 16 Web Services
- Here’s Everywhere You Should Enable Two-Factor Authentication
- List of websites and whether or not they support 2FA.
- Secure Your Accounts and Passwords With a Hardware Token
- LifeHacker – How Do I Get Into My Email If I’ve Lost My Recovery Codes?
What Is Phishing?
What Is Phishing, and How Do You Avoid It? – By Review Geek Review Geek
“Phishing” is a catchall term for a variety of cybercrimes. The most basic form, phishing (pronounced “fishing”), is a scam in which a victim gets tricked into sharing sensitive information or downloading ransomware.
Most Common Forms of Phishing
Here are the common forms of phishing which should illustrate my point:
- Email Phishing: It is the most common form of phishing. A scammer impersonates a popular website or personality.
- Spear Phishing: Scammers who want to hit a specific target will resort to “spear phishing.” They gather information on their victim to make the message more believable.
- Clone Phishing: Sometimes, a scammer will send you a duplicate version of an actual email.
- Pop-Up Phishing: Modern popup phishing attacks usually take advantage of a browser’s notification settings to send you “antivirus warnings.”
- Angler Phishing: Scammers will impersonate a public figure or company on social media. For example, someone may copy a YouTube creator to share scammy “sweepstakes” links in a video’s comments.
- Whaling: A phishing attack aimed toward an important person, such as a CEO; it’s called “whaling.”
- Smishing and Vishing: These terms describe phishing through an SMS, text message, or phone call.
What Should You Do if You’re a Victim of Phishing?
According to the U.S. Federal Trade Commission, you should report all phishing attacks to the Report Fraud website. You can also forward phishing emails to [email protected] and send the phishing text messages to SPAM (7726). If a phishing attack impersonates a person or organization, you should warn them of the episode (especially if they’re a family member).
If you fall victim to a phishing attack, it’s time to enter harm reduction mode. First, change the passwords to all sensitive or affected accounts and enable 2FA to lock out scammers who have your password; a password manager will help you get the job done.
And tell your bank if a scammer gets your credit card information or bank details! They’ll help you replace the affected card and dispute fraudulent charges. You may also need to freeze your credit cards or set up a fraud alert if a scammer obtains your social security number, address, or birthday. Freezing your cewdit reports will prevent unwanted transactions and keep scammers from opening new lines of credit under your name.
What Is The Best Antivirus?
I don’t recommend buying a third-party antivirus; it will not improve your security.
It’s going to reduce reliability, and it’s going to give you a sense of false confidence. So the best thing to do, of course, is to remember.
Safe Computing
- Be careful about the places on the internet you visit.
- Pay attention to the information and files you download.
- Be cautious about the links you click in emails.
- Practice safe computing, be cynical of popups, and things like that.
- Have good backups, at least one of them off-site.
- Keep your devices (computers, phones, routers, smart home devices) updated.
What Is The Best Antivirus?
You’ve got to be super cautious and trust Windows Defender. No antivirus can do better. So, the answer is that you already have the best antivirus.
Third-party antivirus can be a negative, not a positive. Here’s why all antivirus, to work, hook themselves deep into the operating system, very deep, Deeper than a regular application does. As a result, third-party antivirus can provide a conduit for a hacker or malware into your system if anything goes wrong. As a result, I think third-party antivirus is potentially less secure.
Online Research and Tips
- Naked Security’s video on How to Pick a Proper Password?
- How to Create a Strong Password (and Remember It) by How-To Geek
- How to Use a Password Manager Video by The Verge
- Google Chrome Has a Built-In Password Generator. Here’s how to use it! By Bleeping Computer
- Guide to using Chrome Password Manager
- Manage saved Passwords in Chrome – You can have Chrome remember your passwords for different sites.
Appendix 1
Creating One Strong, Easy to Remember Password For use as a Master Password
However, to use a password manager, you still need one password to lock and unlock it. This password needs to be unique and follow all the robust rules. This one password should have no relation to your life, family, anniversaries, hobbies, or travels. In other words, not guessable by someone with knowledge of your life. At the same time, this master password must be easy to remember and type, especially on a phone keyboard.
Here is a simple online tool from LastPass to help create a unique master password. It’s their Username Generator Tool. However, I’m suggesting using it to generate pronounceable pseudowords.
Open the Username Generator Tool:
- Set the Username Length to 5 or 6 characters.
- Choose “easy to say” and check both the Lowercase box.
- Now click the circling arrow symbol to generate a word. Repeat clicking the circle arrow till you find a pseudoword you can pronounce and make a note of it.
- Repeat this process until you have 3 or 4 nonsense words.
- Combine these non-words using numbers and symbols and add some numbers to the beginning or end.
The goal is to end up with a 20 to 30-character random master password that you’ll use to unlock LastPass or another password manager.
I create a master password using the LastPass Username Generator Tool.
First created three nonsense words (timphe, tergon, oupers, and a random number 574619).
- Note: I toggled through many iterations in the username generator tool for each base word until various pseudowords appealed to me.
Then combine them with numbers and symbols to build a 20-character password, and add some numbers to the beginning or end
- Note: I changed some capitalization to make typing easier.
My final master password is (Timphe4tergoN#OupErs%574619) to end up with a 27-character password. This random combination of letters, numbers, and symbols will be my Master password for logging in to my password manager you choose and nowhere else.
You can use this temporary scratchpad to create your password.
Be sure to copy your creation before leaving this page.