Five Steps: Safer Digital Life

We can never be completely safe, but we can make it really difficult for others to claim our digital lives. Here are my five steps for becoming safer.

My everyday essentials. Laptop, notebook, phone, and keys, including my Yubikey.

Working on cybersecurity, it’s not uncommon for people to ask me what to do when they click on something they shouldn’t have. And this can happen to the best of us: getting our social media account hacked, clicking on a malicious link, or giving away our credentials by mistake.

Most of us are concerned about how to be digitally safer. Computers and phones tag along everywhere, seeing and hearing everything we do. In my head, I’ve kept a list of preventive measures to take, ready for when friends ask me.

1. Keep your devices up to date!

Always, always, always keep your devices updated. When Microsoft, Android, or Apple pushes an update for your operating system, do it as soon as possible. Also, installing updates for other software is essential.

2. Passwords and Password Managers

The way to go for passwords is complicated, lengthy, and unique. Sounds tiresome, but a good password manager will do most of the job for you. You will only have to keep track of a handful of passwords, such as the password manager password.

• Use a password manager to keep track of your passwords. Operating systems like macOS already include a manager, as does Google Chrome. There are also other software, such as LastPass and 1Password.

• Use strong and long passwords. The strength increases exponentially with length, so don’t be shy. A sixteen-character password, like aV9\n-+O~kjRtZ53, takes the order of 10^29 guesses.

• Use different passwords for each service. Never, never, never reuse passwords across sites. If one password gets stolen, your problem is isolated to one service. That might not be very pleasant, but it's probably manageable.

• Password managers also have another benefit: They keep track of which website you are on. If you are led to a phishing website, it won’t give up your credentials.

3. Passwords are not enough

Strong passwords protect against guessing and brute-force attacks on your account. However, a strong password is not protected if your password is leaked or uncovered. This is where two-factor authentication comes into play. If available, activate it!

• Most services allow two-factor authentication using emails, text messages, or apps. If you are provided a choice, opt for app authentication. Emails and text messages can be intercepted, but they are better than using nothing. An authenticator app, such as Google or Microsoft Authenticator, is good.

• Some services allow the use of physical keys. The most common option is Yubikeys, a physical key you insert into the device. The combination of a username, a strong password, and a physical key substantially increases the level of safety. Also, remember to get two of them—one for backup.
  
  NOTE: Anyone with a sensitive job or who holds public office should be required to use a physical key. Imagine the havoc a malicious Facebook update from a CEO, politician, or public official whose credentials were stolen could cause.

4. Trust No One

Be suspicious of messages, attachments, and links sent to you, even from people you know. Your family and friends' accounts might be hacked. Ask follow-up questions, call them, and check that they sent the message. This might feel silly, but it’s for everyone’s safety.

Don’t even click on that unassuming link to a cute cat video.

5. Device Hygiene

How you handle yourself and your devices is also essential.

• Install anti-virus software on your device. This is worth paying for from a serious provider, which often includes a VPN service. If you don’t pay for the service, remember: Using a service you are not paying for means you are the product. Also, you should not trust all providers.

• Don’t just install stuff you downloaded; you might get more software than you bargained for. Be suspicious of software not installed through trusted sources like Apple, Microsoft, or Google stores. There is a movement to open these store monopolies, which is good in principle but bad for most users.

• Be cautious of public Wi-Fi networks. Connect using your phone instead. If you have to use public networks, connect using a VPN connection.

• Never, never, never connect your devices directly to public USB charging slots. Besides electricity, these connections can also deliver malicious data. Always charge using the charging brick. There are data blockers you could use, but these have sometimes been found containing radio transmitters or data.

• When not using Bluetooth on your device, please turn it off.

These basic steps will keep you safer, even if you take some of them. Best of luck!