- Learn To Love Two-Factor Authentication
- Use three types of passwords:
- Mild: For normal websites like DuoLingo, IMDB etc. – These could be the same password.
- Strong: For websites like Facebook, Gmail etc. – These must be different but based on a site-specific rule.
- Insanely Strong: For bank accounts etc. – These must necessarily be completely different, unique, long and random.
- Don’t use the same passwords. Use base password (ideally an acronym) plus some rule (like the first two consonants of the site name followed by the first two vowels)
- The longer the password, the harder it is to crack. Consider a 12-character password or longer.
- Avoid names, places, and dictionary words.
- Mix it up. Use variations on capitalization, spelling, numbers, and punctuation.
Two Methods From LifeHacker
The sentence can be anything personal and memorable for you. Take the words from the sentence, then abbreviate and combine them in unique ways to form a password. Here are four sample sentences that I put together.
- Even better is if the phrase is not in English
- Go to a random password generator site.
- Create 20 new passwords that are at least 10 characters in length and include numbers and capital letters (and punctuation if you’re feeling brave).
- Scan the passwords, looking for phonetic structure—basically try to find passwords that you can sound out in your head. For example: drEnaba5Et (doctor enaba 5 E.T.) or BragUtheV5 (brag you the V5).
- Type out the phonetic passwords in a text file, taking note of how easy they are to type and how quickly you can type them. The easy-to-type passwords tend to get stuck in my muscle memory quicker.
- Keep the phonetic, muscle-memory passwords. Toss the rest. Print out your text file with password keepers.
- Check that your chosen passsword gets at least 4 ticks at Microsoft’s password predictor.
Guard Against Social Engineering, Phishing etc.
- Do not use devices left behind
- Do not leave unlocked and unencrypted devices behind
- Do not give out personal information online or on calls to people you don’t know
- Use an alpha-numeric password.
- But if you are going to be lazy and use a PIN, the longer the PIN, the better.
- If you are going to be even lazier and use the default 4-digit pin, do not use one of the following pins (which a study found to be in use in 15% of all iPhones):
- Schedule out a day every month in your calendar to back up all of your data
Make Your Facebook More Secure
Securing Your Web Browser Experience
- uBlock Origin for Chrome and Firefox
- Go to https://filterlists.com/ for more control on what is blocked.
- HTTPS Everywhere (Firefox/Chrome) is a must-have regardless of what other security tools you opt to use. Once installed, the extension will shunt your connection to SSL whenever possible, and will try to find secure versions of the sites you visit. It’s a great way to protect your browsing without really lifting a finger.
- Browser extensions help mask what you’re doing, but they don’t take care of everything. To really privatize what you’re up to, you’ll also need a VPN. It’s hard to justify the work needed to get a VPN set up unless someone wants to intentionally hide something. Sure, you can use a proxy to hide your BitTorrent traffic, or just use a browser like Tor to hide some traffic, but if you want to use the internet all the time privately, you’re going to sacrifice some conveniences.
For A More Anonymous Web Browser Experience, Use Tor
Tor (Windows/Mac/Linux) encrypts your web traffic and bounces it across a series of other computers, known as relays, to keep their location and browsing private and anonymous. Granted, that anonymity only goes so far: traffic leaving a Tor exit node is unencrypted, so while traffic inside the Tor network is encrypted and anonymous, ultimately your browsing comes out of someone else’s pipe and looks like normal web traffic. Tor is built for anonymity with a nod to security—not the other way around.
Encrypting Your Emails
If you regularly deal in confidential / sensitive data, you might consider encrypting your emails.
Encrypt your Gmail using Mailvelope: Encryption turns your email into a code that can only be deciphered with a key, then sends it to the recipient, who can only read it if they have the same key.