12 August 2012

Make Your Online Life Secure - HOWTO with links

Broken LockIf you haven't read it yet, you must read the story of the epic hack that happened to Wired reporter Mat Honan not long ago.

And then you need to realize that it can happen to you.  Because he's a tech writer.  I'm worried - someone tried to hack my Yahoo account (again - I think it was hacked years ago for a while) last night.  Yahoo locked the account and notified me, but it's a little too reminiscent of the pattern of the epic hack to make me comfortable.  And I'm about to head to GenCon, so I'll be wifi-surfing more than normal... and doing business at the same time.

So here's some relatively simple things you can do in order to make your online life more secure.

1.  Use different passwords for different sites.  Yes, this is a pain in the ass.  Yes, this is absolutely necessary.  Here's the easy solution:  Use a program like KeePass (Windows) or KeePassX (Win/Mac/Linux).  That program can generate (and save) complex passwords for you - and you just remember one password to unlock the database.  You can sync that (encrypted) database to Dropbox and then access it with KyPass (iOS) or KeePassDroid (Android).

2.  Use two-step authentication with Google.  Lifehacker goes into this pretty well.  I was worried that it'd be a pain, or that I'd have to worry about older programs, but I shouldn't have been.  You can create regular passwords for programs that don't support two-step (insert dance joke here), and there's a mobile application for smartphones that makes it right easy.

3.  Clean out your authorizations.  On all your social networks.  Including Google, Yahoo, and the like.  I've been pretty decent about keeping my app permissions in check with Facebook and Twitter, but when I reset my Yahoo password, I realized there were still services hooked in that I had *no* idea what they were for anymore.  Each of those is a potential backdoor.  Handy links to all those pages are available at mypermissions.org.

4.  Use a VPN.  I had my server access hacked a while back - which, luckily, was "only" used to send e-mail spam.  I'm certain this came from someone snooping on an open wifi network.  Since then, I've been sure to use a VPN service;  in my case, I use blackVPN.  They get great reviews, support folks using pretty much any OS or device, support multiple types of VPN, and there's even coupon codes at retailmenot.  It doesn't matter if you care about their rhetoric about internet rights and the like - you need a VPN if you ever communicate over open wifi.  Think about it this way:  Would you ever make a phone call over a "party line"?  If you're thinking "I have nothing to hide," would you post your credit card number in the comments below?  Exactly.


Someone really wanted the bike5.  Use HTTPS.  This is in addition to the VPN, above.  HTTPS (S for Secure) is used by just about everywhere for signins - and ideally, for all traffic between you and any website that requires a login.  You can turn on HTTPS for GmailFacebook, and Twitter.  But a lot of other sites only use HTTPS for the login portion - and so browser add-ons like HTTPS Everywhere help fill that gap (now available for Firefox and Chrome).

6.  Protect your privacy.  I'm currently using Ghostery (Firefox/Chrome);  you can also use ad-blockers and flash-blockers to supplement it.  There's a simple reason - all those web-trackers that Ghostery protects you from can also become an exploit of your security.   By stopping them all in their tracks, there's no chance they can subvert your system.

7.  Consider, um, not allowing your devices to be remotely wiped.  Prey is a crossplatform service (Win/Mac/Linux/iOS/Android) that performs many of the same services as FindMyiPhone.  (It has additional features you can turn on if you go Pro, but free will do for most people.)  Easy to set up, easy to use.  Highly recommended.  Also - if your Apple account is compromised, your Prey account is still ready to go.

8.  Backup your data.  I recommend using both an online backup and a local backup.  My personal setup:  Google Music to backup music.  Flickr Pro account to backup images online.  SpiderOak as a general backup, including documents, business stuff, and also redundant backup of pictures.  I use Dropbox for backup and sync of things that I'm actively working on and sharing with others.  I use Box to (largely) backup eBook files and PDFs.  And I use min.us for any files I want to share (such as PDFs) through the blog, or display to others.

Why so many different services for backing up?  Three reasons.  First, a failure, hack, or crash on one won't impact the others.  Secondly, each service does different things well;  I try to use each for their strength.  And finally, there are free accounts for each of them (except Flickr - the free account there is crap for backup purposes), so you can effectively have over six gigs (plus Google's music stuff) without paying a cent.  I pay for SpiderOak since it's my "big" online backup option.

Finally, I have a terabyte drive that does a full, differential backup of the hard drive every so often.  (A terabyte drive will currently set you back about $100 at Amazon.)  (This page explains the difference between full and incremental and differential backups.)  I use rdiff-backup for this task, choose a program for local backup that you understand and will use.  A local backup is faster than an online one, and protects you if your online backups are hacked.

You need both local and online backups.  The whole reason you're doing backups is to keep your digital data safe and recoverable.

Bonus tip #9 - Use PGP or GPG with your e-mail.  Short version:  It provides a layer of encryption around your e-mail like an envelope that can only be opened by the recipient.  It's significantly harder to set up, and may confuse a lot of the people you e-mail right now (which is why it's set-up, but disabled on my system).  But it's the next logical step in securing your online traffic... expect to see it suddenly become routine in the next two to four years.

This seems like a lot of work - but it's not.  The good news is that most of these things are things you only have to do once.  HTTPS Everywhere, Ghostery, and Prey all reside in the background.  The VPN is just a new habit to get into when you're signing in to public wifi.  Backups can be scheduled at certain times of the day in the background.  And using KeePass (or any other "password safe") actually makes password management so much easier, especially when you're working between devices.

And consider this:  Do you consider locking your doors "a lot of work"?  A home alarm?  Sealing your envelopes with checks or credit card statements in them?  These are the digital equivalents of basic home protection.

I remember an investigation where a co-worker (while I was still in the military) reported a theft.  The first thing the officer asked was:  "Did you lock your wall locker?"  When the private said they hadn't, the investigation was all-but-officially over.

Don't be that person online.

Hey folks, this post took about an hour and a half to write and research;  if you found it useful, buy a book from Alliteration Ink, click a coffee cup up there, or use Flattr to show your appreciation!

No comments: