James Staples

Digital Coaching

How to improve your web security

by

I'm here to help! I can provide support either in person or remotely. Please call or contact me for details.

The Problem

On a weekly basis we sign up for more and more services as our lives move online. Having to create a unique, complex password password for each and remember it is near impossible so instead we use the same familiar one everywhere. At the very least, a password should contain:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Punctation
  • At least 14 characters

This comic strip summarises the last 20 years of password creation!

Scroll down to Solutions

How the hackers work

The server hack

Typically a user will sign in to a host of services with their email address as their username and a password. Often a word found in the dictionary, significant to them (child or pet’s name) and one they use everywhere else, frequently including their email.
One of these fairly benign services gets compromised by a hacking attack and the list of usernames and passwords is stolen. The hacker will then try logging into the users email account with the password used.

The phishing email

An email is received. Either from a contact that has been hacked or a well known institution, branded with logos and layed out as you might expect. They obtain your personal and login details for services.

The concequences

If they are successful they can then do several things, including set up a new mail account, forwarding all new emails, deleting contacts, messaging all your contacts and ask for money etc.
It is no longer good enough to have the same or even a couple of passwords for the services you use.

Solutions

Set your recovery options

Email providers will often ask to take your mobile number which they can then text a code to in the event that you need to recover your account. Doing this before you get hacked is one of the easiest ways to prove it’s you when trying to recover afterwards.

Better Passwords!

Use unique, complex passwords

As humans we are inextricably linked to our situation and environment. Therefore being truly random is pretty tricky for us! Use a site like Xkpasswd to generate random, unique, strong passwords.

Unique, complex passwords are a great start, but pretty soon you’ll need a way to manage them! Use a Password Manager

Life on line is a constant balance between convienience and security. 1Password makes this struggle much easier! It can generate, store and fill passwords (and lots of other information) for you with one click (once you’ve unlocked your encrypted vault).

For an introduction watch this video!
If you like the sound of it you can get it from the following links:
1Password for Mac
1Password for Windows
1Password for iPhone, iPad and iPod touch
1Password for Android

Two Factor Authentication

This involves adding a second element to your security, the first being your password. This second element can be:
* A text message
* A code generating app on your smartphone
* A separate physical device (such as those provided by your bank or Yubikey).

Although many services now offer this facility, the details of it’s implimentation vary. To check if the site you’re using supports it either check the security section of their website or visit the two factor auth website

Sophos – a web security company has written a more indepth article on Two Factor Authentication if you’d like to learn more.