31 Jul 2013

Keep your data more secure than it already is my version.

For the last couple of weeks I have been researching how to secure my personal data, I think it’s mainly because the emergence of PRISM or NSA scandal. However, I’m pretty sure if the government wants to access your data they can do one way or another. So, you absolutely cannot avoid that.

So, I decided to secure my data the other way, Password. Ola Bini has blogged about why we shouldn’t use the same password for every website. And if you’re like me and other people you probably use the same password for more than one website. If you forget about it then that’s why the reset password functionality is for. My friend has mentioned this approach where he use a complicated password and tried to remember it, if he forgot about it then he would just reset it.

And you will see news everyday about how every major website has been hacked here and here, just examples and I’m sure there’s much more. Some people might say, if your password has been exposed no matter how string it is it’s just a matter of typing. It’s true but if you’re password is hacked in an encoded form then it might take longer to crack it. I’m not saying it’s not possible to crack it, because according to the famous Moore’s law anything is possible. So, the only thing you can do is to slow the bad guy down.

So, what action do I take?

  1. Email, I depend my life on Google. Simply, I just turned on 2-way authentication. And I download Google Authenticator app on my phone. So, every time I need to access my email from else where I need to enter a random code from my phone on the website. This will give you something more secured. I also use this app for other websites such as DropBox as well. So, I just turn on 2-way authentication on every website that provide this mechanism.

  2. Password manager, I rely my life on 1Password. This is a nice application to generate strong password for you and remember it for you. Instead of remember all strong password from millions of websites, you just have to remember one strong password for the master password for 1password and it will take care of the rest for you. Of course, we have to trust our life with this company. But from what I have googled they’re pretty reliable. And my company provides the license to purchase the app. I have used the app on my Mac and my android phone. It’s pretty good so far. This is a nice article about 1Password so you can give it a go. They also have browser plugin so you can login to the website from the plugin.

  3. Secure browser, this is nothing to do with security, because no matter what you do you still need a browser to check everything, email, news and other stuff. I use Tor bundle browser to browse a little more securely. Tor will create a secure channel for you to browser anonymously. Of course, there’s no real way to do that, but something is better than nothing. Tor creates proxy channels so bad guy cannot track you who you are and where you’re from. It’s slow, but if you want to keep your online browsing anonymous. Tor is a good start. Nobody likes to be tracked everything you do online, at least I don’t like it.

  4. Forget Google, this might sound crazy but as we know the main revenue of Google is advertisement. They will do what ever they can to give you relevant ads so you can click on them. The more you click the richer they are. So, I change my searching experience to duckduckgo. They claim that they don’t store anything. So, you can be fairly sure that what ever you do on their website they don’t store your behaviour. Such as, what you click first or your search terms. Of course, I still use Google because admittedly they’re the best out there right now.

  5. Logout, this is really simple but most people don’t do it because it’s not convenient. No matter how strong your password is if you don’t logout I just have to open your browser and access your email or Facebook. I don’t even have to crack it.

  6. If you want everything to be secure, then it might be easier to just don’t store it on the cloud. You can start closing down your accounts from website you hardly use.

  7. These days, you can use Gmail, Facebook or Twitter to signup for most websites. You may grant access to those websites with your Facebook account, but if you don’t use it anymore then you can revoke the access. Otherwise, they can use your details without knowing your password at all.

  8. HTTPS, this is simple if you use Tor, because Tor will try to use HTTPS whenever possible. And yeh, something is better than nothing. HTTPS is a secure way to do everything online. If you have to give out your credit card number for online shopping, please look for a padlock or green bar on your browser to make sure that you use a secure channel. Just secure everything.

These are just simple actions you can take to secure your life. Most people might say I have nothing to hide so why bother (I got this quote from Ola Bini). Yes, it might be true but if you have nothing to hide so why don’t you just lay around your credit card or your photos for everybody to see.

What else did I miss?

Til next time,
noppanit at 00:00