This tutorial is intended to provide the average computer user with some relatively simple suggestions to improve their Digital Security.
Security breaches, where a malicious party gains access to sensitive data from a website or program, are becoming more and more common as computers get faster and the Internet becomes an ever-growing part of our daily lives.
Here is a list of security breaches that have occurred in 2018.
Firefox Monitor allows you to search with your email address to see if any sites you use have been part of a data breach.
It is impossible to protect yourself and your data from every possible security risk, but there are some good ways to improve your security throughout your daily life:
Practice safe browsing habits when surfing online, such as only visiting trusted websites, and avoiding clicking on suspicious links and ads. Be careful when opening emails and their attachments, and keep an eye out for emails that "require immediate attention", or seem too good to be true. Rather than following links in emails, navigate to the site directly instead.
The University of Missouri's IT Department offers some suggestions to help you avoid phishing scams here.
One simple habit to adopt is locking your computer or other devices whenever you are not using them, even if you just leave for a second.
Another simple change is not writing passwords down and posting them for others to inadvertently see.
One of the most important things you can do is to use strong passwords that are different for every site. Many times, if a malicious party is able to obtain login and password information for one website, they will try those same credentials on several other sites, because many people use the same password repeatedly.
This video shows just how easy passwords can be to crack, once an attacker has password hashes from a breached website.
How to choose a password, Diceware & Passwords, and Diceware provide some tips to help you create stronger passwords. The University of Missouri's IT Department also offers some good suggestions to help make your passwords stronger.
It's also a good idea to consider adding 2 Factor Authentication, especially to some of your more sensitive logins. 2FA combines something you know, like your password, with something you have, like a code generated by an authenticator app on your phone. This can help make it even harder for a malicious party to compromise your login credentials.
Understandably, it can become very difficult to remember several unique, complex passwords. Password Managers can take care of generating and storing complex passwords for you, so all you have to remember is one good, complex password for the Master Password of your manager. There are several free options, and options with purchasable premium features. The author of this page uses SafeInCloud due to its one-time fee and its ability to store your password database on your own cloud service, such as GoogleDrive or OneDrive, rather than a cloud service managed by the App.
The videos above mention hashes and hashing several times. Hashing Algorithms, SHA: Secure Hashing Algorithm, and How NOT to store passwords include more information about the basics of hashing and how password storage is/should be handled on the backend of websites.