Protect your digital footprints

A few thoughts on how to protect your digital identity and your data at home.

Email Account

Your primary email account is one of your most important accounts. If someone takes control of your email, they could:

• Prevent you from accessing your email by changing your email password.
• Reset passwords for your other accounts.
• Impersonate you by sending email from your mailbox.
• Collect and/or delete your private email history.
• Collect and/or delete your contacts, and use that to attack them.

Take extra precautions to protect your email account. I recommend the following steps to protect yourself.

1. Use a complex and unique password.
2. Enable multi-factor authentication.
3. Use one of the major online email providers like GMail, Outlook, Yahoo, or iCloud Mail. Premium providers are best equipped to provide both security and a user friendly experience. Avoid using your Internet Service Provider (ISP) to host your email.

Passwords

I hope that one day, passwords will be obsolete. Today most online services requires a username and a password. Unfortunately, usernames and passwords are often revealed and shared during cyber attacks. If you reuse passwords attackers will be able to easily reuse your username/password at other websites that you use.

• Use a password manager.
  I recommend that everyone use a password management tool so that your passwords are unique, and not reused. Password managers create and remember your passwords so you don’t have to. Most will automatically generate complex and unique passwords and type them in for you.
  Online password managers are easiest to use as they synchronize between devices (e.g. laptop and smartphone) so you can login anywhere. Consider 1Password, BitWarden, or Dashlane. If you exclusively use Apple products, you could use their built-in password manager, iCloud Keychain.
  Local-only software such as KeePass, or Password Safe keep your passwords on a single PC. A paper notebook and pen are better than nothing.
• Use long and complex passwords.
  If your password is short or easy, malicious software can quickly guess what it is. If you can remember a password, it is probably not a good password.
  Every website and service has different requirements and limitations. I recommend at least 12 characters with a combination of letters, numbers, and symbols. Password managers make this easy by generating and typing complex passwords for you automatically.
• Never reuse passwords.
  If you reuse passwords, attackers will capture your password from one hacked site and use that to access your other accounts too. Password managers make unique passwords easy, and can even warn you if you reuse a password unintentionally.
• Safeguard a backup copy.
  Regularly make a backup copy of your password database and keep it in a safe place. This might be on an external USB drive in a small safe at home, or in a safety deposit box at the bank.

Multi-Factor Authentication

To establish who you are, most services require only a username and password. Multifactor authentication adds additional requirements to makes it more difficult to gain unauthorized access to your account. Google, Microsoft, Apple, Yahoo, and Facebook all support multifactor authentication. Turn it on!

Multi-factor authentication options include;

• SMS – After you login with a password, you will receive either an SMS text or phone call with a one-time code. You must also enter that to continue.
• TOTP – Time-based one-time passwords. A six-digit code that changes every 30 seconds. Often simply called Google Authenticator, even though several alternatives exist such as Authy.
• PassKey – Integrated into Apple devices with FaceID or TouchID.
• FIDO – Often a standalone USB token such as YubiKey.

Change your home DNS Service

Your Internet Service Provider (ISP) typically provides DNS service which translates the easy-to-remember names like google.com to more complicated IP addresses.  Consider using a third party DNS provider which adds security features. Setting a secure DNS provider in your home router will provide protection to all devices that use your home network.

Consider these alternatives to your ISP DNS service:

• Quad9 – https://www.quad9.net/
• Cloudflare – https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/
• OpenDNS (Cisco) – https://www.opendns.com/home-internet-security/
• Google – https://developers.google.com/speed/public-dns

Backups of your data

Use backup software to take backup copies of your important files, photos, videos, and software. Backups are “recovery points” that can be restored in the event of failure, corruption, or attack. More frequent backups provide more recovery points.

External hard drives are a low-cost and effective place to store backup data. Both Mac and Windows come with free backup software that will copy your data to an external hard drive. For extra redundancy, consider using more than one external drive, and occasionally rotate them between your desk (for daily use) and a safe (in case of fire or theft.)

Consider this device if you need an external storage drive.

Software Updates

Enable automatic updates for your Windows, Android, MacOS, and iPhone devices.  Flaws and vulnerabilities are found in software on a regular basis, keep you devices patched.