Digital security, the basics

 Before you even think about making your computer secure or installing software for encrypting communications or data, you should adopt some good habits by following these common sense tips to help you avoid having your email account or computer hacked. You don't need to be an IT specialist to follow these tips.

Between your chair and your keyboard

  • Avoid watchful eyes:
    • Avoid working with your back to a window
    • When you are travelling on a plane or train, attach a privacy filter to your screen. A privacy filter is a clear film which restricts side-on viewing when applied to your screen. Only the person sitting in front of it (you) can see the screen.
  • When travelling, try to keep your equipment with you as much as possible. This prevents anyone from being able to obtain files from your computer or being able to introduce a Trojan horse.
  • All operating systems (Windows, Mac OS and Linux) let you protect your session with a password. Make sure you use this feature.

Don't leave your laptop lying around! ! xkcd.com

Delete your tracks on a public computer

If you work in an Internet café or on a computer which is not your own, make sure that you do not leave any traces once you've finished your work:

  1. If you have checked your email, Facebook or Twitter account, always make sure you log out.
  2. Delete your browsing history. This contains various information and an expert could also access some of your online accounts
  3. Never store your passwords in the browser on a public computer. If you do this by accident, delete them from the browser's memory when you've finished your work.
  4. Clear form entry fields
  5. Delete cookies

Clearing this data is done differently in different browsers. A good way to avoid mistakes is to use the private browsing mode in Firefox or Chrome.

Control access to your information

Most online services (Twitter, Facebook, WordPress, Tumblr, Skype, etc.) let you recover a lost password by sending a password to your inbox. You must therefore protect your inbox as much as possible. If it is compromised, all your digital information could be too.

Google's mail service, Gmail, offers an additional layer of security: ”two-step verification”. This service lets you protect your mail account with:

  1. a username
  2. a password
  3. a code that you receive on your mobile each time you connect to your mailbox.

Therefore, without your mobile, you cannot access your mail.

When you log into your Gmail mailbox, remember to click on the “Details” link at the bottom of the page. This opens a window which displays the recent connections to your inbox. This way, you can detect any suspicious activity.

Twitter and Facebook also offer an equivalent service and allow you to view all the applications and sites which are authorised to access your account.

Use passphrases

Password length is the key factor in creating a strong password which can resist a brute-force crack. Combining numbers, special characters and lower- and upper-case letters often creates weak passwords which are difficult to remember. If you use a “passphrase”, rather than a “password”, you can create a string of characters which is easy to remember and is much longer than your old passwords.

  • Th$jHTo%46: short and difficult to remember
  • I hear the sound of bells on the green pastures: easy to remember and, for an attacker, very difficult to guess

The website xkcd explains why it is best to use passphrases rather than passwords in some cases.

Use a different passphrase for each service

There is no point in having a long passphrase if you use the same phrase to protect all of your online services. If one of your services is compromised, as can sometimes happen, all of your online accounts are compromised. It is therefore crucial to use a different passphrase for each service.

Use a passphrase manager

Using a different passphrase per service can be problematic if can't remember them all. Don't panic, there are reliable and secure tools available where you can save all your passwords.

LastPass is a password manager LastPass is available as an extension for Firefox, Chrome and Safari, and allows you to save all your passphrases. Access to your LastPass storage is protected with a unique passphrase. So you only have to remember one phrase for access to all your online services. Like Google's mail service, Gmail, LastPass offers two-step verification. If you use LastPass, it is highly recommended that you choose a long passphrase and set up two-step verification.

Be careful what you click on!

While it is important to install antivirus software on your computer, it is even more important to use common sense when you receive a link or an attachment by email, Twitter, Facebook or Skype. Social networks and communication tools are the main carriers of viruses.

Malware (malicious software) is also developed by specialist hackers which cannot be detected by antivirus software. The best defence is to act early, before malware infects your computer or smartphone.

  • Don't download files or click on links which you receive from unknown senders.
  • Carefully check the email address or Twitter account of anyone who shares a link with you. If you have any doubt, check the sender's identity with other contacts or by using a search engine.
  • If the file and sender seem suspicious, get expert assistance. Citizen Lab is an organisation which analyses the viruses sent by both dissidents and activists and helps them to protect themselves better.

Monitor your social networking presence

Facebook and Twitter are useful communication tools. However, make sure you control the information that is made public. The following tutorials and online services can help you to manage your online presence better: