Sunday, October 6, 2019

NCS Month 2019 #1: A Simple Reminder

Happy National Cyber Security Month! I know it's been a few years since I've done a dedicated post for October, and I've acquired some new material. Some things have changed, while too many things have stayed the same.

You can find my past posts about and during NCS Month here.


To start with, this is your friendly reminder to change your passwords. You should do it at the very least on a yearly basis, more frequently if it's an important account, and if you can't remember the last time you changed it, now's your best opportunity.

If you find yourself worried about having to remember too many passwords, I highly recommend looking at getting a password bank. There are loads of options on the web, and most of them are far more secure than storing them in a spreadsheet or having your Firefox or Chrome or Edge/IE remember them.

Key tips for choosing a password manager:
  • doesn't require in-app purchases or spending money (primarily for phone apps)
  • AES-128/SHA-128 or higher (bigger number is better) encryption (you don't have to really know what this means)
  • doesn't ask for permissions (primarily for phone apps) or tells you why it does
  • doesn't store your information "on the cloud"
  • "open source" or "third-party tested"
  • back-up of encrypted files
Those are my recommendations, but some very good password managers break them, so just because my list disagrees with them doesn't mean there's something wrong or illegitimate with the app.

I personally use aWallet Password Manager by Synpet for Android, but you may find something else that works better for you.

Lastly, if any of your accounts support 2FA or MFA, I highly recommend you turn that option ON! 2FA stands for two-factor authentication; MFA is multi- instead of just two (though some implementations call it MFA even when they only have two). This makes it more difficult for someone to access your account even if they manage to gain access to your password. Additionally, I recommend that you use an app to provide time-sensitive codes rather than having them emailed or texted to you, because the latter is more easily intercepted by hackers.

I use Google Authenticator, but there are better apps like andOTP (Android) or Tofu (iPhone) that don't owe their allegiance to a massive corporation (shame on me), but the trade-off is that they may be compatible with fewer accounts.

Remember, just because you think you have nothing worth stealing doesn't mean you shouldn't take steps to prevent it from being stolen.


That's it for this week, but we'll be back next week for more unsolicited advice.