Best Practices for Work and Personal Online Security

 
Best Practices for Work and Personal Online Security

Best Practices for Work and Personal Online Security

As more people and businesses use online services, more entities become available for cyber criminals and hackers to target.

 
 

Edited May 25, 2023

Passwords

Overtime we've learned to use passwords that are difficult to remember, but easy for computers and hackers to guess. This does not have to be the case. There are simple steps to follow that show how to create strong passwords that are also easy to remember.

What Not to Do

  • Re-use passwords adding new/sequential numbers at the end.

    • GeauxTigers1, GeauxTigers2, GeauxTigers3, etc.

  • Use common/easy-to-guess passwords.

    • 12345678, password, qwerty, football, baseball, abc123, 111111, letmein, passw0rd, welcome, etc.

  • Use words found in the dictionary, even if they are slightly altered (e.g., replacing a letter with a number).

  • Include a word or phrase of special importance to you like a birthday, telephone number, or even social security number. This is not always private information and can be easily discovered by someone doing a little digging.
    Remember: If a piece of information is on a social networking site, it should never be used in a password.

  • Use the same password for more than one account, especially for financial accounts.

What to Do

Use a Password Manager App

Password manager apps work by having you remember just one very strong password that's used to access all your accounts' unique passwords which are generated by the password manager app.

Password manager apps make you less vulnerable online by generating strong, random passwords each time. Think of password manager apps as a post-it note for your passwords — except it is not left on your desk, visible to everyone, and the passwords are made to be very secure and hard to guess.

If you’re entrenched in Apple’s ecosystem of iPhones, iPads, and/or Macs, their free built-in password manager app called iCloud Keychain is a great option. Even if you sometimes need to log into an account on a non-Apple device, it’s easy enough to look up your credentials in iCloud Keychain.

Some web browsers like Google Chrome offer to save passwords for you which is better than nothing. However, they lack in interoperability. If you want to have your passwords with you regardless of the web browser or operating system you’re using, a dedicated password manager can help fill that void. Some of those are:

  • 1Password is subscription-based

  • Bitwarden offers both a free version and a "premium" version as a subscription

  • Dashlane is also subscription-based

If you must create your own password, follow these tips:

  • Use 1Password’s free password generator.

  • Use at least 12-characters.

  • Use a description or short phrase mixed with numbers and characters.

    • E.g., string multiple nonsensical words together such as "correct" "horse" "battery" "staple": C0rrectHorseB@tteryStaple

“To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.” — XKCD

Use Multi-Factor Authentication

When available, use multi-factor authentication (MFA). Not every website/app/service offers this, but if they do it can usually be found in their settings → password/security section.

MFA works by adding an additional layer of security after you log in by requesting another form of identification such as a PIN sent to you via authenticator app, text, or email.

There are various forms of MFA. While they technically refer to different implementations, generally their names are used interchangeably and (for the most part) refer to the same underlying idea. Some of those names are:

  • Multi-factor authentication or MFA

  • 2-step verification or 2SV or TSV

  • Two-factor authentication or 2FA or TFA

  • One-time passwords or OTP

If given the option, always use an authenticator app over email and email over text for delivery of MFAs. While better than nothing, MFA codes sent via text are susceptible to being intercepted if, for example, your SIM card has been duplicated by a malicious actor thanks to social engineering. And MFA codes sent via email (again, while better than nothing) are most likely less secure than your authenticator app which is physically on your person.

 

It’s like Cinderella’s slipper. She can give her name and confirm where she was before midnight, but it’s only when the slipper fits that Prince Charming knows she’s for real. The Prince was an early adopter of 2FA.

Nick Asbury on describing two-factor authentication

 

Check for Breaches

It can help to know if your email address or passwords have been involved in a data breach at all. Free resources like ‘;—have i been pwned? offer an quick way to see if your information has been compromised.

Viruses

Most computer infections are caused by people downloading and running the virus themselves; i.e., being tricked. These infections come in all shapes and sizes. For example:

  • In email attachments that say they're invoices, parking tickets, or legal judgments.

  • A website will say you need to update software in order to use it.

  • As a part of other programs you download and run from disreputable sites.

  • You're told you have an infection and you need to do something to fix it.

  • Some viruses, when they infect computers, will email themselves to everyone in someone's address book. You can't trust even files you get from friends unless you were expecting them and the email makes logical sense. If in doubt, always contact the sender via another medium (e.g., in person or phone call) and verify.

Never download files or run software that isn't something that you were specifically looking for. The software you do get must be from a link on the original company's website that you searched for and verified as legitimate. When you do install software, make sure you read every option it gives you – oftentimes installations will bundle unwanted software with what you actually want.

 
 
 
PCGH