Basic Internet Security

Keeping passwords safe

Passwords are for the computer world basically what keys are in the physical world. If you loose a password you will not be able to get in, and if others copy or steal it they can use it to enter. As a minimum measure a good password should not be easy to guess by people and not easy to crack by computers, while still easy enough for you to remember.

Password length and complexity

To protect your passwords from being guessed, length and complexity are the key factors. Passwords like the name of your pet or a birth date are very unsafe; also any word that appears in a dictionary is easily guessed by a computer. You should also never use a password containing only numbers. You should use a password containing a combination of lower case letters, capitals, numbers and special characters and it should have a minimum length of 8 characters for basic security.

Minimizing damage

If your password is leaked or guessed, it is very important to minimize the damage as much as possible. To this end there are two measures you can take. Firstly, be sure to keep different passwords for different sites, otherwise if your password for one site is compromised it is very easy for the attacker to gain access to your other accounts. You can for example do this by choosing a few basic passwords to which you add a unique suffix per site. Secondly, change your password from time to time, at least for things you consider to be sensitive. In that way, if an attacker has got access to your account without you noticing, you effectively block him out.

Physical protection

Especially if you are traveling and using internet cafes, or other untrusted computers, you have to be aware that there are other ways for people to obtain your passwords. Firstly there is "over the shoulder" surveillance, where someone, or a camera, watches your actions and might see the password you are typing (or where you are browsing). A second typical threat is the presence of key loggers. Key loggers are software or hardware devices that record keystrokes, they can be hidden inside a computer or keyboard and hence totally invisible to you. Be very careful what you do in those places and which sites you visit there. If you really have to use such a place be sure to change your passwords as soon as possible. For more tips on Internet Cafes read the chapter on them.

Easy-to-remember and secure passwords

One way to create strong and easy-to-remember passwords is to start with a sentence you can easily remember, like:

"this book really helps for securing my digital life!"

Take for instance the first letter of every word: "tbrhfsmdl" and now add some more substitutions, the "f" can be the 4 (for "for") and we can add some capitals and special characters. The end result might be something like "TbRh4$mdL!" Which is secure and easy to remember. Just try to think of a system that works for you to remember the passwords. Alternatively you might want to use one strong password that is easy to remember and keep all your other secure (less easy to remember) passwords by using a tool that keeps them securely on your computer or phone.

Using an application to keep your passwords

Even easy-to-remember passwords might be difficult to manage. One solution is to use a dedicated application to manage most of your passwords. The application we will discuss is Keepass which is a free and open password manager that is considered to be secure (given that you chose a sane and secure "master password" for the keepass application).

For website passwords a more convenient solution that is probably safe enough for most of your passwords is to use the built-in password manager of the Firefox browser. Be sure to set a master password as is explained in the chapter on safe browsing, otherwise this is very insecure! Other browsers might also come with built-in password managers, but remember that if you don't have to unlock them with a master password they are mostly unsafe and easily retrievable by attackers having access to your computer.

Protect your Website Passwords

Browsers offer to save the login information and passwords for websites you use. If you choose to save the passwords, you should make sure that the passwords are stored in a safe way. See the chapter about Keeping your internet passwords safe in Firefox.

Caveats

  • If an application on your computer, like a chat or mail program, stores the password it uses, and you are not asked for it after reopening the program, it often means that it can be easily retrieved from your computer by someone having access (physical or otherwise) to it.
  • If your login information is sent over an insecure connection or channel, it might fall into the wrong hands. (see the chapters on secure browsing for more information)
  • Over the shoulder surveillance or key logging might compromise your passwords.