Protecting Your Digital Life in 7 Easy Steps

In a recent Medium post, Quincy Larson, the founder of Free Code Camp, an open-source community for learning to code, detailed the reasons it might be useful for people to make their personal data more difficult for attackers to obtain.

“When I use the term ‘attacker’ I mean anyone trying to access your data whom you haven’t given express permission to,” he wrote, “whether it’s a hacker, a corporation or even a government.” 
Continue reading the main story

In an interview, Mr. Larson walked us through some of the basic steps he recommended. We added a few of our own, based on additional interviews.

 

1. Download Signal, or Start Using WhatsApp to send text messages.

Encryption is a fancy computer-person word for scrambling your data so no one can understand what it says without a key. But encrypting is more complex than just switching a couple of letters around.

Mr. Larson said that by some estimates, with the default encryption scheme that Apple uses, “you’d have to have a supercomputer crunching day and night for years to be able to unlock a single computer.”

He said the best way to destroy data was not to delete it, because it could potentially be resurrected from a hard drive, but to encode it in “a secure form of cryptography.”

Signal is one of the most popular apps for those who want to protect their text messages. It is free and extremely easy to use. And unlike Apple’s iMessage, which is also encrypted, the code it uses to operate is open source.

“You can be sure by looking at the code that they’re not doing anything weird with your data,” Mr. Larson said.

“In general, the idea behind the app is to make privacy and communication as simple as possible,” said Moxie Marlinspike, the founder of Open Whisper Systems, the organization that developed Signal.

That means that the app allows you to use emojis, send pictures and enter group texts.

One bit of friction: You do have to persuade your friends to join the service, too, if you want to text them. The app makes that easy to do.

WhatsApp, the popular chat tool, uses Signal’s software to encrypt its messaging. And in Facebook Messenger and Google’s texting app Allo, you can turn on an option that encrypts your messages.

Mr. Marlinspike said the presidential election had spurred a lot of interest in Signal, leading to a “substantial increase in users.”

When asked to speculate why that was, Mr. Marlinspike simply said, “Donald Trump is about to be in control of the most powerful, invasive and least accountable surveillance apparatus in the world.”

Signal is available for both Android and iOS.

 

2. Protect your computer’s hard drive with FileVault or BitLocker.

Your phone may be the device that lives in your pocket, but Mr. Larson described the computer as the real gold mine for personal information.

Even if your data were password protected, someone who gained access to your computer “would have access to all your files if they were unencrypted.”

Luckily, both Apple and Windows offer means of automatic encryption that simply need to be turned on.

 

3. The way you handle your passwords is probably wrong and bad.

You know this by now. Changing your passwords frequently is one of the simplest things you can do to protect yourself from digital invasion.

But making up new combinations all the time is irritating and inconvenient.

Mr. Larson recommends password managers, which help store many passwords, with one master password. He said he uses LastPass but knows plenty of people who use 1Password and KeePass, and he doesn’t have a strong reason to recommend one over another.

Not every security expert trusts password managers. Some noted that LastPass itself was hacked last year.

So that means you may want to write them down in one secure location, perhaps a Post-it note at home. It seems more far-fetched that a hacker would bother to break into your home for a Post-it note than find a way into your computer.

If you take that route, we suggest setting a weekly or biweekly calendar reminder to change your passwords.

As far as making passwords up goes: Don’t be precious about it. Use a random word (an object near you while you are hunched over your Post-it), scramble the letters and sprinkle in numbers and punctuation marks. If you’re writing passwords down, you don’t have to worry about making them memorable.

 

4. Protect your email and other accounts with two-factor authentication.

When you turn this step on, anyone trying to sign in to your email from new devices will have to go through a secondary layer of security: a code to enter the inbox that is sent to your phone via text message. (Though sadly, not through Signal.)

You can also set two-factor authentication for social media accounts and other sites. But email is the most important account, since many sites use email for password recovery, a fact that hackers have exploited. Once they have access to your email, they can get access to banking, social media, data backups and work accounts.

...

Read the rest...