Human Security

These security help pages include a lot of fancy talk about encryption. Ultimately, however, all this wizbang cryto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward increasing your security.

Save the world with better passwords

Because passwords are almost always the weakest link in any security system where they are used, the first step to better security is better password practice.

Things to avoid:

  • Don’t pick a dictionary word or a proper noun! Passwords are often easy to crack because most people pick a password that is a variation on a word in the dictionary. There are simply not that many words in human languages: it is trivial for a computer to try them all! This includes words where you have replaced some letters with numbers. For example, “L0V3” is just as easy to crack as “LOVE”.
  • Don’t use the same password for all your accounts. Also, it can be better to write down your passwords in a secure place rather than use the same one everywhere.
  • Don’t forget to change your password. You should change your password at least once a year.
  • Never tell anyone your password, especially if they ask for it.

How do you create a password that is strong and yet easy to remember? This can be really tough. There are three generally approved methods:

1. Use a password storage locker

Don’t try to remember passwords. Instead, generate random passwords for all the different services and websites you use, and store them in a secure password locker.

2. Passwords

  1. Start with multiple words you can easily remember.
  2. Convert these words to non-words (for example, by taking the first letter of each word).
  3. Add a few random uppercase letters, numbers, or symbols, and you are done.

For example:

You could turn “The Revolution Will Not Be Televised” into “trwNbt” and then add a few random characters for “trwNbt!42”.

3. Passphrases

  1. Pick a few random words you can easily remember. Mixing in words from different languages and non-dictionary words is a good idea.
  2. String these together into a long passphrase. This will be longer, but easier to type.

For example:

Common internet scams

Keep your software up to date

To be written.

Be cautious on shared computers

Logout: make sure that you always logout when using web-mail. This is very important, and very easy to do. This is particularly important when using a public computer. Don’t leave your computer unlocked and unattended.

Avoid public computers: this can be difficult. If you do use a public computer, consider changing your password often or using the virtual keyboard link (if you use riseup.net for your web-mail).

if you share a computer with friends, create multiple logins which keep user settings separate. You should enable this feature, and logout or “lock” the computer when not in use.

Feel the love of free and open source software

Why should you use GNU/Linux over Windows or Mac OS? There are a number of reasons, one of the biggest is that the large quantities of viruses, trojans, back-door programs, security bugs, targeted government hacking, and other exploits over the years make them very difficult to trust, especially because you are not given the opportunity to look under the hood to see if what is going on is ok. The software is proprietary and closed source, that means you are trusting your private information to a corporation whose sole focus is profit, not the security of your personal information and whose methods you are unable to audit for yourself.

OS X suffers from similar issues that windows does. While it is based on Unix (of which Linux is a “clone”), a large portion of the operating system is not open source and thus not available for third party review. Its increasing popularity has been resulting in increasing viruses and exploits (though still far fewer than windows) and its corporate culture of authoritarianism is reflected in the structure of the operating system. OS X also includes the built-in “feature” to remotely activate the webcam which, as a feature regardless of the OS its on, has been shown to be used for other purposes.

GNU/Linux, however, is composed primarily (and can be made exclusively) of software whose source can be obtained and audited by essentially anyone, it has been built by a community of people for years. Its history is filled with few viruses and user-level exploits. Linux is also an easy to use operating system that supports a wealth of older hardware that makes this level of security accessible to the average individual.