#SimpleSecurity tips for non-techies
A discussion with a friend about what should non-tech savvy people do to improve their information security made me think later on and write a series [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] of Tweets hashtagged #SimpleSecurity with suggestions about what to do, which software to use and how. Here I’m proposing a more curated version of them.
- Use the Tor Browser for complete anonimization.
- Alternatively use the open-source Firefox browser with AdBlock, HTTPS Everywhere, NoScript and Ghostery addons.
- Use a VPN
- Communicate with the awesome open-source secure “WhatsApp-like” app Signal
- Use a password manager to store all your passwords so you worry just about one of them. Use it to generate the random 31-characters long passwords as well. Use different passwords for each application/website/service.
- Avoid Windows and use Linux/Unix. If really have to use Windows choose and pay for a good antivirus. Use ClamAV on Linux/Unix.
- Check your firewall rules. Use Little Snitch on a Mac or similar software on other OS.
- Encrypt your computer’s hard drive(s) and phone.
- Lock your devices with a strong and long passphrase. See below.
- Avoid open Wi-Fi networks or use a VPN or Tor on them.
- Use WPA2 for your home Wi-Fi.
- Never charge your phone on publicly available USB chargers.
- Never share your location.
- Close forever your Facebook account.
- Avoid e-mails if not encrypted with PGP/GnuPG.
- “There is no cloud, just other people’s computers”: avoid storing important unencrypted data on cloud services.
- Set up two-step authentication wherever necessary.
- Don’t open e-mail attachments from unknown people.
- Do not trust anybody unknown on the phone. Anybody can say he/she is the employee of your bank and needs your password/pin.
- Never answer “yes” during spam phone calls. They record it, edit the audio track and make it figure like you accepted. If you have to, say “OK”, since it should have no legal value (but IANAL).
Always use strong passwords:
- long 25+ characters
- small and capital letters
- symbols, possibly “strange” ones, from a foreign language, for instance •∆π°©üæ
- avoid using existing words from any language
- avoid u51ng th15 wr1t1ng called Leet Speak or 1337 5p34k
- avoid personal information in it (birthdays, names, …)
Again, use the password manager to store all the passwords and letting it generate random passwords like 8d&d05Y&]]aw09baIFg-:£’miPì^.