Skip to main content

On Accounts and Passwords

I have some well-formed opinions on account security.  They have evolved over time as I have better understood the risks.  Unfortunately, I think the following list is good for all users everywhere.

The basic principle is to assume that nothing is secure.  Even if you keep your username and passwords secure doesn't mean that your bank, ISP, or Email provider keeps its systems secure.


Login Practices
  • Always check for proper HTTPS/SSL security.
  • Never use a link published in an email.
  • Use disposable accounts whenever possible.  Your account for your knitting forum shouldn't have any relationship to your account for your bank.
  • Only access sites with a good reputation, and a reputation that they need to uphold.

Password Practices

  • Never use the same password more than once.   If a hacker steals your password from DumbCo, you don't want that hacker to try that password at BigBucksBank.
  • Change your passwords.  People steal encrypted passwords.  Over time, they could crack those encrypted passwords.  By changing your passwords occasionally, you diminish that attack vector.
  • Use two-factor authentication whenever possible.
  • Never let anyone know your passwords.
  • Long and complicated passwords are better.
  • Avoid on-line account managers that result in a large store of passwords.
Email Practices
  • Keep your email accounts very secure.  If you can reset your passwords over email, then so can a bad person.
  • Use more than one email account.  Don't use the same email account for your knitting forum or Facebook that you use for your bank.
  • Never open or read junk mail.  Assume that it will infect your computer.
  • Never trust email from your friends.  Their accounts could have been compromised.
  • Avoid webmail services
Computer Practices
  • Minimize the number of devices you use.  The more devices you use, the more work is required to keep them secure and the higher the odds are that one of them is compromised.
  • Trust less trustworthy computers less.  Your home Windows XP machine is more vulnerable than your iPad.  Be more skeptical of less secure environments.
  • Never log in from an unknown machine.  That means you should never trust the computer in the hotel lobby, the computer at school, or even the computer at work.  Assume that there are keyloggers and screen-sharing technologies on each device you use.
  • Do not let others use or maintain your computer without strict oversight.
  • Use a quality browser that has anti-phishing capabilities.  Keep that browser up-to-date.  Avoid browser plugins.
  • Encrypt your computer's hard drive, and use a long and complicated password.
  • Put a password on your computer's login screen.  Do not let users share accounts.
  • Do not give day-to-day user accounts administrative privileges.
  • Shutdown your devices when not in use.
  • Scan for malware on all of your devices often.
  • Keep your software and OS up-to-date.
  • Do not install any software that hasn't been fully validated by a reputable party.
  • Be very hesitant in giving administrative rights to any software.
  • Back up your devices often, and keep control of your backups.  Keep your backups elsewhere (assume your neighborhood will burn down).
  • For encrypted files, use very long and complex passwords in order to minimize the odds that someone will be able to crack the file in years to come.
  • Use WPA2/AES security on your home WIFI network.  If your devices don't support WPA2/AES, upgrade your devices.

General Practices
  • Keep an off-line list of your accounts so you can easily take action if one account is compromised.
  • Watch over your account activity.
  • Be very concerned about account access issues or "odd behavior".
  • Remember that your network is compromised - your ISP, in combination with web site providers can access nearly all your network communications.
  • Do not trust the manufacturer of your home wireless router, handset, operating system, or third party software.  Again, all your data runs through these devices.
  • Never trust a 3rd party that can send you an email with your password within it.
  • Keep in tune with security vulnerabilities and compromises.


Popular posts from this blog

Fixing a SodaStream Jet, part 1: Disassembly Guide

I've had my SodaStream Jet for years, and once in a while something has gone wrong. Disassembly is the first step to repair.  Start with this article to see how to disassemble the SodaStream, and then once you have that down, scroll through my other articles to see how I repaired specfic SodaStream problems. SodaStream Jet Disassembly Guide Tools Required Flat head screwdriver Phillips head screwdriver 1. Remove the Carbonator.  Duh. 2. Remove the black panel lever The front big black tilt lever needs to be removed first. Removing this panel is tricky, but it isn't impossible. Looking up at the bottom of the black panel, there are two tabs, one on the left and one on the right. These tabs fully secure the panel in place. The trick is to use a flat-head screwdriver under the plastic to gently lever the tabs out of the way.  Note in the pictures how I approach these tabs with my screwdriver.  I usually release the left side first, and then I release ...

Porsche Key Remote Battery Repair Video How-To

We now live in the age where part of your life is spending time and money maintaining and repairing things like your car keys . My Porsche's remote key was getting weaker and weaker, until one day it stopped operating altogether. Keyless remote without the remoteness. Not so good. I was a bit fearful spending a sizable chunk of my time and money at the dealership to have such a small problem addressed, and so I decided that I would try to replace the battery myself. Items required A clear work surface A small flat blade screw driver. A quality lithium CR-2032 Battery, available here. Procedure The following video shows how I successfully opened up the key without breaking it, and replaced the alarm remote battery. In short, from the vantage point of the key's steel part facing away and the buttons facing up: I take a small screwdriver and press on the little plastic tab on the left side.  At the same time I use my fingers to start to pull the two halves apart.  From th...

Macintosh: Upgrading an eMac

It's been a long time since I wrote this article, but the fact remains: The good old eMac can still be useful if you take the simple steps to keep it as good as it can be.  All can run Tiger, and most can run Leopard - great operating systems for their day with a bit of useful life.  This article describes the procedure I used to upgrade my old eMac, including: Replacing the internal hard disk with a large capacity drive. Increasing the memory for performance Upgrading the operating system Here I'm upgrading a 700 MHz eMac, but the procedure and tasks for upgrading other eMac models should be almost identical. Upgrading versus Replacing My sister's eMac is of the 700 mhz variety, with 256 MB of memory. The machine seemed to be getting "slower", and the original 40 GB disk was becoming jammed packed with photos and iTunes, and within a few months she'd be out of disk space. There were two options to address the problems: upgrade the eMac, or go o...

Robust Installation of an HDHomeRun Networked TV Tuner. 64 OTA channels!

I added an HDHomerun (HDHR) over-the-air (OTA) streaming box to my home network, bringing over-the-air broadcast TV to my computers, phones and tablets.  The HDHR is a big upgrade from my previous setup: using a simple "window mount" antenna directly connected to my TV. A TV-attached antenna is good for watching some TV for free, but the HDHR offers so much more flexibility. Figure 0: HDHomeRun on my basement wall   My original OTA TV setup was haphazard at best. It was finicky, ugly, and hard for other people at home to use. I would actually tape my antenna to a window whenever I wanted to watch OTA TV. Plus, it only worked on my TV and not with my other devices. I wanted a cleaner and more modern OTA setup. After looking at possibilities, I developed two goals: (1) bring my OTA TV into the modern Internet-connected era, and (2) set it up in a reliable and pretty way so that other family members wouldn't have to fool around with the antenna or anything else.  With that,...

Fixing a SodaStream Jet, Repair #2 - Broken Fill Button

My Soda Stream Jet's fill button broke, which means I can not longer carbonate water by pressing the pushbutton. This caused all sorts of grief in my household. Here is how I managed to repair my Jet to give it another 10 years of life (hopefully). First, a look at the button The fill button on the top of the SodaStream is actually a simple lever. Pressing down on the button moves a pin that does the actual work of pressing open the Carbonator's valve. Unfortunately, the axis point is fairly thin and can see a lot of stress. That's where my Soda Stream button cracked. [ I think the usage tip here is "don't over-press the button like a gorilla, it doesn't do anything but put high stress on the button."] Cracked levering point of the button The Pesky Lever Retaining Pin The Fix It was pretty easy for me to replace the button: Take off the back of the Soda Stream and remove the carbonator. Push out the the button lever's steel retaining pin. This takes qu...

Adding a Water Flood Sensor to my Vista-20p alarm system

My Honeywell Vista 20p alarm system is fairly comprehensive, but I want one more feature: an alarm that lets me know when my sump pump isn't working properly. Here is how I added one for about $8 in special parts.   I'm afraid of a flood in my finished basement. I'm fortunate - my basement sump pump system is already redundant, with two independent pumps and two outflow pipes. The primary pump kicks in when the water level reaches 6 inches, and if that doesn't work, then the backup pump kicks in when the water level reaches 7 inches.  The backup pump should never kick in unless the primary pump is having a problem pumping.   But there is a problem with this setup: I might never know if my primary pump has failed, leaving me with no redundancy.  I want to be informed when I have one (or god forbid, two) pump failures. My goal is to have my Vista 20p alert me when the sump's water level is ever beyond the point where my primary pump should have kicked in, alertin...

Other Posts

Show more