Skip to main content

On Accounts and Passwords

I have some well-formed opinions on account security.  They have evolved over time as I have better understood the risks.  Unfortunately, I think the following list is good for all users everywhere.

The basic principle is to assume that nothing is secure.  Even if you keep your username and passwords secure doesn't mean that your bank, ISP, or Email provider keeps its systems secure.


Login Practices
  • Always check for proper HTTPS/SSL security.
  • Never use a link published in an email.
  • Use disposable accounts whenever possible.  Your account for your knitting forum shouldn't have any relationship to your account for your bank.
  • Only access sites with a good reputation, and a reputation that they need to uphold.

Password Practices

  • Never use the same password more than once.   If a hacker steals your password from DumbCo, you don't want that hacker to try that password at BigBucksBank.
  • Change your passwords.  People steal encrypted passwords.  Over time, they could crack those encrypted passwords.  By changing your passwords occasionally, you diminish that attack vector.
  • Use two-factor authentication whenever possible.
  • Never let anyone know your passwords.
  • Long and complicated passwords are better.
  • Avoid on-line account managers that result in a large store of passwords.
Email Practices
  • Keep your email accounts very secure.  If you can reset your passwords over email, then so can a bad person.
  • Use more than one email account.  Don't use the same email account for your knitting forum or Facebook that you use for your bank.
  • Never open or read junk mail.  Assume that it will infect your computer.
  • Never trust email from your friends.  Their accounts could have been compromised.
  • Avoid webmail services
Computer Practices
  • Minimize the number of devices you use.  The more devices you use, the more work is required to keep them secure and the higher the odds are that one of them is compromised.
  • Trust less trustworthy computers less.  Your home Windows XP machine is more vulnerable than your iPad.  Be more skeptical of less secure environments.
  • Never log in from an unknown machine.  That means you should never trust the computer in the hotel lobby, the computer at school, or even the computer at work.  Assume that there are keyloggers and screen-sharing technologies on each device you use.
  • Do not let others use or maintain your computer without strict oversight.
  • Use a quality browser that has anti-phishing capabilities.  Keep that browser up-to-date.  Avoid browser plugins.
  • Encrypt your computer's hard drive, and use a long and complicated password.
  • Put a password on your computer's login screen.  Do not let users share accounts.
  • Do not give day-to-day user accounts administrative privileges.
  • Shutdown your devices when not in use.
  • Scan for malware on all of your devices often.
  • Keep your software and OS up-to-date.
  • Do not install any software that hasn't been fully validated by a reputable party.
  • Be very hesitant in giving administrative rights to any software.
  • Back up your devices often, and keep control of your backups.  Keep your backups elsewhere (assume your neighborhood will burn down).
  • For encrypted files, use very long and complex passwords in order to minimize the odds that someone will be able to crack the file in years to come.
  • Use WPA2/AES security on your home WIFI network.  If your devices don't support WPA2/AES, upgrade your devices.

General Practices
  • Keep an off-line list of your accounts so you can easily take action if one account is compromised.
  • Watch over your account activity.
  • Be very concerned about account access issues or "odd behavior".
  • Remember that your network is compromised - your ISP, in combination with web site providers can access nearly all your network communications.
  • Do not trust the manufacturer of your home wireless router, handset, operating system, or third party software.  Again, all your data runs through these devices.
  • Never trust a 3rd party that can send you an email with your password within it.
  • Keep in tune with security vulnerabilities and compromises.


Popular posts from this blog

Fixing a SodaStream Jet, part 1: Disassembly Guide

I've had my SodaStream Jet for years, and once in a while something has gone wrong. Disassembly is the first step to repair.  Start with this article to see how to disassemble the SodaStream, and then once you have that down, scroll through my other articles to see how I repaired specfic SodaStream problems. SodaStream Jet Disassembly Guide Tools Required Flat head screwdriver Phillips head screwdriver 1. Remove the Carbonator.  Duh. 2. Remove the black panel lever The front big black tilt lever needs to be removed first. Removing this panel is tricky, but it isn't impossible. Looking up at the bottom of the black panel, there are two tabs, one on the left and one on the right. These tabs fully secure the panel in place. The trick is to use a flat-head screwdriver under the plastic to gently lever the tabs out of the way.  Note in the pictures how I approach these tabs with my screwdriver.  I usually release the left side first, and then I release ...

Sodastream Carbonator Leakage, Usage, and Weight

SodaStream 60L "Carbonator" CO2 cylinders have a specific weight when empty, plus about 410 or so grams for the CO2 they should have when they're "full".  A little while ago I went to buy a replacement Carbonator from my local hardware store. The dealer pulled a new Carbonator out of the box and sensed it was lighter than usual.  He put the "light" Carbonator in the "empty" pile and sold me a different one.  At that moment I concluded that it would be smart of me to weigh both new and empty SodaStream carbonators.  Here are the results. Weighing a SodaStream Carbonator - for both Science and Consumer Protection.       The dealer told me that sometimes the carbonators leak after they leave the SodaStream filling facility.  That means there could be an opportunity for customers like me to get ripped off! The SodaStream cylinders I buy claim to have a net product weight of 410 grams - and that means that a full Soda Stream Carbonator shou...

Fixing my Wahl 9918 Groomsman Beard and Mustache Trimmer

Not everyone would bother repairing a $25 beard trimmer, but why not fix something for under $5 instead of spending another $25? My  Wahl 9918 Groomsman Beard and Mustache Trimmer  has admirably performed its beauty duty for many years, but the time came when the battery just wasn't holding a charge any more.  Most people would just put the trimmer in the trash and buy a new one, but I figured I could repair my otherwise excellent Wahl and save some money. In fact, even high priced trimmer and rotary shaver brands, like Norelco and Remington, can be easily repaired using a process similar to the one I used to fix my Wahl.  Read on to find out how. I opened up the Wahl by popping off the black plastic faceplate with a tiny flathead screwdriver, which revealed two screws.  By removing the two screws I was able to easily open up the unit, revealing the guts of the device. Backplate off, Revealing the screws The internals are rather simple: a motor, a...

Fix a Lightning Cable with Heat Shrink Tubing

We've all seen a Lightning cable that has started to fall apart.  They get used every day, and after enough tugs and yanks on your iPhone, they start to fray. I've seen a lot of these frayed cables, so I've started to fix them before they break with heat shrink tube.  I get my heat shrink on Amazon, like this handy and inexpensive pack.   I prefer the heat shrink tubes without internal glue - it has higher flexibility and a smaller outside diameter once shrunk. Heat Shrink Tubing on an Old, Frayed Lightning Cable In the photo here, you'll see that I slid on a 1.25 inch length of heat shrink over the lighting connector, and then shrunk it into place.  I chose a diameter that just barely fits over the lightning connector.  In all, it took about 60 seconds to perform this repair. Warning: the white plastic of the lightning cable has a pretty low melting point.  It seems to start to melt at about 125°C (or about 250°F), which is the same temperatur...

Macintosh: Upgrading an eMac

It's been a long time since I wrote this article, but the fact remains: The good old eMac can still be useful if you take the simple steps to keep it as good as it can be.  All can run Tiger, and most can run Leopard - great operating systems for their day with a bit of useful life.  This article describes the procedure I used to upgrade my old eMac, including: Replacing the internal hard disk with a large capacity drive. Increasing the memory for performance Upgrading the operating system Here I'm upgrading a 700 MHz eMac, but the procedure and tasks for upgrading other eMac models should be almost identical. Upgrading versus Replacing My sister's eMac is of the 700 mhz variety, with 256 MB of memory. The machine seemed to be getting "slower", and the original 40 GB disk was becoming jammed packed with photos and iTunes, and within a few months she'd be out of disk space. There were two options to address the problems: upgrade the eMac, or go o...

Leaving Sprint for Huge Cost Savings

So my friend is under a Sprint contract, and it's killing him.  He pays $145 a month for service for two lines, and he has 8 months left on his contract.  That is $1745 a year! He came to me because he wanted to upgrade his phones - he has two iPhone 5c's with 8 GB of storage - not enough - and so he was thinking of signing up with Sprint for another two years to get "new phones".  Stop!  Stop the contracts!  $1745 a year is a LOT OF MONEY. So we have THREE problems: He is under contract for 8 more months, at $145 a month. He has two phones that are too limiting for his day-to-day use He has two phones that are locked to the Sprint network We have FOUR goals: Reduce money being sucked out the door Get phones that are not so limiting Get phones that are not locked exclusively to Sprint Get out of any "contracts" Stage 1: New phones! So our first step is to get new phones - phones that will work with Sprint or any other carrier. Well, not ...

Other Posts

Show more