Skip to main content

On Accounts and Passwords

I have some well-formed opinions on account security.  They have evolved over time as I have better understood the risks.  Unfortunately, I think the following list is good for all users everywhere.

The basic principle is to assume that nothing is secure.  Even if you keep your username and passwords secure doesn't mean that your bank, ISP, or Email provider keeps its systems secure.


Login Practices
  • Always check for proper HTTPS/SSL security.
  • Never use a link published in an email.
  • Use disposable accounts whenever possible.  Your account for your knitting forum shouldn't have any relationship to your account for your bank.
  • Only access sites with a good reputation, and a reputation that they need to uphold.

Password Practices

  • Never use the same password more than once.   If a hacker steals your password from DumbCo, you don't want that hacker to try that password at BigBucksBank.
  • Change your passwords.  People steal encrypted passwords.  Over time, they could crack those encrypted passwords.  By changing your passwords occasionally, you diminish that attack vector.
  • Use two-factor authentication whenever possible.
  • Never let anyone know your passwords.
  • Long and complicated passwords are better.
  • Avoid on-line account managers that result in a large store of passwords.
Email Practices
  • Keep your email accounts very secure.  If you can reset your passwords over email, then so can a bad person.
  • Use more than one email account.  Don't use the same email account for your knitting forum or Facebook that you use for your bank.
  • Never open or read junk mail.  Assume that it will infect your computer.
  • Never trust email from your friends.  Their accounts could have been compromised.
  • Avoid webmail services
Computer Practices
  • Minimize the number of devices you use.  The more devices you use, the more work is required to keep them secure and the higher the odds are that one of them is compromised.
  • Trust less trustworthy computers less.  Your home Windows XP machine is more vulnerable than your iPad.  Be more skeptical of less secure environments.
  • Never log in from an unknown machine.  That means you should never trust the computer in the hotel lobby, the computer at school, or even the computer at work.  Assume that there are keyloggers and screen-sharing technologies on each device you use.
  • Do not let others use or maintain your computer without strict oversight.
  • Use a quality browser that has anti-phishing capabilities.  Keep that browser up-to-date.  Avoid browser plugins.
  • Encrypt your computer's hard drive, and use a long and complicated password.
  • Put a password on your computer's login screen.  Do not let users share accounts.
  • Do not give day-to-day user accounts administrative privileges.
  • Shutdown your devices when not in use.
  • Scan for malware on all of your devices often.
  • Keep your software and OS up-to-date.
  • Do not install any software that hasn't been fully validated by a reputable party.
  • Be very hesitant in giving administrative rights to any software.
  • Back up your devices often, and keep control of your backups.  Keep your backups elsewhere (assume your neighborhood will burn down).
  • For encrypted files, use very long and complex passwords in order to minimize the odds that someone will be able to crack the file in years to come.
  • Use WPA2/AES security on your home WIFI network.  If your devices don't support WPA2/AES, upgrade your devices.

General Practices
  • Keep an off-line list of your accounts so you can easily take action if one account is compromised.
  • Watch over your account activity.
  • Be very concerned about account access issues or "odd behavior".
  • Remember that your network is compromised - your ISP, in combination with web site providers can access nearly all your network communications.
  • Do not trust the manufacturer of your home wireless router, handset, operating system, or third party software.  Again, all your data runs through these devices.
  • Never trust a 3rd party that can send you an email with your password within it.
  • Keep in tune with security vulnerabilities and compromises.


Popular posts from this blog

Fixing a SodaStream Jet, part 1: Disassembly Guide

I've had my SodaStream Jet for years, and once in a while something has gone wrong. Disassembly is the first step to repair.  Start with this article to see how to disassemble the SodaStream, and then once you have that down, scroll through my other articles to see how I repaired specfic SodaStream problems. SodaStream Jet Disassembly Guide Tools Required Flat head screwdriver Phillips head screwdriver 1. Remove the Carbonator.  Duh. 2. Remove the black panel lever The front big black tilt lever needs to be removed first. Removing this panel is tricky, but it isn't impossible. Looking up at the bottom of the black panel, there are two tabs, one on the left and one on the right. These tabs fully secure the panel in place. The trick is to use a flat-head screwdriver under the plastic to gently lever the tabs out of the way.  Note in the pictures how I approach these tabs with my screwdriver.  I usually release the left side first, and then I release ...
Read more

Sodastream Carbonator Leakage, Usage, and Weight

SodaStream 60L "Carbonator" CO2 cylinders have a specific weight when empty, plus about 410 or so grams for the CO2 they should have when they're "full".  A little while ago I went to buy a replacement Carbonator from my local hardware store. The dealer pulled a new Carbonator out of the box and sensed it was lighter than usual.  He put the "light" Carbonator in the "empty" pile and sold me a different one.  At that moment I concluded that it would be smart of me to weigh both new and empty SodaStream carbonators.  Here are the results. Weighing a SodaStream Carbonator - for both Science and Consumer Protection.       The dealer told me that sometimes the carbonators leak after they leave the SodaStream filling facility.  That means there could be an opportunity for customers like me to get ripped off! The SodaStream cylinders I buy claim to have a net product weight of 410 grams - and that means that a full Soda Stream Carbonator shou...
Read more

Fixing a SodaStream Jet, Repair #2 - Broken Fill Button

My Soda Stream Jet's fill button broke, which means I can not longer carbonate water by pressing the pushbutton. This caused all sorts of grief in my household. Here is how I managed to repair my Jet to give it another 10 years of life (hopefully). First, a look at the button The fill button on the top of the SodaStream is actually a simple lever. Pressing down on the button moves a pin that does the actual work of pressing open the Carbonator's valve. Unfortunately, the axis point is fairly thin and can see a lot of stress. That's where my Soda Stream button cracked. [ I think the usage tip here is "don't over-press the button like a gorilla, it doesn't do anything but put high stress on the button."] Cracked levering point of the button The Pesky Lever Retaining Pin The Fix It was pretty easy for me to replace the button: Take off the back of the Soda Stream and remove the carbonator. Push out the the button lever's steel retaining pin. This takes qu...
Read more

Fixing my Wahl 9918 Groomsman Beard and Mustache Trimmer

Not everyone would bother repairing a $25 beard trimmer, but why not fix something for under $5 instead of spending another $25? My  Wahl 9918 Groomsman Beard and Mustache Trimmer  has admirably performed its beauty duty for many years, but the time came when the battery just wasn't holding a charge any more.  Most people would just put the trimmer in the trash and buy a new one, but I figured I could repair my otherwise excellent Wahl and save some money. In fact, even high priced trimmer and rotary shaver brands, like Norelco and Remington, can be easily repaired using a process similar to the one I used to fix my Wahl.  Read on to find out how. I opened up the Wahl by popping off the black plastic faceplate with a tiny flathead screwdriver, which revealed two screws.  By removing the two screws I was able to easily open up the unit, revealing the guts of the device. Backplate off, Revealing the screws The internals are rather simple: a motor, a...
Read more

Robust Installation of an HDHomeRun Networked TV Tuner. 64 OTA channels!

I added an HDHomerun (HDHR) over-the-air (OTA) streaming box to my home network, bringing over-the-air broadcast TV to my computers, phones and tablets.  The HDHR is a big upgrade from my previous setup: using a simple "window mount" antenna directly connected to my TV. A TV-attached antenna is good for watching some TV for free, but the HDHR offers so much more flexibility. Figure 0: HDHomeRun on my basement wall   My original OTA TV setup was haphazard at best. It was finicky, ugly, and hard for other people at home to use. I would actually tape my antenna to a window whenever I wanted to watch OTA TV. Plus, it only worked on my TV and not with my other devices. I wanted a cleaner and more modern OTA setup. After looking at possibilities, I developed two goals: (1) bring my OTA TV into the modern Internet-connected era, and (2) set it up in a reliable and pretty way so that other family members wouldn't have to fool around with the antenna or anything else.  With that,...
Read more

Verizon FiOS Electricity Use

My house has Verizon FiOS. Part of the FiOS installation included the mounting of a Verizon network backup battery unit in the basement. I asked myself "how much electricity does this box use?" Verizon FiOS: How much electricity does this cost me? So I plugged in my awesome Kill-A-Watt electricity usage meter to find out. My Kill-o-Watt watt meter reported that there was a 16 watt load on the circuit. And since Verizon's box is powered and plugged in 24 hours a day, 365 days a year, 16 watts would quickly add up to roughly 140 kilowatt hours per year: calculation: 16 watts x 8760 hours per year ÷ 1000 = 140.16 KWH/Year How much does 140 Kilowatt-hours cost in dollars and cents? Here's a table that shows how much that would cost per year based on recent residential electricity rates (source: DOE. State Electricity Profiles , 2006 Edition): State ¢/KWH ) $/Year Alabama 7.07 $9.91 Alaska 12.84 18.00 Arizona 8.24 11.55 ...
Read more

Other Posts

Show more