Skip to main content

On Accounts and Passwords

I have some well-formed opinions on account security.  They have evolved over time as I have better understood the risks.  Unfortunately, I think the following list is good for all users everywhere.

The basic principle is to assume that nothing is secure.  Even if you keep your username and passwords secure doesn't mean that your bank, ISP, or Email provider keeps its systems secure.


Login Practices
  • Always check for proper HTTPS/SSL security.
  • Never use a link published in an email.
  • Use disposable accounts whenever possible.  Your account for your knitting forum shouldn't have any relationship to your account for your bank.
  • Only access sites with a good reputation, and a reputation that they need to uphold.

Password Practices

  • Never use the same password more than once.   If a hacker steals your password from DumbCo, you don't want that hacker to try that password at BigBucksBank.
  • Change your passwords.  People steal encrypted passwords.  Over time, they could crack those encrypted passwords.  By changing your passwords occasionally, you diminish that attack vector.
  • Use two-factor authentication whenever possible.
  • Never let anyone know your passwords.
  • Long and complicated passwords are better.
  • Avoid on-line account managers that result in a large store of passwords.
Email Practices
  • Keep your email accounts very secure.  If you can reset your passwords over email, then so can a bad person.
  • Use more than one email account.  Don't use the same email account for your knitting forum or Facebook that you use for your bank.
  • Never open or read junk mail.  Assume that it will infect your computer.
  • Never trust email from your friends.  Their accounts could have been compromised.
  • Avoid webmail services
Computer Practices
  • Minimize the number of devices you use.  The more devices you use, the more work is required to keep them secure and the higher the odds are that one of them is compromised.
  • Trust less trustworthy computers less.  Your home Windows XP machine is more vulnerable than your iPad.  Be more skeptical of less secure environments.
  • Never log in from an unknown machine.  That means you should never trust the computer in the hotel lobby, the computer at school, or even the computer at work.  Assume that there are keyloggers and screen-sharing technologies on each device you use.
  • Do not let others use or maintain your computer without strict oversight.
  • Use a quality browser that has anti-phishing capabilities.  Keep that browser up-to-date.  Avoid browser plugins.
  • Encrypt your computer's hard drive, and use a long and complicated password.
  • Put a password on your computer's login screen.  Do not let users share accounts.
  • Do not give day-to-day user accounts administrative privileges.
  • Shutdown your devices when not in use.
  • Scan for malware on all of your devices often.
  • Keep your software and OS up-to-date.
  • Do not install any software that hasn't been fully validated by a reputable party.
  • Be very hesitant in giving administrative rights to any software.
  • Back up your devices often, and keep control of your backups.  Keep your backups elsewhere (assume your neighborhood will burn down).
  • For encrypted files, use very long and complex passwords in order to minimize the odds that someone will be able to crack the file in years to come.
  • Use WPA2/AES security on your home WIFI network.  If your devices don't support WPA2/AES, upgrade your devices.

General Practices
  • Keep an off-line list of your accounts so you can easily take action if one account is compromised.
  • Watch over your account activity.
  • Be very concerned about account access issues or "odd behavior".
  • Remember that your network is compromised - your ISP, in combination with web site providers can access nearly all your network communications.
  • Do not trust the manufacturer of your home wireless router, handset, operating system, or third party software.  Again, all your data runs through these devices.
  • Never trust a 3rd party that can send you an email with your password within it.
  • Keep in tune with security vulnerabilities and compromises.


Popular posts from this blog

Fixing a SodaStream Jet, part 1: Disassembly Guide

I've had my SodaStream Jet for years, and once in a while something has gone wrong. Disassembly is the first step to repair.  Start with this article to see how to disassemble the SodaStream, and then once you have that down, scroll through my other articles to see how I repaired specfic SodaStream problems. SodaStream Jet Disassembly Guide Tools Required Flat head screwdriver Phillips head screwdriver 1. Remove the Carbonator.  Duh. 2. Remove the black panel lever The front big black tilt lever needs to be removed first. Removing this panel is tricky, but it isn't impossible. Looking up at the bottom of the black panel, there are two tabs, one on the left and one on the right. These tabs fully secure the panel in place. The trick is to use a flat-head screwdriver under the plastic to gently lever the tabs out of the way.  Note in the pictures how I approach these tabs with my screwdriver.  I usually release the left side first, and then I release ...
Read more

Fixing my Wahl 9918 Groomsman Beard and Mustache Trimmer

Not everyone would bother repairing a $25 beard trimmer, but why not fix something for under $5 instead of spending another $25? My  Wahl 9918 Groomsman Beard and Mustache Trimmer  has admirably performed its beauty duty for many years, but the time came when the battery just wasn't holding a charge any more.  Most people would just put the trimmer in the trash and buy a new one, but I figured I could repair my otherwise excellent Wahl and save some money. In fact, even high priced trimmer and rotary shaver brands, like Norelco and Remington, can be easily repaired using a process similar to the one I used to fix my Wahl.  Read on to find out how. I opened up the Wahl by popping off the black plastic faceplate with a tiny flathead screwdriver, which revealed two screws.  By removing the two screws I was able to easily open up the unit, revealing the guts of the device. Backplate off, Revealing the screws The internals are rather simple: a motor, a...
Read more

Macintosh: Upgrading an eMac

It's been a long time since I wrote this article, but the fact remains: The good old eMac can still be useful if you take the simple steps to keep it as good as it can be.  All can run Tiger, and most can run Leopard - great operating systems for their day with a bit of useful life.  This article describes the procedure I used to upgrade my old eMac, including: Replacing the internal hard disk with a large capacity drive. Increasing the memory for performance Upgrading the operating system Here I'm upgrading a 700 MHz eMac, but the procedure and tasks for upgrading other eMac models should be almost identical. Upgrading versus Replacing My sister's eMac is of the 700 mhz variety, with 256 MB of memory. The machine seemed to be getting "slower", and the original 40 GB disk was becoming jammed packed with photos and iTunes, and within a few months she'd be out of disk space. There were two options to address the problems: upgrade the eMac, or go o...
Read more

Porsche Key Remote Battery Repair Video How-To

We now live in the age where part of your life is spending time and money maintaining and repairing things like your car keys . My Porsche's remote key was getting weaker and weaker, until one day it stopped operating altogether. Keyless remote without the remoteness. Not so good. I was a bit fearful spending a sizable chunk of my time and money at the dealership to have such a small problem addressed, and so I decided that I would try to replace the battery myself. Items required A clear work surface A small flat blade screw driver. A quality lithium CR-2032 Battery, available here. Procedure The following video shows how I successfully opened up the key without breaking it, and replaced the alarm remote battery. In short, from the vantage point of the key's steel part facing away and the buttons facing up: I take a small screwdriver and press on the little plastic tab on the left side.  At the same time I use my fingers to start to pull the two halves apart.  From th...
Read more

Trendnet TEW-652BRP and DD-WRT Success!

I recently visited my dad while on a business trip when I coincidentally discovered that DD-WRT is now available for his TEW-652. The TEW-652BRP has been a great router for my father, but it isn't what I'd call "feature rich". An upgrade to DD-WRT is a big bonus. I live 2500 miles away from my non-technical father, and so a well-specified router that helps me manage his network remotely is important to both of us. This article will explain what I did to finally get DD-WRT working on my TEW-652BRP v1.0R. About the TEW-652brp It's a nice looking little black 802.11n, 2.5 GHz router. It was amazingly inexpensive (usually way under $30), and  the TEW-652brp is available through Amazon. Mine is a version 1.0R, you'll likely want the same version. Out of the box, it works quite well - it has been stable, and I was fairly happy with the stock firmware. But it was short on features - I like having VPN, SSH, and flexible DHCP services on the home netwo...
Read more

Excellent DD-WRT Router for Me: Netgear WNDR3400 / N600

My WiFi performance was suffering, and so I decided to do something about it and upgrade my router. When I say my WiFi performance was suffering, I really mean it:  I live in a large high-rise apartment building and there are 100+ WiFi access points visible from my home office.  All of the contentious traffic was severely curtailing my WiFi reliability.  I was lucky to get 1 Mbit/second throughput.  Sometimes I was lucky to stay connected even with my WiFi router in the same room. I decided it was time to go for 5 GHz, which is a WiFi band which is used less frequently and which has a tougher time traversing walls.  And of course I wanted DD-WRT support.  The set of features I was looking for included: Trouble-free DD-WRT support 5 GHz 802.11n Support Simultaneous dual band capability Inexpensive.  Maybe even cheap.  For me this means under $50.  Under $35 is even better! It sounds like an easy task to bring all this together: A...
Read more

Other Posts

Show more