Basic Computer Security/General Security and Passwords

From Wikibooks, open books for an open world
Jump to navigation Jump to search
Padlock

The Golden Rule of Security[edit | edit source]

Convenience increases risk.

Saving passwords, sharing passwords, using easy-to-remember passwords, and using the same password for everything are all convenient, and all expose you to a greater security risk. Accepting every cookie on the web, opening files without virus scanning them first, and clicking blind links are all convenient, and all expose you to a greater security risk.

Passwords[edit | edit source]

Security is a critical issue that almost every one of us deals with. Most people surf the Internet for a number of things, like getting information about a topic, checking email, shopping, reading, or even selling goods. The Internet has made all of these activities easier and faster to achieve with less time and effort. Still, this convenience does not come without a price.

Internet security is a concern for everyone who uses the Internet. How can you be sure that your identity, passwords, personal information, shopping information and credit card numbers are all protected and that they are not available to hackers and malicious users? Here are some tips that can help protect you online:

  • Never give your username and password to anyone.
  • Always make sure you read the privacy policy of the websites that you visit before giving any personal information.
  • If you are shopping online, never shop from an untrusted website. If you have doubt about the website check its privacy policy and any information about their method of protecting your data, if available. If you are still in doubt, then do not shop from that website and keep searching for more trusted websites.
  • Don't provide your email username and password to websites that will be able to log on to your account automatically. This is a big risk as personal information can be accessed through emails.

There are also a number of preventive measures that you can take to prevent the installation/invasion of keyloggers (programs that record what you type and send data off through the Internet without the user noticing) and Trojan Horses (software that appears innocent but actually allows unwanted access to your computer) onto your computer. These include:

  1. Install and keep up-to-date an antivirus program (there are a number of commercial and several free anti-virus programs around that will do a good job)
  2. Use a firewall (also several free, reliable ones around)
  3. Install and regularly run anti-adware/spyware scanners.
  4. Consider an obstructive method of password entry. See Avoiding Keyloggers.

Having these utilities will vastly increase the security of your computer - but never rely solely on them. Behavior practices as discussed in the previous section are also essential to providing good security.

Password Policies[edit | edit source]

Each organization that requires its users to use passwords to access services might enforce a password policy. Password policies have both positive and negative effects. On the positive side, they force users to pick "good" passwords (e.g., passwords of some minimum length, with certain types of characters - so that the search space is larger for a brute force attacker etc.). On the negative side, they might reduce the search space for a brute force attacker who knows the policy.

Password managers[edit | edit source]

You should use a password manager for storing many strong and unique passwords because it will be impossible to remember many complex passwords and writing them down is not good in most situations.

  • Use a password manager that uses strong encryption and never plain text.
  • Cloud storage of passwords is a severe risk, but if you use a cloud password manager then make sure to use two factor authentication and do an audit of the service to make sure that there are no easy bypasses.

There is a myth that password managers are dangerous because somebody could get all your passwords at once. Any malware that can gain access to an encrypted password manager could just as easily keylog them as you type them in.

Resources[edit | edit source]

(To be included in the article)

http://www.theregister.co.uk/2003/04/18/office_workers_give_away_passwords/

http://www.silkroadforums.com/viewtopic.php?t=2007