Thursday, October 4, 2012

My Complete Guide to Staying Safe and Anonymous Online, Part 2 of 2 - Advanced Topics

After the last post about online security basics, we now get really serious about security.

If you’re like the me from a few months ago, you have only a handful of passwords that you reuse on a bunch of different websites. Well, this is a really bad habit for your online security, because if your password on one website is hacked (and it’s almost certain that one of your passwords has been hacked, sometime, somewhere), then the hacker(s) can use that password to log in to your account on any other website where you’ve used the same password.

So, reusing passwords is a very, very bad habit. One that I too was guilty of. Well, that stops today.

Now that we have your computer, email, and browsing habits somewhat protected, it’s time to protect the rest of your online life - we’re going to use an excellent software package to make all of your passwords practically unhackable (and completely un-memorizable to boot). And no, doing this won’t cause never-ending frustrations - in fact, it will save you time in short order.

This is an awesome piece of software - start using it.

Seventh step - download and install Dashlane and PWGen - and Dashlane is also available for iPhones and Android, so you’ll want to install it on your smartphone too, if you have one.

Using these two programs together (Dashlane and PWGen), we can create completely random, practically unhackable, totally unique passwords for every online account you have.

Dashlane is my favorite password manager - mainly because it’s free to use on both desktops and Android smartphones, and I’ve read that it’s browser integration is better than other password managers. Lastpass is another popular option, but you have to pay to get Lastpass on your smartphone. The one drawback to Dashlane (which will likely be fixed in a future release) is that I don’t think that the random passwords generated by Dashlane are strong enough - hence the use of PWGen, a little open-source password generator.

Anyway, now comes the longest and most difficult part of using Dashlane - you have to log into every website you use (banking, personal finance, web forums, any email accounts other than Gmail, Facebook, LinkedIn, Twitter, etc.), change the password to a new, unique, random password generated by PWGen (preferably 20+ characters, a mix of upper- and lower-case letters, numbers, and symbols), and save the password in Dashlane. It probably took me 60-90 minutes to do this initial setup with the 50 or so web accounts that immediately came to mind (though my number of accounts in Dashlane has since grown to just over 100). It’s a bit of work, yes, but manageable - even my wife, who thinks I’m a bit paranoid when it comes to computer security, has gotten used to using Dashlane without a problem.

And here’s the awesome part - once you do that initial setup (thereby vastly increasing the security of your online passwords, since now every web account you use now has a completely unique, random, practically unhackable password), you never have to log into a website again - Dashlane automatically fills out username and password forms and logs you in, saving you tons of time over the long-run. And if one of your passwords might have been compromised (e.g. like when LinkedIn was hacked a few weeks ago), Dashlane will inform you automatically and tell you that you need to change your password.

It is a strangely liberating feeling, not knowing any of my own passwords (except my Dashlane password, of course, which is very long and complicated, but it’s the only password I have to remember anymore), and Dashlane actually saves a lot of time - I never realized how much time I used to spend logging into websites until I didn’t have to do it anymore. And for those occasional times that you need to log in to a website while you’re away from your main computer, you can bring up the password on your smartphone to enter it manually.

Don't let this happen to you.

Eighth step - back up your important files. Note that I’m not really recommending that you back up ALL your files - for example, I don’t think it’s important to back up program files if you still have the install disks or can easily download the software from where you originally got it.

Instead, you should think about levels of file backup. Your most important files need to be on at least three separate media in at least two physical locations - for example, they need to be 1) on your main computer, 2) on an external drive, and 3) on an online cloud storage service. These are the files that are irreplaceable and that you would seriously regret losing - for me, these are all the files related to my undergrad and graduate education (some of which I still refer to often as a part of my job), my wedding photos, and other personal photos from all the adventures my wife and I have had together - and pictures of the Babycrat will be added to this list after she’s born.

The second level of backup are files that are replaceable but that it would be rather inconvenient to replace. For example, I also don’t think it’s important to have an online backup of music or movie files, since you can either re-rip the music from your original CDs or re-download your movies from Amazon, iTunes, or wherever you get your movies - and these files tend to be large, and most online storage solutions price by the gigabyte. But, they’d be a pain to replace, and external storage is cheap - so, you should have these files on your main computer and on an external drive, or on two different external drives, if you don’t keep stuff like that on your main computer.

The last level of backup are files that only exist on your main computer and therefore aren’t backed up - your operating system files, program files that you can easily reinstall, etc.

The lesson here is this: pretty much anything else you care about keeping needs to be on at least two separate media, and anything that you absolutely must keep needs to be on three separate media in two separate locations.

Backing files up properly may sound like a lot of work, but I was actually surprised at how few files I found to be important enough to back up online.

As far as WHERE to back up files online, Dropbox is very popular, though it doesn’t offer much storage space for free. Box.com is my personal favorite, but mainly because I joined Box.com through a promotion that gave me a whopping 50GB of storage space for free, and their normal free accounts offer much less. If you have more stuff to back up than you can conveniently store for free, I’d recommend Amazon’s new Glacier service, which offers very cheap, month-to-month, a-la-carte online backup services.

So, backing up your files will probably cost a little money, if you need to buy an external drive and/or pay something for online backup services. But, spending a little money to protect your most important files is better than losing all your files, photos, etc. to a house fire, hard drive failure, faulty wiring, etc.

My final recommendation for staying safe and anonymous online also costs money - a private VPN service. I introduced VPNs in a previous blog post, and I decided to expand that post into this full how-to for staying safe and anonymous online.

Protect your access to the internet.

VPNs allow you to keep any and all of your internet activity private from everyone (including your own internet service provider), except for the VPN company - therefore, it’s best to buy VPN service from a reputable company with a history of providing VPN services. However, your most important online activity (such as online banking) will stay private from even the VPN because of those sites’ use of SSL (which is in use whenever you see https in your browser address bar). Depending on the VPN service you choose, it also gives you the handy ability to make your computer appear like it is physically in a number of different countries around the world - and this can sometimes be very useful. For example, if you’re traveling and want to stream your Netflix movies while outside the USA, you usually can’t - but with a VPN, you can make Netflix think that you’re inside the USA, and you can watch the movies you’re paying for. Or, this past summer, if you were extremely dissatisfied with NBC’s coverage of the Olympics and wanted to watch the BBC’s coverage, the only way you could do this was by making your computer appear to be inside Great Britain - which is very easy to do with a VPN.

My personal recommendation is AirVPN, though there are other good VPN companies out there as well.

If you do all of the above, you’ll be safer and more anonymous online than 99% of internet users - and since thieves, hackers, and other unsavory online types generally target the easiest victims, these steps greatly decrease the odds that you will suffer some breach of security or privacy online.

4 comments:

  1. i think is better to use a online storage not US based.
    i read us gov have free access to your data if needed
    right ?

    ReplyDelete
    Replies
    1. Anonymous: Honestly, that's a little paranoid - most companies won't hand over a customer's data without at least a subpoena. And, for better or worse, most of the best online data storage companies are US-based.

      However, I encrypt everything I upload to online storage sites before uploading it anyway, so that even if my data is stolen / handed over to the government or some other entity, the data is useless to them. Therefore, I'm happy to use US-based online storage, especially if it's free ;)

      -The Angry Bureaucrat

      Delete
  2. How do you evaluate the risk oh handing your passwords over to Dsshlane? What if they err hacked?

    ReplyDelete
    Replies
    1. Anonymous: Sorry for the delayed reply; I was out of town for more than a week.

      Your data is encrypted with your password / passphrase BEFORE it's ever sent to Dashlane - therefore, even if they're hacked, all the hackers get is an encrypted file. The ONLY thing Dashlane stores is your encrypted data, so it's safe if they're hacked.

      On the downside, there's no way to recover your data if you forget your password / passphrase, obviously - so don't forget it!

      -The Angry Bureaucrat

      Delete