avatarSteve C

Summary

The web content provides a comprehensive guide on personal digital security, detailing recommendations from basic to advanced levels to enhance one's security posture against digital threats.

Abstract

The article "Personal Digital Security Recommendations" outlines a series of steps individuals can take to bolster their digital security. It emphasizes the importance of securing mobile devices with strong access codes, being vigilant with computer locks in public spaces, and practicing discretion with passwords. The guide advises on limiting location services, avoiding public WiFi, and using private browsing modes. It also suggests regular maintenance such as clearing cache, history, and cookies, and running antimalware and antivirus software. The importance of software updates, data backups, and educating children on digital security is highlighted. Advanced measures include using HTTPS, encrypting sensitive files, employing a VPN, and creating a personal disaster plan. Expert-level advice introduces the use of two-factor authentication, encryption, virtual machines, and TOR networks for ultimate security. The article also notes the evolution of NIST's password recommendations and provides definitions and acronyms related to digital security.

Opinions

  • The author believes that free computer software is not truly free, as the user's data often becomes the commodity.
  • There is a clear stance against default settings for internet routers, advocating for unique passwords and WPA2 security.
  • The article expresses that human behavior is often the weakest link in digital security, emphasizing the need for responsible behavior to mitigate risks.
  • The author suggests that password managers are more secure than any personal system one might devise, due to the sophistication and resources of bad actors.
  • There is an opinion that third-party DNS providers are preferable to those provided by ISPs, as they offer enhanced security and potential speed improvements.
  • The use of VPNs is encouraged for both security and anonymity, especially on public WiFi.
  • The author implies that while high-level security measures such as running a VM on an encrypted Mac using a VPN via TOR networks are effective, they may be excessive for the average user and are generally reserved for those with specific needs or concerns.
  • The article conveys skepticism about the effectiveness of automatic password changing policies, suggesting they may not significantly enhance security.

Personal Digital Security Recommendations

Photo by Philipp Katzenberger on Unsplash

This is a consolidation of some Digital Security recommendations I have come across over the last few years. These are some common, some easy, and some sophisticated things one can do to incrementally improve their personal computer security profile. The very basic things generally need no explaining on how to do it or really why. Some of the other steps may be challenging. However, this is not meant to be a “how to” instruction. For that, one can do more research or seek out a knowledgeable friend to assist. In that case, hopefully the information and tips here get you started and enable you to be better informed for those discussions.

This is not everything one can do, all inclusive, nor a guarantee of any implied protection. Understand what you are doing before you do it. Taking responsibility will ensure your best protection.

As this is also not an academic research paper, there clearly are some opinions, invariably some errors, and unattributed use of other sources.

Remember too, you get what you pay for. Free, in computer software, is not free. Basically, you are the commodity.

Basics

1. Absolutely positively “lock” your mobile devices with an access code, the longer the access code the better, ex: six digits is better than four.

2. Do not leave your computer unattended without “locking” it, particularly in public (at work, at Starbucks, even at home, get in the habit of doing it).

* Set up an automatic screen lock after a given period of time (minutes not hours)

3. Do not share your password. If and when you do (say for an IT department to remote into your computer with your knowledge, or to a friend who is helping you set up accounts or computer security) immediately change your password after the session.

4. Judiciously limit location services on all mobile devices.

5. Be careful on public WiFi, use your mobile device’s Personal Hotspot instead.

6. Periodically restart your computer.

7. Periodically clear your computer’s cache.

8. Use Private Browsing mode on your search engine or use other more private browsers that do this automatically, such as Brave or Duck-Duck-Go.

9. Periodically clear your browsers history, and cookies. Better yet, adjust the setting not to save your history.

10. Turn-off browser’s default suggestions, such as tracking, history, cookies, pop-ups, reporting, etc.

11. If you use Google, go through the privacy/security settings and turn practically everything off — such as history, location, analytics, etc.

* Do this too on your social media sites. Review, understand, and adjust your settings, don’t use their defaults. Ensure you are not sharing your information with everyone, vs just your contracts, vs just those you list, for example.

12. Review your credit reports.

* Lock your credit — on all three agencies

13. Periodically run anti-malware and anti-virus on your devices, keep their databases up to date.

14. Keep your computer software current, ideally set so that software updates are automatic. This ensures you are running any software patches the software or App has created to combat known vulnerabilities.

15. Back up your data:

* via external hard drives, thumb drives, discs, etc.

* using a cloud service (which can be safe and save you memory space)

* make it automatic

16. Teach your kids these things

17. Understand that generally human behavior is most often the greatest security vulnerability. You, your behavior and habits, mostly in the name of convenience, are the weakest link and your most vulnerable exposure. The best approach is to not make yourself a target (don’t walk in to a place of business, set up your laptop with an open screen, connect to their WiFi, and go to the counter to order). If you work at a place where you can walk around and see everyone’s live computer screen glowing, with no-one at the desk — you may have a problem. If you, or your kids, do this at home and you have visitors (friends, contractors, relatives) — you may have a problem. Example: you share your WiFi with a visiting relative, or child’s friend and they go on-line. Their behavior and their device are now your problem. They can expose you, your network, and your data.

Digital Security 101- High School Level

* Don’t post PII on Social media sites

* birthday, address, vacations, banks, kids name, etc. Don’t connect the dots for them.

* Don’t share personal data/accounts/sign-ons with anyone

* email

  • don’t open or download unknown attachments, even from friends (they may have been compromised)
  • don’t click on unknown links
  • watch out for phishing attacks, to include at work

* Phone calls — understand and know that in public others are listening

* Photos — turn off auto geo-locating on your camera/phone, particularly those being shared publicly (such as on social media)

* Use strong passwords:

  • at least 8 characters
  • character length is much important than using “@1bH*). It is a math problem, not a text recognition or dictionary problem. The entire dictionary is on-line, even for the odd codes, numbers, and symbols.
  • use pass-phrases
  • don’t repeat passwords or pass-phrases across accounts, even the innocuous ones. All they need is an “in”, and “peel the onion” from there. Your profile and identity are more “connected” than you think.

* Use a Password Manager- they can greatly simplify your password management and ARE more secure than whatever clever system you are using. You are not going to out-think the bad actors. They have more skill, more time, more motivation, and much more processing power than you will ever have. If you think it does not matter, or you do not need one; you are the vulnerability. It’s that simple.

  • Set it up with 2-Factor Authentication

* Adjust your Internet Router defaults:

  • rename the default network
  • create your own unique password (don’t use the default)
  • ensure using WPA2 security on wireless

* Ensure your computer’s Firewall is turned on

Advanced Digital Security 201- College Level

* Use “https” when at all possible, make sure that “s” is there on sensitive sites, there are “Add-ins” that do this by default.

* Password protect sensitive files (using the software’s inherent Word/Excel/Adobe menu/tools)

Note: password protection and encryption are not the same thing.

* if password protected your data is “locked” behind a door

* if encrypted, even if they get pass the locked door, your data is non-sensical until decrypted.

* Encrypt your hard drive:

* Turn on FileVault for OSX

* For Windows use Windows Defender (or other product)

* Tweak, the many settings of, your Router

  • change your service provider’s default DNS to a 3rd Party provider in lieu of the default provided by your ISP
  • They are more secure.
  • They can be faster.
  • They can be customizable, such as creating parental controls and blocking sites.

* Set your “delete files” or erasing to overwrite data, i.e. turn on secure empty trash

* Use a VPN:

  • For Security — middle man access to your data connection is prevented, i.e. bad actors cannot intercept your data
  • For Anonymity — your virtual location, physically, is masked
  • Always when on public wi-fi, particularly when doing anything other than generic web surfing. You are very vulnerable when on public WiFi. When at home and/or on a “trusted” network use of a VPN is less critical, though one may still do so for anonymity.
  • they “work” but can be a pain, provide false security (because you think they are on but they are not) and may slow down your network traffic and sometimes don’t work with your browser at all
  • if you are doing anything at all you don’t want others to know you are doing, for any reason, use a VPN

* Develop a Personal Disaster Plan — i.e. what to do if your data is hacked (by a bad actor) or lost (such as due to a hard drive failure). This is how one would reconstitute their digital life in the event of a major incident (theft, hacking, ransomware, failed hard drive, forgotten passwords, loss, damage, etc.)

Expert Digital Security 301- Masters Degree

* Use 2-factor authentication

  • via text message to mobile devices
  • via message to your email
  • self-generated using an Authenticator App
  • using a Key Fob

Note — one big threat/vulnerability is losing your phone with it tied to multitudes of two factor authentication. Prepare in advance. Have recovery phone numbers, emails, and/or printed out recovery codes (locked away).

* Learn about, and use, Encryption

  • for sensitive files — a one-by-one approach (ex with TruCrypt or VeraCrypt)
  • Create/use an encrypted folder (again with TruCrypt or VeraCrypt)
  • Understand about public keys and private keys
  • learn about Hashing, and adding “Salt”

* Be in a VM environment

  • can also combine with dual VPN’s (the VM connects via one VPN then the browser connects with another)

* Use a TOR browser

PhD Level Digital Security

* Run a VM on an encrypted Mac using a VPN with a 3rd party DNS via TOR networks. Understand, those targeting you are doing this. You don’t need to do this, unless you are either paranoid or doing things you really shouldn’t be doing, or just to understand what is possible for others.

* Leave this to the experts. Unplug and go enjoy yourself!

Regarding password use, in June 2017 NIST recently updated their standards and subsequent recommendations, to include the following:

  • Stop requiring complex composition requirements
  • Stop requiring/using “hints”
  • Stop requiring dated/automatic password changing/updating
  • Use at least 8 characters in length
  • Allow use of non-numerical and text characters, included the space character

* Use 2-FA

  • Something you know (presumably your password)
  • Something you have (an authentication token)
  • Something you are (fingerprint, facial scan)

Definitions/Acronyms

* Phishing attack — a form of social engineering actions whereby bad actors spoof their identity and intent to persuade you to do something you should not do. They are very clever, very sophisticated, and work using both mass and targeted attacks. Let it be someone else that falls for the ruse.

* PII — Personally Identifiable Information; anything unique to you, or your family, information that if in the hands of bad actors could be used to compromise you

* Firewall — a secure “door” to your computer device

* https — Hypertext Transfer Protocol Secure; preface to a web address indicating site is using an encrypted connection

* Two-Factor Authentication (2FA) — in addition to using a password, requiring something you physically have to generate a code with which to gain access to an account

* WPS2 — Wireless Protected Access 2; upgraded security on how one connects to the internet using their wireless router

* VPN — Virtual Private Network; using computers (loosely defined) other than your own to route your internet traffic

* ISP — Internet Service Provider, the company providing internet service to your home/office/router

* DNS — Domain Name System; how a computer resolves a web site’s name with its numerical address. The internet is based on numerical addresses, not names. Oversimplified, the name you see and type in is just a user interface.

* TOR — open source software providing a true means to connect to the internet anonymously. Derived from “The Onion Router”. It is a free worldwide network of volunteers upon which one can “piggyback” their way around the internet.

* VM — Virtual Machine; a computer within a computer. Using your own physical machine to host, or temporally emplace, a software based completely separate and independently run computer. When one logs off the VM it is gone. Its use was simply an instance and does not have persistent presence on your physical machine.

* Encryption — (much) higher math used to jumble content such that it is unreadable and non-sensical while in an encrypted state. Truly secure and “nearly” (for all practical purposes) foolproof.

* Symmetric Encryption — using a single one-way cipher to encode data

* Asymmetric Encryption — using two keys (public and private) to encode/decode data

* Private Key — a different key than the Public Key that is used to decrypt a file, a form of asymmetric encryption

* Hash — using a one-way mathematical algorithm to convert a known value to a random, but unique, un-relatable new value.

* Salt — adding further complexity to a Hash by inserting another random unrelated prefix to the value before executing the Hash. Note: one can then Hash the (Salt + Hash)

* CIA Triad — in computer security, the three elements one is protecting:

  • Confidentiality — preventing people who do not have privileges from access to data, i.e. not letting them in, ex. Passwords, Firewalls, and User Permissions prevent this.
  • Integrity — preventing your data from being retrieved or altered without your permission, i.e. if once in, not letting people do anything with your data. Ex: encryption prevents this, as does restricted user rights. This is meant to ensure your data is exactly as you last left it, including not copied by someone else.
  • Availability — ensuring your data is accessible when you want it. Most commonly Internet access Denial of Service Attacks and Ransomware are culprits, as is someone else deleting your file or hard drive without your permission.
  • NIST — National Institute of Standards and Technology

Links

https://link.medium.com/9KJRM1eElY Story about cracking passwords

https://link.medium.com/4k8qNjPnlY Passwords

https://link.medium.com/NI1O9AOllY Passwords

https://link.medium.com/x2WhCn4ClY Password Manager

https://link.medium.com/Ff9DeFomlY WiFi

https://link.medium.com/FgZOzuoDlY Email security

https://link.medium.com/leXMbX0llY Internet Traffic Encryption

https://link.medium.com/665YSb9ClY Encryption

https://link.medium.com/HxXlpRgDlY Encryption

https://link.medium.com/iYbi2HPDlY Algorithm/Cryptography, very technical

https://link.medium.com/XLOS0X7DlY Hashing and salting, very technical

Security
Cybersecurity
Passwords
Computers
How To
Recommended from ReadMedium
avatarManpreet Singh
Goodbye RAG? Gemini 2.0 Flash Have Just Killed It!

Alright!!!

4 min read
avatarEduardo Messuti
Top 16 DevOps Tools for 2025: (Excellent for SREs, Too!)

Introduction

9 min read
avatarHarendra
How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

5 min read
avatarLouis Moynihan
ERC-4337 & Web3 Messaging

Web3 User Experience Background:

6 min read
avatarVipra Singh
AI Agents: Build an Agent from Scratch (Part-2)

Discover AI agents, their design, and real-world applications.

10 min read
avatarJoel Wembo
Technical Guide: End-to-End CI/CD DevOps with Jenkins, Docker, Kubernetes, ArgoCD, Github Actions …

Building an end-to-end CI/CD pipeline for Django applications using Jenkins, Docker, Kubernetes, ArgoCD, AWS EKS, AWS EC2

54 min read