Secret Decoder Ring

OK – Right now we are studying Web Security in the course. This is a subject guaranteed to make the most sanguine person just a little paranoid.

Apparently, no data is totally secure.  Public keys, private keys, certificates, hashing, encryption of data right down to e-mail messages, digital signatures, CAPTCHAs – there are so many methods of protecting our information out there and all of them seem to be one big step behind the capabilities of the evildoers who want the information.

Brute force attacks, denial of service, spambots, zombie computer armies – even something as seemingly innocuous as content scraping (imitation may be the sincerest form of flattery but I draw the line at out-and-out plagiarism) – there are more ways of misusing information than there are of protecting it.

That said, there are some things you can do to keep your data safer than if you did nothing.

  1. DON’T SHARE YOUR PASSWORDS! It is amazing how many people ignore this simple safety rule.
  2. Use unique passwords. DON’T use your birthday or your dog’s name – use as many varied characters as permitted by the environment requesting the password.
  3. Use a different password for each environment that requires one. (Using your bank password for your Facebook account is asking for trouble!)
  4. Do not store your password list on your computer. If you have too many passwords to remember them all, make a list on a USB key or some other removable medium and keep it in a separate location.
  5. If you have to keep a hardcopy of your passwords, keep it somewhere secure. A safety deposit box is a good idea ( put your will and the deed to your house in there too).
  6. If you have to keep sensitive data on your computer, password-protect the folders or files.  (See the rules for passwords above…)
  7. Don’t reply to e-mails asking for sensitive information. If your bank really needs you to update your information, they are not going to ask you for it by e-mail! If you are not sure, call them up and ask!
  8. Don’t send any financial information by e-mail. Bank account and credit card numbers can be stripped out of e-mails at the server level, without you ever knowing about it.
  9. USE A GOOD ANTIVIRUS PROGRAM. Set it to run at least weekly (I run mine daily) and update it regularly.
  10. Use a firewall. Whether a software firewall or a hardware one (router).

There are many other ways to keep information and data secure. Do a web search for “personal web security” and you will find literally millions of listings. It really is enough to make a person a tiny bit paranoid.

And me? I’m not all that paranoid, but I’m wondering if a tinfoil hat could pass as a fashion statement…