Cover Photo by FLY:D on Unsplash
Good morning, Good Afternoon, Good Evening! I don't know the time you're gonna read this, so be greeted!
Digital inclusion has given voice to almost every community in the world. We live in a wonderful era to discover new cultures and learn new things. There are several learning platforms, social networks where you can share your opinions, follow religious and community leaders, artists... The possibilities are almost infinite and if they are not infinite, they are very diverse.
With the diversification of access, security flaws multiply and, like a crumb on the floor, attracts cockroaches, flaws attract SCAMMERS.
This guide was designed for you, the connected person, who has doubts about security and wants to be prepared to avoid network security breaches and the headache resulting from the scams that have been reinvented more and more.
Step 1 — Do I use secure passwords?
123@password, god123, love123, john2304, StacyandBill1501… Passwords like these are all good examples of what NOT to USE.
The simpler your password, the easier it is for someone to figure out your access mechanisms, and as much as service providers try to prevent your data from being compromised, it's not too difficult for a social engineering scammer to get what he wants from you with a small talk on facebook, for example.
Social engineering is a technique that allows you to evaluate a person by what is important to him and what he demonstrates in conversations. A social engineer is nothing more than a person with great interpersonal skills, able to detect how you think through what you say. That way, he can “Kick” your passwords and try to access your account.
Although this method is common, it is not very effective, but there are other ways to try to circumvent your password, all of them based on what you post and what you make public out there.
As much as it sounds like I'm suggesting this, no, you don't have to stop posting your lunch photo, or your cat's birthday video, you just need to be a little more careful.
A secure password, for example, does not need to be generated by Norton's utility or your iphone's native algorithm (although this is recommended). You can create very reliable passwords yourself with a little logic.
For example, let's suppose that you, like me, have a cat named Priscilo. Priscilo has a birthday on May 3rd and as I believe in signs, I decided that he is a very stubborn Taurus. A good example of a password generated from this fact would be Pri03@stubborn05.
Note that in this example, we have a capital P heading the password, two numbers arranged in the body of the word, and a special symbol.
It's still not ideal, but you can get an idea of how a little creativity can improve your security on at least a couple of levels.
Another alternative is to use password managers to generate secure passwords. One that I really like is Norton Password Generator, from Symantec, a well-established security company in the market, which offers this free solution for those who don't want to waste time on it.
Step 2 — Testing Password Security
How do I know if my password is secure? Well, this question is not that difficult to answer, but don't worry, you won't have to ask Karen's son, who spends all day doing "computer stuff" to try to hack your instagram. It's easier to go to HAVE I BEEN PWNED and check it out.
No, I'm not sending you to a strange site with dangerous words. This site belongs to an Ethical Hacking community (basically, security agents and “good” hackers) that tests your passwords and emails, to verify that they are not in leaked databases. The term PWNED is an expression used by cybersecurity professionals for dominated, or compromised, data.
I have two cases here to show what this site does. The first is an email that I know has been leaked and the second is my podcast email that I recently created. Let's see what the website tells us.
As you can see, my data has been leaked and this is terrible to know, but all is not lost. We'll talk about what can be done later. If you, however, were luckier than me and your email wasn't leaked, the site will look a lot less scary, with this face:
Now you must be wondering, hey Fernando, you said I would be able to check my passwords, but you mentioned email. Well, that was on purpose. It's no use changing your facebook password if the hacker has access to your email. So, knowing now that your email may have been leaked, you will consider changing his password as well.
Let's go back to passwords. In the header of that site, there is an option to check if your passwords have been leaked or not:
Clicking there on Passwords, you will see this screen here:
Well, let's check our passwords. I'll start with one that I'm sure was leaked:
You can laugh, I used to use the same password for everything, but now let's see the password we tested at the beginning of this guide: Pri03@stubborn05.
Good! Yummy like hot popcorn in butter! By the way, do you like popcorn?
All kidding aside, this site serves as periodic prevention for your passwords, so whenever you consider reviewing your security, make sure the password you're thinking of using hasn't already been leaked.
Step 3 — I've Changed All My Passwords, But I Don't Think I'll Remember Them
If you're like me, running out of ideas and starting to forget things in your mid-30s, you're going to think, “Gee, now support, how do I remember this bunch of passwords? Isn't it better to use the same one everywhere to remember more easily?”.
Never use the same password on different websites, emails or apps. Always ensure that your passwords, especially those for emails and access to telephony and communication apps, are unique and strong.
As remembering all these combinations can be a problem even for those who memorized the phone book, uncle recommends the Bitwarden software:
Look how beautiful and free:
Here you will be able to store several information at once, such as trusted URLs within the Login, Password, username combo and the best, it even has a built-in secure password generator, which I will teach you how to use NOW!
First, click on that pretty button, with the plus sign there:
Then it will open a new form on the right:
Here you can choose whether the item you want to add is a login, a credit or debit card, an identity or a secret note.
The name is basically the title of that credential, for you to associate the password and the user with facebook, for example:
The password, you can manually fill in with one of your choice, or you can click on those two circular arrows, to generate a new one.
It will generate one according to the preset pattern and you can copy it for immediate use, but don't forget to click on the confirmation symbol before exiting Bitwarden:
After that, just fill in the url, if you want, to facilitate future navigation using BitWarden and click on the disk there to save:
If you don't know what a floppy disk is, sorry, it's that icon next to the CANCEL button.
The good news is that now that you have made an account on bitwarden and saved your passwords, they will be safe under an umbrella called “MASTER PASSWORD”. This, by the way, is the only password that I recommend that you memorize and preferably write it down on paper and keep it in a drawer in your house.
Another cool thing about Bitwarden is that you can install it on your desktop at home, on your work laptop and on your smartphone. It is also possible to open it in the browser, and your passwords will all be synchronized with the open instance, for you to use when you need it.
Step 4 — Two-Factor Authentication, when and how to use it?
The answer to these questions is as follows. The When, is always, the How, I will need to elaborate below.
Two-factor authentication is an extra layer of protection adopted by many software companies, basically this layer works with an application that generates a numeric or alphanumeric code continuously or an email that sends a numeric or alphanumeric code whenever an access is made. your account.
This also works for SMS, but this third option I strongly recommend that you don't adopt and I'll explain now why.
Basically, we live in a country where 63 cell phones are stolen per hour in capital cities (Information on Brazil). With this alarming number of devices being subtracted, it is to be expected that a scammer can, for example, try to access your email, or reset your password and use a code that arrives by SMS, right? Absolutely right. This is what is done most nowadays and there are even gangs specializing in scams with pix (an agile method of bank transfer, common in Brazil) and theft of devices.
Therefore, if you have SMS authentication, even if your device is locked, on some operating systems, most users leave the option of notifications on the lock screen available. With this, it is possible for them to see your code and from there, start a password reset process.
To get around this loophole, I recommend that you use Microsoft Authenticator. It is the best authenticator available on the market and in case your smartphone is removed, you can access your codes online, whether to quickly reset passwords, remove authentication or block the app on the device.
While google authenticator is just as good if your phone is stolen, it doesn't provide an online solution for you to access codes or remove your old authenticator from your account, so I don't recommend using it.
As well as providing a way to recover your access, Microsoft Authenticator can also help you with automatic filling of passwords, addresses and cards, being a wonderful alternative to BitWarden.
Step 5 — Biometrics and why we should be careful.
Biometrics can make your life and banking transactions much easier, but it can be a thorn in your side when it comes to theft.
If your cell phone is stolen and falls into the hands of advanced users, they can register additional biometrics and with it, access their banking applications whose configuration is allowing access through this means. Therefore, I strongly recommend that you avoid using bank accesses linked to biometrics as much as possible, as comfortable as it may seem.
If possible, have a cell phone with only your banking applications and other important information registered and leave on your daily use cell phone only a digital wallet app such as Paypal, Venmo, CashApp or similar. So, you can go to a more distant place, with your digital wallet card, the app and more secure that if you are robbed, not all will be lost.
That's all, folks!
If these tips were helpful to you, please like the post.
The topic is vast and the post was huge, I know I could summarize the information a lot more, but well, this was written during a coffee, so reading should take the same time and you will leave here, much more informed than when you arrived !
The original text was written in Portuguese and translated during another coffee, I apologize in advance for any errors and gladly accept corrections!
Top comments (0)