Blue Tech Backpack: Digital Security Basics
In part 1, I shared some tips for preserving digital privacy. I’ll now explain some basic techniques you can follow to protect your online life from attackers.
Blue Tech Threat Model
As the singularity approaches and the digital and physical worlds merge, it’s important to be on guard to the hidden dangers that come with these changes.
Your computer is probably part of a botnet already. Smart and sophisticated hacker groups, motivated by profit or curiosity, hunt for ways to exploit our personal information and steal our crypto. Meanwhile, nation-states are using AI to supercharge their cyber-warfare skills, and we ordinary people become targets or unintentional casualties in their digital geopolitics battles.
Solution: Mindful computing
The overarching principle of all protective security practices is: be mindful when you use computers. Being in a rush, clicking without thinking, or operating computers on automatic pilot, are all enemies of security. So, if you want to be safe, take a deep breath, and think twice before you download that shady plugin to watch a movie online. Here are some basic techniques you can use to increase your online protection by a lot. It’s all stuff I already do. Again, they are ordered from basic to hardcore, and in order of increasing impact/paranoia. Follow along until you’re satisfied with your protection level. This guide is *not enough* if you’re a crypto user. This guide is absolutely definitely not enough if you work in crypto.
TL;DR
- Do not reuse passwords. Get comfortable with “reset password”.
- Use 2FA on absolutely all accounts.
- Update software all the time, especially the browser and operating system.
- Format your computer at least once a year.
- Email: Do not download executables from anyone. Do not download PDFs or documents from strangers. Do not install cracked programs or pirated software.
- Use a VPN.
1. Do not reuse passwords
Do not f*ing reuse passwords. Get comfortable with using “reset password” if you forget your unique passwords. Reusing passwords is catastrophic if any of your accounts gets compromised and, I can assure you, many of yours are. Password managers add a layer of software that can fail to your security model, so I don’t recommend them.
Instead, use a long and secure prefix to generate unique passwords and change them regularly (eg: every 1-2 years). For example, “banana & Dog 42 “ is a good prefix (long and contains uppercase, special characters, and numbers). Then you just need to remember 1 extra word per service (eg: “banana & Dog 42 zuck” for facebook password, “banana & Dog 42 elon” for twitter, etc.). This technique does not protect you against a targeted attack, but most people shouldn’t protect for that scenario anyway. If you reuse a password, assume those accounts are pwned.
2. Use 2FA on absolutely all accounts.
2FA stands for two-factor authentication. It’s a security protection in which you provide two different authentication factors to verify yourself with services. The first factor is a password, and the second factor can be a fingerprint, a code sent to your phone, or a security key. This makes it almost impossible for attackers to gain access to your accounts, even if they have your password. You can enable 2FA on most accounts, including email, social media, and banking accounts. Do it. I recommend Authy or buying a Google Titan device. If you don’t use 2FA, assume you’re pwned.
3. Update your software all the time, especially the web browser and operating system.
Software updates are important because they often contain security patches that fix vulnerabilities in the software. Hacker groups are studying new vulnerabilities to exploit in the wild, so it’s important to keep your software up to date, unless you want your computer to be part of 5 different botnets. Make sure to update your browser and operating system as soon as updates become available. If you don’t, assume you’re pwned.
4. Format your computer at least once a year.
Erasing all the data on your hard drive and reinstalling the operating system can be liberating. It will give you a clean slate and also remove all the malware, botnets and viruses controlling your computer. This may sound like a lot of work, but if you get in the habit, you can do the whole process (including restoring backups and reinstalling all software) in less than an hour. You’ll build a personal system to keep your hard drive footprint to the minimum. I format every ~6 months. If you haven’t formatted your computer in the last 12 months, assume you’re pwned.
5. Email Safety:
Do not download executables from anyone. Do not download PDFs or documents from strangers. Do not install cracked programs. Email is one of the most common ways that attackers/scammers try to gain access to your computer. Practice with this google quiz. Read the Email Masking technique in the dark tech post for extra credit. If you downloaded an executable from someone you don’t trust, a PDF or document from a stranger, or installed cracked programs, assume you’re pwned.
6. Use a VPN.
A VPN, or virtual private network, is a service that encrypts your internet connection and routes it through a computer in a different location. As mentioned in the privacy tools post, it can help you stay anonymous online and protect your privacy. Additionally, it will encrypt all your traffic and secure your data in untrusted networks. VPNs are especially useful when you’re using public wifi. If you’ve connected to an airport wifi without a VPN, assume you’re pwned.
Summary and final words
- Do not reuse passwords. Get comfortable with “reset password”.
- Use 2FA on absolutely all accounts.
- Update software all the time, especially the browser and operating system.
- Format your computer at least once a year.
- Email: Do not download executables from anyone. Do not download PDFs or documents from strangers. Do not install cracked programs or pirated software.
- Use a VPN.
That’s it! Hope you can implement at least one idea in the list. Honestly, EVERYONE should at least get to point 3. And… no matter what you do, it’s still a safe bet to assume you’re pwned.
I’ll be writing a final post next, called “Light Tech Backpack” (in which I talk about techniques to minimize anxiety and stress coming from misusing tech). If you’d like to read it, please subscribe below:
Additional Resources and Learning
Acknowledgments
Cover photo by MidJourney. Thanks to Fio, Bruno, & Fer for providing feedback on early drafts.