By: SEAN YANG
Staff Writer
It is hard to do anything at all today without the Internet. Your bank accounts, personal files, social media, contacts, and countless other essential services are all found online, and there is no doubt that it is practically a requirement to have to live in the 21st century. Because we have to utilize all of these services in order to use the web, our attack surface is greatly increased—without proper security, it is easy to lose important accounts and critical information to hackers and scammers. So, how do we stay protected?
We’ve all heard of the old adage: use a different password for every account—but is that enough? If we needed to create strong and complicated passwords for every one of our accounts, then how could we possibly keep track of them all? Password managers are perhaps the safest solution when it comes to storing our passwords. Password managers will contain a vault that leads to all of the passwords you wish to store in it, either auto-generated or manually created and will be locked behind a master password that only you should know about. The safest type of manager would be stored locally on your computer, while a more convenient (but less safe) type stores your passwords in the cloud, which can then be accessed through your web browser for easy access. I recommend KeePassXC for those who want a local manager and Bitwarden for those who need the convenience of a cloud manager. I would not recommend other managers because they are proprietary (non-free and closed-source, meaning no one besides the company can audit their code) or are packaged as a service. If you have heard of LastPass, it is best to shy away from it because they have been breached by hackers twice—in both instances, they downplayed the severity of the attacks and were weeks or months late from disclosing such information to the public.
Despite the added convenience and advantages that a password manager has, a chain is still only as strong as its weakest link. If a hacker is able to gain access to your master password, it is highly likely that they will be able to steal all the information inside your vault. This is why it is highly recommended to make your master password strong (lengthy, making it harder to simply brute force) and complicated (use numbers, lowercase and uppercase letters, and symbols across the password) to prevent the worst-case scenario.
Passwords are pretty good at securing your accounts, but it is only one factor of authentication that can be used. These factors are something you know, something you have, and something you are. Passwords fall into the first category, but in order to keep your important accounts secure (like a bank account), it is practically a requirement to have multi-factor authentication. The second category (something you have) constitutes physical things such as your phone, key, or a transient security token. The third category (something you are) involves your biometric information, such as your fingerprint, face, or voice, and where you live. It is highly recommended to have at least two of these factors used to ensure the security of your accounts and data. In the president’s case, all three factors of authentication are used to identify the President if they gave the order to launch a nuclear weapon—the nuclear football, the correct launch codes, and access to the military as the Commander-in-Chief.
Strong, complicated passwords with multi-factor authentication are the safest way to get by through the Internet when it comes to being hacked. However, it is comparatively easy to get compromised by scammers and phishing attacks, which will require a good amount of discipline, experience, and judgment in order to avoid these attacks. This will be discussed next time with an introduction to exploring the web safely and decreasing your attack surface on social media.