Monthly Archives: November 2013

Three steps to protect your online identity in five minutes

According to Russian businessman Eugene Kaspersky, online fraud costs more than $100bn per annum. The US National Security Agency and UK GHCQ have been spying on your personal emails for years. What do you do about it? Login to your Bank of America account with “Password1”, to find out that someone emptied your account.

Yes, Bank of America allow that password. So do Chase and Citi.

I studied Computer Science at University, where I learnt from Ross Anderson about cybercrime. We knew all about it in 1996 – we estimated that the NSA could easily build a computer to build modern cryptographic algorithms in a few minutes for about $2m. Cybercrime is 20 years old and we don’t get any smarter about it?

So what can you do to protect your money, your identity, your life? It turns out that it takes three steps, and five minutes.

Encrypt your computer

I use a Mac. You click Apple -> System Preferences -> Security & Privacy -> File Vault -> Turn on FileVault. That’s it. If you use a PC then it is no harder to enable BitLocker.

If you have a PC or Mac built in the last few years, it will be 1-2% slower. Big deal.

Now, if someone steals your laptop, they can’t access it unless they have your password. Both BitLocker and FileVault use encryption which is pretty hard to get through, though you had better believe that the NSA can still get in. Sorry.

Use a Secure Password

You would be surprised how quickly hackers can crack passwords. They can crack 50% within a few minutes and 80% within a few hours. Remember why you installed the security alarm at home? Mostly, because you want the burglar to break into the house next door? It’s the same with passwords – you want to be in the 20% that hackers can’t be bothered to get to.

Hackers use wordlists that have proper nouns (London), foreign wordlists (mot-de-passe), non-Latin characters (пароль) and substitutions (P4ssw0rd). None of these things protect you. Two things matter – length of password, and number of words.

So choose something which is easy for you to remember, and hard to guess. Make sure it has 4 words. Let’s say you’re a Dickens fan. OliverPickwickChuzzlewitRudge. You are now in the 20%. Why? Read this awesome article by Ars Technica.

But be careful – don’t use phrases from books, especially the Bible. Hackers are now using phrases taken from books to fuel their word lists.

Never use the same password twice

You should never use the same password twice. If your password is stored by one website and hacked, then they can log into any other website where you used the same password. But using a different password on each site means you have to remember hundreds of passwords, right?

Wrong. Meet LastPass.

You enter one master password, and then LastPass generates random secure passwords for all the websites you access. It is so easy to use, there’s no excuse not to use it. And it is cloud based so you can use it anywhere you need it.

It has a handy side-effect that you track the websites that you have passwords stored in. Remember to protect your LastPass master password with OliverPickwickChuzzlewitRudge!

Final Words

These three steps to protect your digital existence take less than FIVE MINUTES to complete. Yes, there are other things that you can do. But these three steps put you in the 20%. Unless you are specifically being targeted – the hacker will go somewhere else.

But take note – no one looks after your privacy. Bank of America certainly don’t – they allow insecure passwords. Neither do Apple or Microsoft – they provide secure functionality but don’t enable it by default or encourage you to use it. If you care about this then you have to take action to look after yourself.