Computer and Identity Security

[stephenson]

This has been a complex topic - from the beginning.

Was considering ways to both secure my computers, online access process, and identify ... what are the great ways others have done this?

My current "system" -
1. Mac laptops, Apple iPads, Apple iPhones
2. Safari web browser
3. Backup on Apple iCloud
4. Backup on separate hard drives from drives on the laptops
5. Keep everything everywhere - i.e. I do not have financial information on a special drive
6. Have accounts with Fidelity, Vanguard, BBT (soon to be "Truist"), and Navy Federal

Thanks!

 

[PJHawk]

Computer and Identity Security. Important stuff.

1) I use a Password Vault (there are a bunch out there for small fees) with complex passwords for all financial websites. 30+ password length. Change every few months. These tools let you copy them into the website automatically so you don't need to type. However, you are trusting that your Master Password is very strong and trusting the password tool vendor. I use one with MFA.
2) Multi-Factor Authentication (MFA) turned for all websites if offered. Apple and Google have it. Schwab has it. More and more having it. Use it.
3) Backup using Carbonite. But other vendors are good as well.
4) Browsers - keep up with the latest updates for any browser you use.
5) Operating Systems - keep up with the latest updates for any OS you use.
6) I print my statements once a quarter, in case my financial vendor fails in their security planning.
7) Don't click on e-mail links you don't know. E-mail Phishing is the biggest hack of all.

 

[MBAustin]

That's a good start. We have two hard drives for backups that we alternate - one is active and the other is in our safe deposit box.

I'm also a big fan of using DuckDuckGo as my default search engine instead of you-know-what.

In addition to not clicking on e-mail links you're not 100% certain are legit, don't open any attachments that you aren't expecting. Be wary of links and attachments that appear to be from people you know - address spoofing is rampant.

 

[The Cosmic Avenger]

Good tips from PJHawk.

1) I'll second a reliable and reputable password app; I use Lastpass, and have it generate random passwords for every account for me, so my passwords can't be guessed from personal information, and knowing one doesn't help with any others. I'll save you the technical details, but LP is very secure, more so than having a browser save passwords, or writing them down.

2) I also turn on two-factor authentication (2FA) wherever it is available, which is all my financial accounts. It is a slight pain to open an app or wait for a text, but that's incredibly minor compared to the pain of account breaches or identity theft.

3) I keep most of my non-sensitive data on Dropbox, and more sensitive data on Google Drive, both with 2FA and local backups.

4) Very important, and be careful with add-ons or extensions, and on that note, don't authorize too many games or apps on Facebook either, if you keep any personal information on there. (see #7 for more)

5) 'nuff said.

6) I keep PDFs of my documents, because I hate paper, but that's just me. I do NOT recommend this approach or #3 if you are not sure about securing your computers and your home network.

7) This also applies to browsers. If your browser is not secure, everything you do on that computer could be compromised. I recommend an ad blocker and a script blocker, such as AdBlock or AdBlock Plus, and NoScript and/or Privacy Badger. Malicious ads can run scripts that are basically malware through your browser, and compromise your computer, even if you never click on the ad. It's true that clicking on strange links is more risky, but browsing websites with an unprotected, insecure browser is almost as bad. And even reputable websites can have malicious ads appear on them through ad network/affiliate programs.

Sorry that last one was so long, but IMO it's the most neglected part of individual cybersecurity.


EDIT: Of course, as soon as I finish commenting here and go to read the Washington Post, the first article that catches my eye is "I found your data. It’s for sale.", about malicious and insecure browser extensions.

 

[The Cosmic Avenger]

Oh, since "identity security" was mentioned, some meatspace precautions, too:


1) Shred all sensitive documents (banking, etc) that you are not keeping. If you do not want to buy a shredder, some places have public shredding dropoff events. (Possible security risk, but here they're usually sponored/held by local government, and the companies doing the actual shredding are very reputable, like Iron Mountain.)


2) If you do not have any plans to take out a loan in the near future, put a credit freeze on at all FOUR agencies (Experian, Equifax, Transunion, and Innovis, which most people forget about). This will prevent any accounts from being opened in your name without the freeze being lifted.

 

[Rianne]

Use an iMac.
-Always clear cookies and history
-Set in security, only accept apple downloads unless I approve
-Use Malwarebytes by Macabee, suggested by Applecare
-close all applications after every use.
-Use Lastpass and 2FA
-Shut down when things look unusual. For instance, once in awhile websites stick or the rainbow keeps churning. Applecare suggestion.
-Delete most e-mails without opening. They don't follow my instructions to stop sending them, so they get deleted without even opening.
-Rarely click on links
-Use Adblocks, this hurts when a good article won't open b/c of the block. I've found if you read the news through google news, they let you read the article.

 

[Jerry1]

So, I’m looking at some of these cloud storage options and they are expensive. Seems like I could buy a couple external hard drives and store them off site cheaper and be just as effective. What is the advantage of cloud storage versus a couple hard drives and storage offsite? I’m thinking I could get two drives and swap them on a regular basis with one of my daughters and take one from them so we all have off site backup. Am I missing something other than convenience?

 

[The Cosmic Avenger]

So, I’m looking at some of these cloud storage options and they are expensive. Seems like I could buy a couple external hard drives and store them off site cheaper and be just as effective. What is the advantage of cloud storage versus a couple hard drives and storage offsite? I’m thinking I could get two drives and swap them on a regular basis with one of my daughters and take one from them so we all have off site backup. Am I missing something other than convenience?

Security and reliability.

Dropbox and Google have much better security than we could possibly afford as individuals, plus distributed data centers with duplicate failovers. The reliability part we could probably live with, as only enterprise systems need 99.99+% uptime; we peons can live with an occasional inconvenience. But the security part is where it's at. Can you encrypt your data, provide up-to-date SSL certificates, and offer two-factor authentication?

Of course, if you're hosting just, say, a media server, or some other non-sensitive data, you might not care about security.

If you're just talking about backups, sure, that would work, as your data would probably never be exposed outside your home networks, and the only inconveniences are 1) having to wait for the physical backup to be relocated and restored, 2) only having backups as recent as the last time you swapped disk drives, 3) not having immediate online access to specific files you may have accidentally deleted or overwritten (not as big as the first two, but I've used that feature a few times on both Carbonite and Dropbox).

 

[braumeister]

O2) If you do not have any plans to take out a loan in the near future, put a credit freeze on at all FOUR agencies (Experian, Equifax, Transunion, and Innovis, which most people forget about).

Also ChexSystems, which even more forget about.

 

[Jerry1]

If you're just talking about backups, sure, that would work, as your data would probably never be exposed outside your home networks, and the only inconveniences are 1) having to wait for the physical backup to be relocated and restored, 2) only having backups as recent as the last time you swapped disk drives, 3) not having immediate online access to specific files you may have accidentally deleted or overwritten (not as big as the first two, but I've used that feature a few times on both Carbonite and Dropbox).

I'm still learning my way through this. I'm one of those who are lucky to have a backup period. But, I think getting something off site is important because I think one of the more likely catastrophes is someone breaking into my house and stealing my computer and finding the backup drive. Probably the second biggest risk for me after just a physical breakdown of the disk.

I'm not sure why I would need a cloud service, unless I ran a small network in my house and wanted to use files from anywhere in the world where there's an internet connection. I don't run a network and I've never needed a file while away from home.

I noticed that iDrive had 5GB for free. I may take a couple critical files and store them there for free. Something like my last couple tax returns and my quicken file and some PDF's of my statements. Kind of belts and suspenders, but won't hurt and I'll learn about this service in the process.

 

[ExFlyBoy5]

But, I think getting something off site is important because I think one of the more likely catastrophes is someone breaking into my house and stealing my computer and finding the backup drive. Probably the second biggest risk for me after just a physical breakdown of the disk.

I'm not sure why I would need a cloud service, unless I ran a small network in my house and wanted to use files from anywhere in the world where there's an internet connection. I don't run a network and I've never needed a file while away from home.

I noticed that iDrive had 5GB for free. I may take a couple critical files and store them there for free. Something like my last couple tax returns and my quicken file and some PDF's of my statements. Kind of belts and suspenders, but won't hurt and I'll learn about this service in the process.

Natural disasters. Fires. Floods. Lots of reasons to have data backed up in a remote location. We have a backup drive that is kept in a firebox that is also in a F-5 rated tornado shelter. Probably pretty safe there but there have been occasions when even a bank safe deposit box had issues and contents were lost. So, we have additional copies of pretty important stuff in "the cloud" which as I understand, usually backed up in several locations.

Nonetheless, even though Google does encrypt the info, it's not a bad idea to do your OWN encryption prior to uploading it to the cloud.

 

[ExFlyBoy5]

Doing some catch up on this subject, it looks like physical keys are actually pretty good and require inserting a physical key into a computer to access info from sites like Google, Facebook, Dropbox, and others. Some search terms you can use to further gain understanding:

-Titan Security Key
-U2F Security Keys

More recent technology: https://en.wikipedia.org/wiki/WebAuthn

 

[imoldernu]

I confess to being dumb as a rock when it comes to internet security.

Coming from the other side, how does a "crook" actually access my assets, even if he has my personal information? (other than some minimum dollar limits on my accounts). Maybe a website that explains... instead of having to write a long post.

I do have copies of all important papers on external drives.

 

[The Cosmic Avenger]

I confess to being dumb as a rock when it comes to internet security.

Coming from the other side, how does a "crook" actually access my assets, even if he has my personal information? (other than some minimum dollar limits on my accounts). Maybe a website that explains... instead of having to write a long post.

I do have copies of all important papers on external drives.

They can run up debt in your name and then disappear, and if you search the internet for "identity theft" you'll come up with nightmare stories from victims who have trouble clearing their name. They have to prove that the person who gave all this information is NOT them, and in the meantime, credit worthiness may be affected, assets can be frozen...


And if they can figure out how to access your actual accounts, obviously they could set up a wire transfer and steal your money. Remember, a lot of banks used to use information like "mother's maiden name" to verify your identity on the phone, after which they'd let you do anything with your account. Detailed personal information can often be used to guess or circumvent passwords.