Pro tips for basic security online

I wanted to share some basic security advice I give to family, friends, and my users at work.

1. Keep everything up to date!

The internet is full of bad guys doing bad things. When a new vulnerability in Windows is discovered, Microsoft releases a patch, but that patch isn't any good unless you install it. I know it can be annoying to stop what you're doing and update your computer or phone, but it is essential to staying safe in a modern world where we're surrounded by technology.

2. Maintain a healthy level of suspicion.

• Don't implicitly trust anyone online.
• Be careful what links you click. Especially in email, but also on Skype, Facebook, and anywhere else links can be shared.
• Don't install any software or apps that aren't from a trusted source.
• Even if they appear to be from a trusted source, review reputation information, and verify the site/store that you're downloading it from. Very recently an app called "Meitu" became popular and everyone was installing it and disregarding the permissions it requested (just about all of them!). The app turned out not to be malicious, but users who installed it have already sent their data to the Meitu servers... will they use that data for good?

3. Use strong passwords, enable two factor authentication everywhere possible, and avoid sharing your password across multiple websites.

• Your passwords should have length, complexity, and be unique. This isn't as hard as you think it is. XKCD has a popular comic talking about password strength. A password like "Hunter1" includes a capital and a number, but it's very short and easy to guess. A password like "correct Horse52 battery staple!" is very long, has a capital letter, numbers, several symbols (spaces are considered symbols), and is easy to remember.
• Two factor authentication is when you are asked to enter a code (usually sent to your phone via SMS or by opening an app that displays the code for 30 seconds) after you've entered your username and password. It is especially important because if a bad guy steals your username and password, he still needs your phone to finish logging in. Most popular sites offer 2FA in some form, I recommend checking out Two Factor Auth.org.
• When you register on a website and use the same password you used somewhere else, you're trusting them to store that password securely for as long as that website exists. In 2016 alone there were hundreds of millions of accounts that were hacked. I highly recommend you go to Have I Been Pwned? and sign up with all of your email addresses. It's a site run by Troy Hunt, who collects data breaches and sends out notifications when your information has been found in one.
• Use a password manager like LastPass, KeePass, or 1Password to securely store your passwords. Make sure you use a unique master password, in addition to 2FA. Ideally you would also utilize the "generate random password" feature so that all of your passwords look like this: "JzeKO7OXwN!GyHN&68Ue". You can just copy/paste or autofill the password, and only have to memorize your master password.

There is a lot more to security than what I've listed here, but this is a good start :)