Search


Tagged with Authentication x Përndjekje x Mbështetja x Pritisak x Reputacija x

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, commands, output and file transfers are therefore protected from attacks in the network.


All details about implementation and configuration can be found on the SSH official website.  

Server Site Authentication Encryption

Making a strong password

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

Password management

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

Access a trusted device

Having 2-step authentication  turned on for all of your accounts is an essential security practice. However, in case the verification method you set up (phone number, app) is not working or has changed, you should try accessing the account from a trusted device . Many service providers offer the option (usually just a checkbox on the 2-step page) to mark a device as trusted so you wouldn’t have to enter 2-step security codes each time you log in on that specific device, such as your home computer. 

Make sure that only personal devices (computers, tablets, phones) you use regularly are marked as trusted and never use this feature on public or someone else’s devices. 

Authentication Digital hygiene Phone/Tablet Apps Computer/Laptop

INSTITUTIONAL PROTECTION

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

ALTERNATIVE PROTECTION

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

REVENGE PORN

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

THREATS

Endangering physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.
 

Threat is a serious form of assault and one that should be urgently addressed to best prevent it from being realized in the physical world. Report each and every threat to the police and the public prosecutor. 

As threats often cause fear and insecurity, art. 138 of the Criminal Code - Endangering safety - provides a suitable legal basis for initiating mechanisms of protection. 

 In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge is especially relevant for (female) journalists, as this charge provides for a higher sanction. 

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

In addition to reporting threats to police and digital platforms, inform your employer and document them

If you can, protect your mental health by taking a break from social media platforms, especially those spaces that can cause additional stress or fear for your safety. Create a network of support to help take over some of the work documenting the threats. Again, prioritize your physical safety above all else and If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately! 

Digital evidence Password Authentication Recovery account Phone/Tablet Malware Report to platform Safety Sexual Harassment Journalists Fear Media Computer/Laptop Criminal charges

STALKING

The process of diligently and continually following someone’s activity online. The designation of stalking can be applied whether or not the stalker and target know one another in person.  Digital traces, data and other markers of our participation that show up on social media platforms and other websites have made stalking in the digital age a much easier task. As much as in the physical world, consequences on the targeted individual can vary, but could include an increased sense of insecurity, fear and the perception of an invasion of privacy.

Stalking, in the Criminal Code, is identified as a criminal offence (art. 138a), carrying that sanctions for not only the act of stalking but also for unlawful collection of someone else’s personal data, as a preliminary offence, prior to the instance(s) of stalking. However, the article does stipulate that to constitute stalking, the incident(s) must take place for a specified period of time. The intensity of stalking, and consequences felt by the target are not of critical relevance, but could be taken into account by the court during criminal proceedings.

If the incidence(s) of stalking fail to meet the time stipulates laid out in the Criminal Code art. 138a, then article 138 - Endangering safety - could also offer protections against acts that result in fear for one’s safety, and provides stricter sanctions if the target is a (female) journalist.  

In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. 

It is easier than ever to conduct private surveillance of public digital spaces using a number of different methods. For this reason, it is important to ensure that your tech-devices (phones, computers, smart speakers/doorbells, etc) and check if options (e.g. location, privacy settings) are best protected (turning off location tracking, strict privacy setting) and limited in their ability to share private data. 

As with all types of assault, targets of stalking should inform friends, family, partners and colleagues about the harassment, so you have a bigger network of support. If online stalking moves offline, to the physical world, you should immediately inform police and request protection. 

Check out these resources for improving your digital safety.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Safety Support Identity Computer/Laptop Criminal charges Stalking

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences. Whether the target is a person whose personal data has been misused, or someone else, the damage can be incalculable.

Due to the complexity and different manifestations of this category of assault, it is difficult to determine the legal basis offering the most suitable protection. In the case of fraud committed using the computer belonging to another person, and resulting in material or financial gain for the perpetrator, a criminal complaint may be filed under art. 301 (Computer Fraud).  Another criminal offense, the unauthorized collection of personal data (art. 146), must be initiated via private lawsuit, and therefore the identity of the perpetrator must be known.  

If a case of identity manipulation leads to psychological harm, or damage to reputation or dignity, then compensation may be claimed using civil legal procedures. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

 

Identity manipulation is often tied to financial fraud and online theft. There are different ways you can protect yourself from these crimes: limit the amount of money that can be transferred to another account, or taken out via ATM at one time, use at least a two-factor authentication system for your finance-related logins, and destroy old bank and other identity cards with sensitive data. 

If you are a victim of identity manipulation, inform the police as soon as possible, notify the financial institutions or websites where you have accounts and temporarily block compromised bank accounts and/or cards. 

Timely risk assessment and digital hygiene are important means of  prevention and protection.

Digital evidence Password Authentication Recovery account Phone/Tablet Damage Reputation Identity Cybercrime User account Computer/Laptop Access recovery System restore Criminal charges

FALSE REPORTING

The misuse of reporting or flagging mechanisms, or false claims of copyright infringement or other violations of Terms of Service or Community rules and regulations on social media platforms, for the purpose of blocking, suspending or preventing more extensive digital participation.

Similar to trolling, it is difficult to qualify false reporting as a criminal offense. Rather, it is seen as a misuse of social media platforms’  internal reporting mechanisms. Unfortunately, it is very difficult to find a remedy, as the mechanisms for reporting usually employ automated systems that often fail to offer adequate help. 

It is difficult to combat false reporting. Both Facebook and Twitter offer assistance for reactivating accounts that have been shut down due to false reporting. Unfortunately, these platforms are slow to respond to this particular issue, and creating a new account is generally a quicker solution. 
 

Digital evidence Password Authentication Recovery account Damage Tactic User account

RETALIATION AGAINST SUPPORTERS

Friends, family, partners, colleagues, employers, and other witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

Retaliation can take many forms, so it can be linked to different criminal offences. If the assault results in the endangerment of safety, art. 138 of the Criminal Code  could provide a suitable legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Assess as to if the assault could be qualified as offence, threat, harassment, doxxing, false accusation or another form of digital assault. Identifying the type of assault based on charges set out in the Criminal Code can increase your chances of success in accessing legal protections.

In addition to the many mechanisms of protection, a useful strategy for countering an assault is to publicly call out and condemn an attack without directly identifying or naming the perpetrator. If you opt for this tactic, assess the risk and continue to document  problematic responses, especially  if they are defamatory in nature. Surround yourself with friends, family and colleagues:  safety is in numbers.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Report to platform Safety Support Computer/Laptop Criminal charges