Search

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

The internet commonly provides a false sense of anonymity, whereas there is only pseudo-anonymity for most users. Pretty much everyone is identifiable online by their IP address , a unique identifier assigned to you by your internet service provider (ISP).

However, there are tools which can help you mask your actual IP address and provide an additional layer of protection for your online identity. This can be achieved with the use of Tor Browser or Virtual Private Network (VPN)  services.

Tor Browser is a free and open source software customised to work with the Tor network, based upon Mozilla Firefox, which encrypts  your browsing traffic and gives you a new identity, i.e. a new IP address. It is also particularly useful for accessing blocked websites on your network. There are some drawbacks however, as the Tor network provides generally slow internet speeds and users’ identity can be exposed if they do not use Tor Browser properly.

Virtual Private Network (VPN) is a service which enables users to connect to the public internet through a private network, providing an additional encrypted layer of privacy and masking the users’ actual IP address. There are many VPN providers, but users should still take note and be aware of possible security aspects such as:

• Jurisdiction, i.e. in which country is the company providing VPN services based. Countries which are members of the “Five Eyes” mass surveillance alliance (USA, UK, Canada, New Zealand, Australia) should generally be avoided;
• No logs policy, meaning that the VPN provider doesn’t log your internet traffic made through their network;
• Regularly performed independent security audits, which are usually documented on the VPN provider’s website;
• Price - some VPN services are quite expensive, but you should be vary of “completely free” VPN apps , as their business model is almost certainly based on tracking users. However, some paid-service providers  offer free plans with limited possibilities, such as lower speeds and a smaller number of servers .

IP Address Digital hygiene Browser Apps Encryption Data leaks Safety

Encryption is the process of protecting data with a complex cipher, scrambling it so that it can only be accessed (decrypted) with a password or key, sometimes requiring an additional authentication factor, e.g. a digital certificate  . Encrypting hard drives and removable devices, such as USB drives, is especially recommended for people working with confidential information, primarily journalists and human rights activists.

VeraCrypt is a multi-platform (Windows, Linux, MacOS X) free and open source  disk encryption software with advanced capabilities. It can be used to encrypt only specific files, whole hard disk partitions, removable drives, as well as a partition or drive where Windows is installed (pre-boot authentication).

Cryptomator enables you to encrypt your cloud storage files for services such as Dropbox or Google Drive. Files are encrypted within a secure vault which is then stored with cloud service providers, which cannot access the data. Cryptomator is open source and available for Windows, Linux, MacOS X and mobile platforms (iOS, Android).

Digital hygiene Apps Encryption Data leaks Cloud

Similar to hard drives and removable disks, communication channels can also be encrypted by protecting data with a complex cipher so that communication can only be accessed (decrypted) with a password or key. Of course, for journalists and human rights activists encryption is a key component of ensuring secure communication with confidential sources. This can be done in a variety of ways. 

Emails can be encrypted using PGP (Pretty Good Privacy), which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension  which works with popular webmail services. 

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers. 

A free and open source chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. Another app with a variety of options you can also use is Telegram, where Secret Chats need to be enabled for end-to-end encryption.

Digital hygiene Apps Encryption

Conventional deletion of data from a device is not an effective solution for permanent deletion, because there are ways to recover deleted data with the help of special software. The solution to this are programs that use complex algorithms for decomposing data into a digital “mash” that can no longer be returned to its original form. Eraser is a free Windows application [APLICATION] that can completely remove data from hard drives by overwriting it several times with carefully selected patterns.

As for optical disks (CDs, DVDs), the most elegant way to permanently destroy them is to use a special shredder that can destroy disks in addition to paper. Methods for physically destroying hard drives that can be found online, where the drive is acidified or burned, are extremely dangerous. Hard drives contain various types of harmful chemicals, which can cause toxic and flammable fumes.

If old equipment is ready for sale or a hard drive is destined for disposal, it will require deep cleaning, even if it is broken. The software that does this very efficiently is Darik’s Boot and Nuke. Good practice suggests that when disposing of old equipment - after special software has performed deep cleaning of the disks - the equipment is disassembled to destroy the ports and break the pins on the connectors.

Digital hygiene Apps Data leaks

Having 2-step authentication  turned on for all of your accounts is an essential security practice. However, in case the verification method you set up (phone number, app) is not working or has changed, you should try accessing the account from a trusted device . Many service providers offer the option (usually just a checkbox on the 2-step page) to mark a device as trusted so you wouldn’t have to enter 2-step security codes each time you log in on that specific device, such as your home computer. 

Make sure that only personal devices (computers, tablets, phones) you use regularly are marked as trusted and never use this feature on public or someone else’s devices. 

Authentication Digital hygiene Phone/Tablet Apps Computer/Laptop

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop