Search

In case you have trouble accessing your account and you have checked that you are entering the right password  (mind the CAPS LOCK and keyboard language), you can try resetting your account password. On most platforms and online services this can be done by clicking on the link named “Forgot your password?” or something similar, which is located on the login page.

Follow the instructions on the “Forgot your password” page and make sure that you have access to the email address/phone number you used to create your account. If you don’t have access to this email or phone, you will need to use the recovery (backup) account  if the provider supports that option. Otherwise, you might be left permanently locked out of the account.

Most likely, the service provider will send you a password reset link or code via email or other means of communication, which will enable you to create a new password for your account. From then on, you will use the newly created password to access your account.

Password Recovery account Digital hygiene User account Access recovery

Most platforms and online service providers provide you with an option to set up a recovery or backup contact, usually an email address, a phone number or a set of expendable backup codes. It is very important to set up this option so you don’t get locked out of your account.

In case you can’t access your account and you are not logged in on any other device, use your backup email address or phone to gain access to the original account. Make sure you have access to your backup communication method/account - otherwise you might never be able to access the lost account.

Password Recovery account Digital hygiene User account Account recovery

Another method to gain access to your account is to provide answers to the security questions, in case you enabled that option in your account security settings. However, some providers are leaving the option to implement security questions due to their inefficiency (they can easily be guessed, etc.). Also, people often don’t change the answers to these questions for years or simply forget them because they don’t have a frequent need for them.

However, if you still have a security question as your account backup solution , make sure the answer is kept in a safe place, that it is not some publicly available information or something easy to guess (“What’s your favourite food?” for example).

Password Digital hygiene User account Access recovery

Modern browsers '> (Firefox, Chrome, Edge) have the option to save your passwords, so you don’t have to enter them every time you log in. However, this is not recommended and you should use a separate password management  software such as KeePass, KeePassXC or Bitwarden.

In cases where you cannot log in by typing your password, you should check if your browser saved a password at some point and use it to access your account. It is always advisable to copy and paste the password instead of typing it to avoid errors.

Password Digital hygiene Browser Access recovery

When making a password , you should make sure that it is unique, i.e. that it is only used for one account or device, long and complex. 

Using the same password for multiple resources is a risk - if one of your accounts is compromised, others using the same password might be as well. 

Having a long password - 10+ or even 20+ characters, the longer the better - makes it harder to crack with brute force attacks. Use of different types of characters and symbols, such as numbers, small and capital letters and special characters (!, ~, *) is strongly encouraged.  

Avoid using online password generators and “how strong is my password” tools - you can’t know who is behind them and where your passwords might end up.

It is also highly recommended to set up multi-factor authentication  on your accounts, if the online service or platform has that option. This creates an additional layer of protection, as an additional step is required to login, usually a one-time code received via SMS or an app such as Google Authenticator.

However, multi-factor authentication (MFA) is not a “silver bullet” solution - people are still susceptible to social engineering attacks, such as phishing scams, and can be persuaded or fatigued to provide the second authentication factor, a one-time code for example. This is why it is important to consider a phishing resistant solution for MFA, such as the use of physical hardware keys.

Multi-factor authentication by default is unfortunately still not an industry standard - there are services which don’t offer it, and for those that do, users still have to navigate through complex security settings in their accounts in order to set it up.

Although any kind of MFA is better than having none, some forms are safer than others. For example, receiving codes via SMS is not reliable due to security flaws in mobile networks and so called “SIM swapping”, i.e. when an attacker gains access to a person’s phone number by tricking their mobile provider’s staff.

However, it should be noted that MFA is not a substitute for regular security training and awareness of threats such as ransomware. It is very important to build a positive, proactive security culture within your organisation with motivating and engaging training - you can improve the digital security on both personal and organisational level if you focus on all three domains of cybersecurity: people, processes, and technology.

Password Authentication Digital hygiene Apps

With so many accounts an average internet user has today, it has become impossible to memorise all passwords and have them be unique, long and complex at the same time. 

That is why you should use applications  called password managers , which securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols.  

Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Storing login credentials in browsers '> should be avoided, together with online password managers which are not open source and end-to-end encrypted .

Password Authentication Digital hygiene Apps

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop

If resetting your device to factory settings  did not resolve the issues you experienced, it might be best to take the device to a repair shop. Before you do this, it is important to backup  any data on your device and also make sure to protect your device, sensitive files and apps with a password or a PIN.

Before choosing a specific repair shop, do a simple online search and try to find the ones with the best online reviews and positive comments.

Password Data backup Digital hygiene Phone/Tablet Computer/Laptop Device reset

Targeted assaults, lasting any amount of time, at a high intensity, that cause harm, intentionally exploiting vulnerabilities. Harassment is an attack on human dignity, reputation and privacy, with the goal of silencing and/or curtailing the target’s digital participation.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges