Security Practices Reviewed

Do you really know the best ways to stay safe online? A recent post on the Google Online Security Blog showed that average web users focus on different tactics than those favored by security experts.

In the blog post, Iulia Ion, Rob Reeder, and Sunny Consolvo highlight the results of two surveys they conducted. One was with security experts and one with users of the web who weren’t security experts. The two groups were asked to list the three best practices for remaining safe online. As the graphic (from the original post) below shows, the opinions of the two groups diverged, although both had recommendations about password usage.

Image from Google Online Security Blog post - New research: Comparing how security experts and non-experts stay safe online
Image from Google Online Security Blog post – New research: Comparing how security experts and non-experts stay safe online

I thought it would be useful to look at these recommendations and provide some of my thoughts:

Install Software Updates

Experts’ top recommendation was to install software updates – why? All software is prone to bugs, and many of these can be exploited by “bad guys” to compromise a user’s computer. As these bugs are discovered and the exploits employed, vendors provide patches for their software which fix the bugs. If you don’t keep your software up-to-date, you are unnecessarily exposing yourself to the risk of being compromised.

Passwords

Experts advise using strong, unique passwords, while non-experts only advised strong passwords. By using unique passwords for each site, you can reduce the impact of a single site being compromised or your password exposed. Think about it this way – if you use the same strong password for every site you visit, what happens if one site gets hacked and someone finds out that password? Now, the “bad guys” have your password for all the sites you use.

Using strong, unique passwords presents challenges, like, how do you remember all those passwords, especially if they are non-memorable? That’s why the number four recommendation of experts is to use a Password Manager. Most reputable password managers keep your passwords encrypted, so they can only be unlocked with a master password or fingerprint – now you only need to remember one strong password, and the rest can be unique and non-memorable.

Non-experts recommend changing passwords frequently, but that really only provides protection against passwords being exposed and used long after the fact. This recommendation is likely made because many enterprises encourage (force) their users to change their passwords every six months.

Two-factor Authentication

Experts also advise the use of two-factor authentication. This means that, in addition to your username and password, you must have something else to prove who you purport to be. Many services, like Twitter, will send you a text message with an additional authentication code, if you configure it that way. This means that even if someone has your username and password, they wouldn’t be able to log in as you from a new device (most two-factor authentication can be set to only prompt for the second factor every 30 days, or when logging in from an unrecognized device.)

Anti-virus software

The number one recommendation of non-experts was to use anti-virus software. Why didn’t experts recommend the same? Since new bugs and exploits are being discovered all the time, anti-virus software often doesn’t catch the latest problem. If you believe that having anti-virus software will protect you from all threats, then you may be less cautious and let your guard down.

Conclusion

Being an active participant in online communities and using online services entails some level of risk that your personal information will be misused. Adopting some of the expert-recommended practices outlined above will make it a bit harder for the “bad guys,” and doesn’t impose a large burden on you.

Author: Stephen Judd (@sjudd)

This article (Security Practices Reviewed) was originally published Thursday August 27, 2015 on the Military Families Learning Network blog, a part of eXtension.

Creative Commons License This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Twitter Cohort Lite

By Molly C. Herndon , Social Media Specialist

The Personal Finance and Network Literacy teams will again be joining forces to create a learning opportunity for folks interested in Twitter. The 2-week event will begin May 18.

This year’s event will focus on asynchronous activities that participants can complete at their own pace. The event’s guides have assembled resources and homework for participants that will teach new skills and broaden existing networks. Watch videos and view last year’s syllabus here.

The Twitter Cohort Lite promises to be an easy way to get your feet wet and start tweeting with a supportive and encouraging network of professionals. By participating in this year’s event, you will:

  • Twitter-CohortBuild your Twitter personal learning network centered around your interests.
  • Engage in conversations with a Twitter community that starts with your fellow cohort members and reaches across the world.
  • Start online relationships that will last into the future.
  • Begin to see how Twitter can be used for teaching, learning, and connecting.

So if the Twitterverse seems intimidating or if you’re just learning to enhance your own personal learning network, register today for this immersive learning opportunity.

This post was published on the Military Families Learning Network blog on May 5, 2015.