Tuesday, February 12, 2013

2013 - The Year of Digital Security

Last year, 2012, was the year of backups.  Between the cloud and automatic backups and safe places to keep drives -- I believe backing up my digital life as well as getting it more organized in the first place was a complete success.

This year I'm focusing on something entirely different: Security.  Actually, I did a lot of small security stuff at the end of 2012 so I'd say I started 2013 with a "very good" rating.  Instead of a tutorial on how to implement security in your digital life, I'm just going to share some of things I've already done and where I'm going from here.

I was already doing a lot of good things that I started in 2012:

  • I was user of a password manager / password vault.  I've been using KeePassX (available on many platforms like Linux, MacOS, Android, Windows, etc.) on both my laptop, desktop and Android phone. I kept my single password vault file in sync between devices using DropBox.

  • Stopped sharing similar or the same passwords between sites. I was pretty good about this, but sometimes I would order something from a company that I knew I would rarely use.  I became lazy and didn't always setup a new profile in KeePassX. For example, I was one of the 24 million accounts that were hacked at Zappos in January of 2012.  Also, my credit card information was stolen (see sample letter in PDF) from Altrec -- an outdoor outfitter where I made a purchase almost two years ago.

  • After reading Matt Honan's tail of how he got his entire digital life wiped out by hackers in Wired last August, I turned on Google Authenticator (two-factor authentication) on all my GMail accounts (even DropBox can utilize Google Authenticator).

So, you're probably thinking what more can you do? Well, there a few more items that I've already working on or done in 2013:

  • I decided to switch from KeePassX to LastPass for my password management. I switched for three reasons:

    • #1 - LastPass has tighter integration with the browser and the cloud. LastPass has a pretty good web browser plugin for Chrome and Firefox.  KeePassX I would have to find the profile and use the clipboard to copy my password.  LastPass just reminders my profiles.

    • #2 - My LastPass password vault is encrypted locally and stored in the LassPass cloud.  This takes the pain of synchronization with KeePassX and Dropbox out the equation.

    • #3 - Two-factor authentication support. For those that don't know what this is, this means you need both the password and some physical item (that usually emits unique codes) in order to login.  If you don't have both items, you cannot login.

  • Two-factor authentication using YubiKey.  These are amazing little USB devices that emits an one-time password (OTP).  For example, to login into my LastPass vault I use my master password and then I have to authenticate using the OTP emitted from my YubiKey.  They even offer a YubiKey that has NFC built-in so you can use it with NFC enabled devices like my Google Nexus 7 tablet.

  • I now encrypt my home directory data on my HD (via Ubuntu) on both my laptop and desktop.  So even if you steal my computer -- you cannot get my HD contents unless you know my password. (Note: Yubico offers a PAM for Linux so I could even require my YubiKey login).

I hope this inspires you to do more for your security of your digital life.  I'm planning on writing up a nice quick start soon for getting started with LastPass and some of the things I did or things you shouldn't do like I did.  Let me know if you have any questions.  Until then, may the security deities be with you!

No comments:

Post a Comment