Security & Safety
Passwords
As the world becomes increasingly digital, we rely more and more on passwords to protect our online identities and sensitive information. Unfortunately, many people still use weak or easily guessable passwords, putting themselves and their data at risk.
Here are some tips to keep your passwords secure and protect your data:
Create Strong Passwords; A strong password is one that is at least 12 characters long and includes a mix of letters, numbers, and symbols. Avoid using single dictionary words or common phrases, as these are easy for hackers to guess. Instead, use a combination of uppercase and lowercase letters, numbers, and special characters to create a strong and unique password. If you find this difficult, consider using a series of random words with initial caps, e.g., "CorrectHorseBatteryStaple" (don't use this one!) Add some numbers and special characters, if the app/website insists.
Use Two-Factor Authentication; Two-factor authentication adds an extra layer of security to your accounts by requiring you to provide a second form of identification, such as a fingerprint or a one-time code sent to your phone. This makes it much more difficult for hackers to gain access to your accounts, even if they have your password.
Don’t Reuse Passwords; Using the same password across multiple accounts is a major security risk. If a hacker manages to obtain your password for one account, they can use it to gain access to all of your other accounts. Instead, use a unique password for each account. Use a password manager to keep track of them all. Write them down, if you must, but keep the list somewhere secure - not in a file on your PC called "Passwords"!
Change Your Passwords Regularly; Even if you have a strong password, it’s important to change it regularly. This makes it more difficult for hackers to guess or crack your password over time.
(Based on https://www.bowlandit.co.uk/world-password-day-5th-may/ from Bowland IT, one of B4RN's customers)
Other things to consider
So now you're using good passwords, you need to think about some other ways to keep you safe on the Internet;
Keep Your Devices Up-to-date; Install manufacturer updates regularly and often. Give serious consideration to retiring devices that are no longer supported, or at least don't connect them to the Internet.
Install and use anti-virus software, where appropriate. The built-in anti-virus on modern versions of Windows is fine. There is almost no need to use anti-virus on Apple Macs, especially if you only run apps from the App Store but you may find it reassuring to do so. There is no point (indeed it is impossible) to run anti-virus on iPhones & iPads. There is very little point to anti-virus on Android.
If your device is jail-broken (and if you don't know what this is, it isn't, and you don't have to worry about it) then all bets are off and you're on your own.If you buy devices second-hand, always factory reset them and reinstall before using them. You don't know what the previous owner did with them. Conversely, if you sell (or discard) a device, do the same. You don't want to leave any of your data on the device.
Only install software from app stores; your chances of getting a malware infected app are much reduced if you only install apps from the manufacturers app store.
Don't run as a user with admin rights; if you use your device as an administrator, and you, e.g., click on a malware link in an email, then your device will allow you to make changes. If you use your device an a 'normal' user, then when the malware attempts to install, you will get a warning,.
Be Paranoid; If something is too good to be true, then chances are it isn't true! Don't click on links in emails from people you don't know. No-one legitimate will ever ask you for your password. Your bank will never ask you to transfer funds to "keep them safe". HMRC do not correspond via email, or demand payment with Amazon vouchers. Microsoft do not ring people up. Never be afraid to hang up the phone or ignore that email or SMS while you make sure it's legitimate. No legitimate organisation will mind waiting until tomorrow while you check on them. If a caller asks you to identify yourself by stating some piece of private information, refuse to do so until they identify themselves - after all, they called you! Caller ID and email sender addresses cannot be trusted. Always confirm by independent means that payee details are correct before paying (e.g., ring the payee up and make sure the sort code and account number are correct) especially if large sums are involved and this is the first or only payment to this payee.