The Brief Guide to Cybersecurity

Simple steps to secure yourself online.

Get Started >

Welcome!

So, you are one of the countless internet users in the world. Well, rest easy, because the internet is a safe place and chances are it’s very unlikely that you’ll ever be targeted by hackers. Right?

However, on the flip side, the good news is that I have done a research project on finding the best ways to protect and manage one’s online identity in a future where the field of digital security is ever changing, and on the basis of my research outcomes I will provide you with the following guide in a short and easy to digest summary so that you can minimize the chance or effect of a hacker coming after you!

While no one can ever be 100% immune to data breaches, there are steps we can all take to drastically improve our security online and that is where my guide will help you. I have done the research work for you and after considering expert sources and analyzing their information I have concluded that there are three main areas of safe practice that you can pay attention to keep your data safe:

Passwords. They are the basic lock and key to your digital house and they are a vital and exponentially growing part of our everyday lives due to the fact that the average internet user has accounts to a growing number of different services^[1]. My advice for the most secure practices for passwords boils down to three basic laws:

1. Use unique passwords.
2. Use long passwords.
3. Use complicated passwords.

1. Unique Passwords.
NEVER - repeat, never, use the same password twice.
If a service is compromised, hackers can and will try out the username and password combinations across many different services. For example, if you use the same password (and email/username) for Facebook and LinkedIn and your Facebook account gets hacked you have optimised that chances for hackers to also hack and gain access to your LinkedIn account too.

2. Use long passwords.
As a password gets longer it becomes more secure but the downside being it also becomes harder for the user/owner to remember. A great way to create and memorize long passwords is by using passphrases^[6]. A passphrase is made up of a string of memorable words or ‘phrases’ rather that arbitrary letters, numbers and characters.

In essence, a password or passphrase should be at least 14 characters long if it is the only factor of authentication but if multifactor authentication is used a minimum of 8 characters will suffice^[4]. An example of an effective long password/phrase might be TheFordMustangistheBest.

3. Use complicated passwords.
Utilise numbers, special characters (!, @, #, $, %, ^, &, etc), (Still memorable by incorporating into your passphrase). As the range of possible characters in a password increases the time it takes to crack and infiltrate grows exponentially for the hacker. An example of an effective long password/phrase might be *4The/!Ford70Mustang^is<>the13Best2?*.

How are you going to remember X unique, long and complicated passwords?
Well firstly, while it may be tempting to write down your passwords this is NOT a good idea. You are setting yourself up for a catch-22 scenario because writing down your passwords will be like leaving the key in the front door of your digital house effectively breaching the security that your password is supposed to provide for you in the first place.

In fact, one of my sources^[1] related the story of a high-ranking USA Department of Justice employee who went through an airport security point placing his laptop on the conveyor in full public view with all his written passwords stuck to the bottom of the laptop!

There is however a simple solution. Use a password manager. A password manager is a service that stores all of your passwords for you in a secure, encrypted form. All your passwords are kept behind a ‘master password’. The master password is the only one good password that you need to remember and becomes the ‘key’ to all of your other passwords.

And if you’re worried, ‘But what happens if my password manager gets hacked!?’
Well, good question, but good password managers will use your master password as the encryption key, so if a manger’s user data is compromised your data will be completely useless without your password.

‘Cool, where can I get one of these password managers’
There are many reputable and reliable password managers, many of which offer their core functionality for free. Some of my favourites include:

Update: Due to changes announced to the free service of LastPass, my officially recommended password manager is now Bitwarden.

Many web browser and mobile operating systems also have password managers built in and these would also be worth looking at.

All of my sources emphasized the need to be proactive and attentive to your online security with regard to how much personal information you give out to any website. Just as you would not leave a sign on your front door welcoming potential intruders or thieves, with an itemized list of contents contained within your house, your digital house should be treated with equal safety respect to protect your information contents.

Social media sites such as Facebook, Instagram and TikTok are particularly popular among younger generations but are rich sources of private information that is often given freely by the user with little regard to potential privacy breach. Attention to the types of sites you choose to use is a must, as well as the messages and emails you click on or agree too in order to minimize phishing and hacking.

Phishing is when an attacker makes contact with you disguised as a legitimate organization. They use information that they have gathered about you in order to convince you that they are legitimate and will then proceed to asking for personal information such as passwords, credit cards, etc. that they will then use to further exploit you.

Legitimate and security conscious organisations such as governments and banks will utilize encryption at both the transport and storage level for their user data and while most companies will purport to tell you your information is safe and secure there is little guarantee for a user to know exactly how their information is being handled and unfortunately big companies with lots of stored user information are favorite targets for hackers. The serious consequences of data breaches can be profound, such as your banking assets being taken over or your identity illegally used to carry out criminal activities.

Multifactor Authentication

Generally speaking, there are three ways a system can verify someone’s identity. In the past one method was usually sufficient until hackers became more proficient, and data breaches became more prevalent. However, combining two or more methods can greatly increase security. This practice is known as Multifactor Authentication.

In basic terms, to verify your identity, a computer can ask for:

By only using a password you are employing only one of those factors, something you know. However, a now common method of multifactor authentication being employed is the requirement that a code to be sent to your phone, which means you are adding, something you have (i.e. your phone) to your security stack.

At the highest end of the security scale is using multifactor authentication which incorporates biometric identification of an individual through unique physical markers such as, DNA matching, iris recognition, face recognition, finger/hand-print recognition, or voice recognition, and this then becomes, something you are.

Biometric authentication is considered the strongest possible security feature as only you are you!
My sources have indicated that there is an increasing move towards multifactor authentication and it will become a more standard way of protecting online security and identity in the future.

The innovations and advances in digital technology have increased exponentially in the last 10 years. It is a rapidly changing field, and this is why protecting your online identity and security will have limitations for several reasons. Technology is becoming become more complex, so in turn security measures will also need to become more complex. As well, technological advances have shown rapid growth so digital security needs to stay abreast of the changes due to a quick redundancy turnover in security practices and measures. As I have shown from my research already, a password/phrase is now only providing a first line of security defence.

The positives to technological advances may also prove to have negatives attached, and with regard to digital security, the forward expanding fields of artificial intelligence and machine learning may inevitably create a fine line between proving authentic human identity and artificial human identity that will inherently up the ante in trying to secure online digital identity for the user.

As well, hackers are becoming more proficient and able to breach security with increasing speed and ease. In simple terms, ‘they are becoming really good at what they do’. Trying to keep one step ahead of hackers will become increasingly difficult. Luckily there is a branch of hacking known a ‘white hat’ or ethical hacking as opposed to ‘black hat’ or unethical hacking. White hats try to foresee and overcome the weaknesses in security that the black hats use to take advantage of for nefarious reasons.