Stay Safe - Let's talk secrets
Hello friends! Today I am going to talk secrets. Nope, If you are thinking that I am going to share my secrets, then you are terribly wrong 😜. Secrets in the cybersecurity world refer to your passwords, private keys, PINs and etc. It is an appropriate name as these are indeed things you should keep a secret and should not share with anyone else. In this post, I am going to give you a quick overview on how authentication works, some simple tips to secure your secrets and other ways to enhance your security so that you can stay safe.
How authentication works?
Authentication is simply a process for someone or something to verify that you are who you claims to be. I think we are most familiar with a website authenticating a person. There are a 3 main ways or factors to authenticate a person:
- By verifying something that the person knows (e.g. passwords, PINs private keys);
- By checking something that the person has (e.g. access cards, physical tokens);
- By checking something that the person is (e.g. fingerprints, retina, other biometric data)
During an authentication process, the person will first provide an identity (usually the user ID) and follow by one or more of the above listed factors. The most common way for authentication now is still through "what you know". Hence, it is important to secure your secrets.
Tips to secure secrets
1) Never use the same password across multiple sites
Out of 10 people I ask, at least 8 people commit the mistake of reusing the same password across multiple sites. This is risky because websites have different levels of security. Sites like Google are considered secure. But there are many sites that fail in their security. If you reuse your password across different sites, you just need to have your password exposed due to a hack at one site and you will lose your credentials at all other sites.
2) Use a password manager
This is to help you with Tip #1. Password managers are applications or tools that are capable of storing your passwords in a secure manner. With password managers, you can have different randomly generated passwords at each site without having to memorize them all. When you need a password, you just need to login to your password manager to retrieve it. Popular password managers are Lastpass, Dashlane and Keepass. You can read more about them at their sites.
3) Long intuitive passphrase is better than short "complex" password
Many sites require your password to meet a certain level of complexity. It might requires your password to contain upper/lower case characters, numbers and special symbols. This is traditionally thought to be secure. But human beings are lazy by nature and like to take shortcuts. By requiring complex passwords, it resulted in easily guessable patterns. This is further elaborated in the following article (https://www.theverge.com/2017/8/7/16107966/password-tips-bill-burr-regrets-advice-nits-cybersecurity).
The trick here is really to come up with a long passphrase. This is not only difficult to crack, it can also be easy to remember. For example, a passphrase like "IReadSteemitOnADailyBasisBecauseItIsAwesome!" will be much more secure than an easily guessable password like "P@ssword123".
4) Check if your accounts have been compromised
This is a quick one. There are sites that check against major data breaches and let you know if your account have been compromised before. One of these sites is called "have I been pwned?". Head over and enter your email on the site. If there are results, be sure to change your password ASAP!
5) Beware of shoulder surfing
Shoulder surfing is the act of looking at someone else's phones/laptops while they are being used. I have to admit that I am guilty of shoulder surfing as well. In Singapore, if you are taking the usually packed train, it is difficult not to look when someone typing away on his/her phone. And most of the time, I will get to see people typing their PIN/Passcode (some are incredibly simple to remember). It is important to only enter your password in privacy to protect against folks like me 😎.
In a nutshell
Secrets are not meant to be shared. Same goes for your passwords. This is especially important when you are dealing with cryptocurrencies. Often times, the private key is all it takes to access your wallet. Make a conscious effort to safeguard your passwords and always opt for multi factor authentication whenever possible. Stay safe my friends as the ultimate responsibility of your security lies on you.
**Credits: First Photo by Kristina Flour on Unsplash
Or be like Steemit give long random passwords that I can never remember.
Haha.. then the question will be, how do you remember it? Do you happen to write it down somewhere convenient...
Nicely written and very informative, thanks so much!
Thank you! I am glad it helps.
Oh man! I had used the same passwords for all my sites but I'm lucky enough not to get hacked. Great article about password protection! Upvoted!
Try not to do that my friend. In the cybersecurity space, we often say that it is not about IF you will be hacked but WHEN. ;)
Great read! Thanks for this valuable reminder and information. Will take note of your tips.
Thanks! I am happy to help.
Hi culgin! (;
Keepass is great.
And I have never been pwned, apparantly. :D
Maybe this is a bit helpful for some people: https://howsecureismypassword.net/
The name of the site says everything important.
Cheers bro!
Haha.. the site is sponsored by Dashlane. One of the password managers.
Haha, did not know that; just thought it could be helpful haha
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by culgin from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
You got a 3.15% upvote from @bid4joy courtesy of @culgin!
This post has received a 21.49% upvote from @msp-bidbot thanks to: @culgin. Delegate SP to this public bot and get paid daily: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP Don't delegate so much that you have less than 50SP left on your account.