5 Ways to Improve Your Online Security
Attacks on email servers begin just a few minutes after they are published anymore.
Simon, this is amazing advice. I'm digging the fob.
The advice used to be not to write down your password and also to change them regularly. This kind of forced people into using weak passwords. It's better to have a crazy complex password and have it printed out and kept somewhere safe. The risk of being compromised electronically is way higher than someone finding a piece of paper stuffed in a draw in your house.
Yes, that's why companies who enforce every 30 days password changes often are compromised by attackers trying variations of "20.deC16" (unless December2016 gets past the password checker software, which means the checker is so pathetically weak that it's a security flaw in its own right). Just be sure to hide the paper well, so the Cubicle Cops don't find it and write you up for a violation. Though if you work for the military-industrial complex or a "three letter agency", you better follow their rules, no matter how silly they seem, or else!
i do no online banking. very secure method
That means there is waste paper that can be used to create an online account for you, that you would not know about. Be sure to cross-cut shred EVERYTHING with the account number and other identifying information. Dumpster diving is a time-honored tactic of spies, thieves, and snoops. Even in the internet age, some folks are still doing literal dirty work to get their hands on your data.
re: the "lastpass has been hacked" claims.
There are always going to be issues (security is a process, not a checkbox) and the fact that they are mostly minor and the company fixes them quickly is important. It's all about risk - am I more or less likely to have accounts breached from using that service or from a complete breach of some other company? (like Yahoo, losing a BILLION accounts). Also, saving things on a local machine is risky too - what if it's stolen / compromised? How are they encrypted? Are they even encrypted? What happens if I loose them? It can be done, but isn't without risk.
You still need to be vigilant and check that you are on the domain you are supposed to be for example before you give up your credentials, whether you are typing them yourself or using a password manager. Think of the password manager as an extra layer of protection, not a replacement for your own awareness and common sense.
The other good thing about a password manager is it can tell you which passwords have been re-used across sites, how long ago they were last changed and whether they are weak or strong, have been compromised etc... as well as reminding you which sites you even have an account on.
Companies go bust, sites disappear, but often data isn't wiped as thoroughly as it should be and might end up in a zip file on someone's machine and one day exposed. That is why having different password on each site is important - because if a site dies, you lose the ability to change those passwords. Don't think people don't have scripts to automate the login attempts on lots of other sites when a new batch of exposed accounts becomes available.
My new-years resolution was to go through and make sure I had different + secure (random generated) passwords on all the sites I could. LastPass really helps with that - look for the "security challenge" that guides you through the process.
Another neat touch is you share access to credentials with someone else - a husband and wife for instance could each have a security key to act as the backup for each other's account and, through LastPass, allow access if needed. What would you do for instance if your partner died or became hospitalized - do you even know all the accounts, let alone the logins to them? You need a way to store and share them securely.