Few simple steps to secure your data, communications and credibility

Another day / another security breach. This post is not a primer in security, but about data security as it relates to tools we use at work daily. A big part of that is the "passwords" we all type into these applications in the cloud. Passwords by their very nature are insecure given there is no universal standard for what a secure password is, phishing attacks are uncommon given how easy it is to duplicate UI/pages/spam with them etc.

So what is one to do? Well try our best to not let intruders into our online identies and accounts. Two Factor Authentication is a very robust means of securing online access to accounts. At a very basic level it means you enter your username, password and another randomly generated set of numbers that is provided to you (usually via SMS or a mobile app) which you have to punch in additionally. This means if someone knows your username / password its not enough. They also need to have access to your phone (and know your phone pin) at that very time.

So with this simple step, you've reduced your chances of getting hacked significantly. See http://twofactorauth.org/ for sites / apps that offer 2-factor auth.

You would rather NOT do these 9 things! – http://abcnews.go.com/Business/top-things-email-hacked/story?id=19715483

  • Please set a very secure github.com password. I'll let you decide whats secure, but not 0000 or happy or something easy 🙂 You can imagine the damage a github hack can do. The same applies to Pivotal tracker / Basecamp also. You HAVE to switch on 2-factor auth also for Github here: https://github.com/settings/admin

  • Setup 2-factor authentication for both your personal Gmail account (if you fwd. office emails there) and Google apps account. Its a slight pain, but believe me its worth it! They have both iphone / android apps and ways to support imap / other places like that with "temporary one-use passwords". So shouldn't be limiting at all.

    http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284&hl=en http://support.google.com/accounts/bin/answer.py?hl=en&answer=185839

  • Will work for iOS / Android. Only implication is you'll have to get auto-generated passwords for macmail, iphone mail, set if using "send from" capability in gmail etc.

  • Laptops: Please set mac to use encryptionand set a strong password again. password and burrito are not good passwords 🙂 On Mac: http://support.apple.com/kb/ht4790 On Windows / Linux: will let experts decide how to.

  • Idea is we don't lose sleep when someone loses their laptop and can confidently state to clients that their data / code / database is safe!

  • Mobile devices / ipads: They have to have a lock on them. A 4-digit pin goes a long way.

Security compromises will happen (they are bound to), but we want to make sure we made the best effort to protect us and all our clients.

Photo credit: https://flic.kr/p/inZMmu