Valt Holiday Guide to Security · Valt - Making Passwords Painless

Valt Holiday Guide to Security

Holidays: More shopping, more traveling, more exposure of your most sensitive data. Below is our gift to you: how to keep your most critical information safe — so you can spend more time crafting cocktails and less time double-and-triple-checking your online statements for fraud.

While now is a time to celebrate with loved ones, it can also be party season for hackers. Below is our guide to staying secure, while you pop the bubbly.

The Basics of Digital Security

Vice’s Motherboard has a hefty resource for all things related to keeping yourself safe in the digital world. While unfortunately some hacks are nearly impossible to brace against (e.g. a breach of your email or financial services provider), others are easily preventable (such as phishing attacks on your individual account).

To Start:

  1. Ensure all of your apps are up to date. Use the latest version of your operating system, and revamp all apps you store and use on your device(s) continually. These updates are essential as they often include critical fixes for security holes. (E.g. McAfee notes the Equifax breach could have been prevented if the company had updated its software as instructed two months prior.)

  2. In addition, using auto-update can save you loads of time. (The average smartphone user employs 9 apps per day and 30 per month.)

  3. It is also imperative to use a password manager. We at Valt love our version: we train our users on a unique, image-based master password, which guards all of your sensitive information and actively manages for you in the browser. Additional fun features, which a range of password managers employ, include prompting users to quickly autofill and generate new, unique passwords when an additional site is incorporated. If a user detects a breach on one or more sites, some managers allow him or her to rapidly create a new suite of passwords. Managers, such as 1Password, also allow for password synchronization across Windows, MacOS, iOS, and Android clients.

    Other popular managers LastPass and Dashlane are built on a similar premise: locking a vault of personal data behind a master password. In contrast with Valt’s use of images, both LastPass and 1Password employ a text-based master password. We’ll save further thoughts of these other managers until after the holiday season; for now, we want to impress upon readers how critical it is to use any password manager. It is one of the best ways individuals and organizations can protect themselves – relieving us of writing down and memorizing arduous strings of letters and numbers, and helping guard against common dictionary, rainbow tables, and brute-force password attacks.

  4. In addition to a master password manager, two-factor authentication can doubly protect personal data. Two-factor brings in something more than simply your password to access your account. Think: the Google Authenticator, which requires the use of a time-sensitive six-digit code, sent to your phone. Authy, a specialized app and Google competitor, allows users to say safe on multiple devices at the same time (i.e. Android and iOS mobile devices, along with Windows, Apple Watch, and a desktop). If a device is lost or stolen, Authy allows for its immediate de-authorization. Authy also takes advantage of encrypted backups in the cloud, while Google Authenticator requires users have their device(s) physically on hand. The Duo app offers a similar solution for many enterprise customers. (E.g. Etsy used Duo to help protect and ease users’ workflow.) In addition USB or YubiKeys can also come in handy here.

    Google, Authy, Duo, and other multi-factor authenticators generally rely on a time-based one-time password algorithm (TOTP). A TOTP computes a single, short-lived password from a combined secret key + current timestamp. The two are connected via a cryptographic hash function. Duo’s Mark Stanislav details the process in “Two Factor Authentication.”

Additional Precautions

More pro tips include using:

  • Security Plugins. Quick to install, they include the well known ad blockers, which protect against advertisements with embedded malware. These can come up on both legitimate and sketchy sites. One list of useful plugins to consider highlights the popular AdBlock Plus (Firefox/Chrome/Safari) and notes alternatives, such as uBlock Origin, NoScript, and ScriptSafe.

  • VPN. A Virtual Private Network between your computer and the internet. If you’re in a zone with available WiFi (cafe, Airbnb, public transportation), hackers in the same vicinity can steal your info. A VPN creates and seals your single connection. The Motherboard has a few tips on which VPNs are better than others, such as Freedome, Private Internet Access, and Algo (more for technical users).

  • AntiVirus. While generally a good idea, this shouldn’t be a final solution. We suggest pairing AntiVirus software with the other tips above.

In addition, consider:

  • Disabling Macros. A resurgence of attacks via Microsoft Word macros (think: opening a .doc attachment with garbled text) recently has Symantec reminding us to disable them. Macros are a set of commands for automating repeated tasks. The ever-handy Office Support has a quick guide for going about disabling.

  • Not using Flash. This piece of software, now dwindling in popularity, has largely been used to stream and view video and audio on a computer or mobile device. Unfortunately, the software is full of holes, ripe for hackers to squeeze through. Gizmodo provides instructions for disabling.

Conclusion

You’ve heard it before; we’ll say it again: Never open suspicious attachments (see Disable Macros above), and always back up your important files.

In conclusion, holidays should be fun! Follow the basic steps above, along with many of the pro tips we’ve listed – of course, reach out to the Valt team with any questions – and free yourself from at least the stress of personal security breaches as 2017 comes to a close.