A technical measure to protect information is to use passwords.
Passwords strategy
- Do not use the same password on multiple websites. Use a unique random passwords on each site
- Do not write them down (for example on a post-it sticked to your monitor)
- Do not share them with colleagues
- Use a strong password. A strong password is something that is not easy to guess. So "qwerty" or "1234" are not strong passwords.
However "Tr0ub4dor&3" might too difficult to remember as described in the webcomic xkcd. Or too easy to forget. See also the explanation of "Correct Horse Battery Staple".
Password manager
- Do you use the feature of your browser to store all the passwords of the sites you visit? Have you protected access to it if you are not around?
Have you encrypted the hard drive of your computer? Do you use a screen saver with password that will automatically be activated when your computer is inactive for some time? - A better idea to keep track of all your passwords is using a password manager. Often it can also generate random passwords.
Two Factor Authentication (2FA)
- Also known as 2-Step Verification. 2FA is a technique to make an authentication process more safe.
Use beside a password ("something you know") a second method of authentication that differs from a password and is "something you have".
For instance a mobile phone that can generate a security token on the fly. Or an USB device (called Yubi key) that generates a second security token.
Public-key cryptography
- Another authentication method is using a public/private key combination. Create such a combination and store the private key on your computer, and the public key on the computer/service you want to access. You can secure it even more by creating an extra password on the public/private key. Sites like github.com or bitbucket.com use it. And Linux servers that you can access using ssh often use it.
