On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. One of the questions he’s planning to ask: “What can I do to improve the security of my digital information?”
This, fortunately, may be the easiest question to answer and the easiest step to implement.
First, we need to distinguish between types of digital information. A lot of digital information lives on web sites that other people control. Protecting that information is very different from protecting information that lives on your computer or phone.
Password strength meters will tell you that “Philippians4:19” is a really strong password due to its length, use of mixed upper and lower case, and the presence of numbers and a nonalphanumeric character. It isn’t. Bible verses make lousy passwords because of their predictability. The first part of the password is one of 66 things. Perhaps by varying your abbreviations, you can extend it slightly, but at most, it’s a couple hundred things. So it’s something really predictable, followed by a number that’s three digits or less, followed by a colon, and another number that’s three digits or less.
And the other thing is, you’re not going to use Romans100:119 as a password because that verse doesn’t exist. You’re not going to use Jeremiah34:3 as a password either, unless you’re just rotating your passwords by iterating through the verses of Jeremiah. But it’s more likely that you’re rotating through a subset of the same 20-30 verses everyone else is.
Stop doing that.
Get a password manager. Popular options include Last Pass, 1password, and Keepass. I prefer Keepass because it runs locally and it’s completely free, but if you take my earlier advice and use a Chromebook for banking, you’ll need to use something web-based like Last Pass or 1password. Change as many passwords as you can into long, machine-generated random passwords. Those passwords will take decades to crack. Set them, store them, and never worry about passwords again.
Can’t do that? When you need a password you can type and remember, do this. Grab a book. Turn to a random page and pick a random word. Do that four times. Those four random words are your password. Here’s one I just made:
That shouldn’t be a strong password but it’ll take a few years to crack. That’s good enough. If the site requires you to have numbers and symbols in the password, throw in enough numbers and symbols to meet the requirement. Capitalize the words if it requires capital letters.
The reason we started requiring 8-character passwords in the 1990s was because back then, it took about a year to guess one. Today it takes a lot less than a year to crack an 8-character password, so we have to do better. Even though there are many billions of possible passwords, human beings always choose from one of a few thousand on their own. So we shouldn’t choose passwords on our own anymore.
Password-protecting sensitive documents
Microsoft Office gives you the option to encrypt documents with a password when you save them. The encryption in Microsoft Office 2007 and later is very good, as long as you use a password that’s reasonably long. 16 characters ought to do it. Password-protected documents in pre-2007 format aren’t very secure, so convert those files to the newer format.
Competing software, such as Apple Iwork and Libre Office, usually has a comparable feature.
If you have a few documents that are especially sensitive, encrypting them with a password is a very good thing to do. If you have a spreadsheet with all of your bank account numbers, your family’s social security numbers, and other crown jewels of your identity, make sure you have that password on it. That way, if anyone ever gets hold of it, it’s useless without the password.
Adobe Reader documents have the same feature. If your accountant offers to send you digital copies of your tax returns, insist that it be encrypted with a password. If you scan sensitive documents yourself, when you save them you’ll usually have the same option. Use it.
If you have a sensitive document and can’t think of any other way to protect it, zip it with your favorite Zip compression utility, such as Winzip. Put a password on the archive when you create it, then delete the originals.
Store the passwords for all of these sensitive documents in your password manager, of course.
Securing local information
The last step is to back up your data. If you have backups, you can always start over again.
So, buy an HGST by Western Digital hard drive. They’re hard to find in some stores, so I provided a link to Amazon. HGST drives are the most reliable drives available right now. For backups, you want reliability.
Also, buy a USB flash drive. Buy one made by Sandisk, Lexar, or Toshiba. Why those brands? Because those are the brands owned by the companies who make the memory chips. Those brands get the best, fastest, most reliable memory chips. Second-tier brands get the leftover chips. For something as important as backups, you don’t want leftovers.
Next, sign up for some cloud storage. You can use Box, One Drive, Google Drive, or anything else you like. Or if you want something fully automatic, sign up for Carbonite.
Copy your data to all three places. I just drag my documents folder onto each one periodically. Now you have backups on three different media. They won’t all fail at the same time. Update them from time to time, and if something happens to your computer, you can always fall back on the backup.