Critical flaws were found in the Internet Explorer and even Firefox web browsers, leaving users potentially vulnerable to spyware, viruses, and password-sniffing. But don't throw up your hands in defeat—with the right software tools and a little Advanced Common Sense, you can secure your data so that even if someone did get onto your computer or into your email, they'd find nothing but headaches and woe. Read on for our list of ten software apps and strategies for locking down your online life.
10. Wipe that iPhone (or BlackBerry) before trading in.
It's almost inevitable that your iPhone's storage space or feature set will seem completely outdated at some point, depending, of course, on personal tolerance. Before you trade it in or sell it, though, take heed—your personal data is still there, and recoverable with a few modest hacks. Considering how much email, login information, and web history is sent through a phone these days, it's worth looking at Jonathan Zdziarski's wiping method, which involves jailbreaking your phone and jumping into the command line to wipe it down clean. Rocking the BlackBerry? Check out BBGeeks' much easier wiping steps.
9. Use virtual credit cards for iffy online buys.
Buying a DVD from Amazon is usually a pretty standard, safe transaction, but that cutesy little shop with the clever T-shirt? That's when you should take a few minutes and get a virtual—or "one-time," "secure," or "online"—credit card. Most major banks, PayPal, and Discover offer them, even if they're not widely used. If you're not quite sure about a site, or even if your own computer might be watched, it can't hurt to try a card made for only one purchase.
8. Hide data inside files with steganography.
You probably know it's not smart to keep sensitive, need-to-remember data in a file named all_my_bank_accounts.doc
. But few laptop thieves or backdoor hackers are going to look for your PayPal data inside soaring_whales.jpg
. Even if they did, they'd only see Orca and friends if you stashed your stuff with easy-to-use steganography tools. They're also great for trading the kind of information you wouldn't normally send over email inside otherwise non-intriguing files of all types, sparing you the need to go through too much extra effort.
7. Plan for the worst.
As one editor here recently learned, even a decently protected computer or email account can be gotten too, and it's hard to tell why. So while precaution is a best practice, it's just as smart to fortify your digital life for intruders. Clean out your old and never-mailed contacts to avoid apologizing to them later (to say nothing of infecting or spamming them later). Delete any emails, archived or not, that contain passwords, account numbers, PINs and the like—some web sites have a bad practice of emailing them right to you. And make sure you know how your webmail provider would reset your account if it was ever compromised—long-ago-sent activation code, ultra-secret question, or something else entirely. If you don't know this, then a break-in truly is the end of that convenience.
6. Get smarter on security questions.
Most web-based apps provide a fail-safe way to get your password to you if you've forgotten it. Some are more secure than others, but almost all of them ask for some kind of verification/security question—"What is your mother's middle name?" is pretty common, and so is "What was your first pet's name?" Thing is, a lot of that stuff is easy to get at, as former Vice President candidate Sarah Palin learned the hard way. Blogger danah boyd's security question algorithm isn't heavy math, just smart thinking. You basically create two words—a snarky response and a unique word you'll remember—to encapsulate your actual answer. Unless a clever college student looking to scandalize you lives inside your head, chances are you've closed off this weak security link.
5. Boost your browsing and downloading privacy.
Giving away all your web activities is easy to do, if you don't take any precautions at work or home. For seriously strict IT policies at work, give our guide to private browsing at work a read-through. Need even more security to hide your traces? Try an anonymous proxy service. Many proxies go up and fall off the net every day, but the Tor network and its cross-platform browsing tool, Vidalia, works in most situations to prevent end-result sites from knowing where you're at. As for all that BitTorrent traffic that gives you occasional pause for thought, we've got you covered there, too.
4. Theft-proof your laptop (and its files).
Few everyday emotions can stand up to the "Laptop Dillemma" in complexity. Your laptop is supposed to give you freedom and flexibility, but it's also a big chunk of moolah just crying out to be lifted. Adam Pash isn't quite paranoid, but he does have a handle on how to keep your laptop from being stolen, or get pics and locations on the sly of the thief if it does, and prevent your data from getting compromised. Read his guide to setting up a laptop security system and pick out the anti-theft elements that make sense for you.
3. Secure your wireless network.
No matter what any salesperson tells you, you should never take a wireless router out of its box, hook up a few wires and start surfing from the belkin54g
hotspot. Tech site Ars Technica has a great guide to "The ABCs of securing your wireless network," covering everything in your house—Xbox, Wii, laptops, and iPhones—and the best protocols to use. For a more nuts-and-bolts basic guide, try our long-ago wireless network tutorial, but don't use the WEP standard mentioned in there.
2. Encrypt your data whole or piecemeal.
For whatever the reason, we've all got files that shouldn't be available to anyone who sits down at our keyboard, whether they live across the globe or across the hall. Encryption has come a long way in ease-of-use and accessibility, and some operating systems—mainly the "business" or "ultimate" kind—have native support for encrypting drives and folders. For most of us, though, there's TrueCrypt, available for Windows, Mac, and Linux systems. We've walked through encrypting entire drives or single folders with TrueCrypt, and while there are plenty of encryption tools out there, TrueCrypt is a nice balance of hard-nosed security and understandable, actual-human software.
1. Use KeePass. Love KeePass. Be secure.
It works on any system, it works with any program, and you can have it automatically between your computers. In short, KeePass is pretty indispensable for anyone who isn't doing the bad, bad thing of using the same password on every web site and computer app. Once you've learned the basics of the free, open-source password vault, you can make it work your own way with great plug-ins. Already using Firefox's password manager? That's cool—you can export them into KeePass. If you're a multi-computer, multi-operating-system person, the free online storage service Dropbox can serve as your ultimate password syncer through KeePass.
Beyond these ten tips, what measures do you take that most others ignore? Got a great hassle-free security program we've skipped? Tell us about it in the comments. [via lifehacker]