Most people have an outdated way of looking at online security. I remember learning about web security at school in the early 2000s. We were all told that giving out your personal information online was like a death sentence. How times have changed.
Other advice, like changing your password frequently, to something that no other humans could guess, also turned out to be bad advice. Gone is the era where computer worms and email viruses were king. Learn to think smart about online security. It beats any software out there.
Security Experts Don’t Value Anti-Virus Programs
Last year, the Google security team was researching how security experts were looking after themselves on the web. They asked them for their top tips and found that “only 7% of experts said that running antivirus software was one of the top three things they do to stay safe online.” These security experts went on to say that Anti-Virus software might even lull users into a false sense of security. Their best advice was to religiously update all software, use unique passwords and a password manager, and to use two-factor authentication.
Brian Dye, senior vice-president for information security at Symantec, went a step further and declared Anti-Virus software as “dead”. He said that the most successful attacks being carried out right now are either basic attacks like phishing, or are performed via the use of software bugs. Both of these attacks can easily bypass your Anti-Virus program.
The Password Myth
The brainy web comic xkcd famously highlighted the misconceptions about password security. They compared the passwords “Tr0ub4dor&3” and “correcthorsebatterystaple”. The first password, a jumbled uncommon word, looks conventionally secure, i.e., hard for a human to guess—but at 1000 guesses per second it would only take 3 days to crack. On the other hand, the second password, four common words, would take 550 years to guess at the same pace. The comic’s takeaway was that we’ve “trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” Whoops.
Not only are long strings of text easier to remember and type on your smartphone, they are also much more secure than shorter, complicated passwords. The longer your password is, the harder it is for a computer to break. When defending against a brute-force attack, every character that you add increases the number of possible solutions, increasing your security exponentially.
Once you have a good password, utilize two-factor authentication if it’s available. It’s one thing for a hacker to get their hands on your password. It’s another thing for them to steal something that you keep on your person.
The Next Step
The leading advice is to have unique passwords—one for each of your online services. Average users rarely take this advice. When one of their services gets breached, someone has access to all of their accounts, and this is happening more and more frequently. This is where password managers come in.
A password manager will create as many ultra-secure passwords as you need and store them safely for your quick access. People worry that it’s a case of putting all of your faith in one system instead of many. The fact is that unlike other online services, the major password managers have never been successfully breached. So save yourself from remembering multiple passwords and apply your trust sensibly.
Update, Update, Update
There’s been a strange trend recently, where people have started to distrust the companies that are sending software updates their way. This distrust is totally misplaced. It’s much more likely for a software bug to already exist than for a large tech company to push out a malicious update. Google’s research showed that 35% of security experts said that installing software patches was one of their top practices for staying safe online. So ignore your irrational fears, patch away to your heart’s content, and enjoy your increased security.