- Internet & the Web
5 simple rules of computer security
Thinking about ‘computer security,’ an average user usually imagines something difficult. We often imagine computer security as something accessible only to the understanding of specialists. In fact, it's not as scary as it seems. Here are some simple rules following which you will protect yourself from the most common web security threats. And what is the best, they are available and under the force for anyone who uses a computer.
1. The password must be reliable.
A strong password is a keystone of data protection. Everybody knows that the phone number or the name of a pet is not the best option for the password. But the majority of users still persistently choose this type of passwords. And it is not surprising. The imagination should be limitless to create unique and reliable passwords for every account. But nowadays new methods are available. To create a secure password, you shouldn't invent it. Just install a software password generator on the computer. The application will do everything for you.
A great addition to the strong password is two-factor authentication (2FA). To log into the system, protected with 2FA, you need to enter a one-time password. Usually, one-time passwords are delivered via SMS messages to the user’s phone, connected to the account. But there are more modern means of one-time passwords generation - hardware and software tokens. There are hardware tokens of different form factors and software tokens in the form of iOS/Android apps. OTP tokens use advanced one-time password generation algorithms - HOTP, TOTP, and OCRA. OCRA (OATH Challenge-Response Algorithm) is the most reliable algorithm. In some 2-factor authentication solutions, it is also amplified with data signing function (CWYS).
CWYS (Confirm What You See) function allows generating OTP passwords taking into consideration not only the secret key but also some extra factors. The CWYS function is most appropriate for financial transactions to ensure their security. That is why usually the subjects of extra analysis become some characteristics of the transaction: the sum, the currency, the payee, etc. The use of CWYS function allows avoiding such threats as banking trojan viruses, data modification, Automated Transfer Systems, and Man-in-the-Middle attacks. Even having the one-time password of the user, the hacker cannot confirm his own fake transaction. The real parameters, encoded in this OTP password (the amount, the currency or the payee) will not match with the fake information.
2. Cloud services are not always secure.
There are more reliable cloud services and less reliable ones. But there is no perfectly secure cloud service. If desired, it is possible to crack the most advanced protection. Thus, the most important information, the disclosure of which is absolutely undesirable, should not be kept on the cloud disk, no matter how convenient it may seem.
3. You can trust valuable information only to websites with HTTPS protocol support.
Of course, 2FA authentication is important. But where we send our passwords and data is no less important. Don't trust any significant data to websites that do not support secure data transfer protocol HTTPS. Especially it concerns any financial transactions on the Internet. The absence of a single letter "S" in the name of the data transfer protocol means that the website doesn't care about the safety of the information entrusted to it.
4. Any software is vulnerable to attacks.
Even the most modern programs are created by people. And people make mistakes. Including mistakes in the matters of security of the products they create. There are no perfect codes that are completely inaccessible to malicious attacks. We often forget that the software updates are not a fad, but a necessity.
Software updates so often irritate us with their ‘importunity’. But they are first of all necessary for the users, not for the developers. After finding the vulnerability or error in the program, developers release an update that they offer to download. If the user cares about the security of his computer, he will not neglect the updates.
5. A new device is not as ‘clean’ as it seems.
A recently bought laptop or smartphone seems more secure than the old computer, which was used for many years. And the fact that the new gadget is already infected with viruses or contains software with the dangerous vulnerability may become a great surprise for its happy owner. Information that until recently all the laptops by Lenovo have been supplied with the advertising application that had great vulnerabilities in its code and served as a wide ‘entrance’ for viruses and hackers, became an unpleasant surprise to many people. So, it is necessary to delete all the programs that have no obvious value from the newly purchased computer.
These are the basic rules of data protection, which are accessible to everyone. Following these simple computer security rules, you will avoid greater security threats than it might seem at first sight.