#DailyBloggingChallenge (54/100)
How much #paranoia is permitted in the digital sphere of communication until one is categorized as a tinfoil hat carrier?
This depends to whom one is communicating and how valuable the data is that could be potentially abused.
Situation:
Let there be a group account without the possibility to create individual members and let the leader have 2FA activated. When the ask for the password for the account followed by generating a gift code from an unknown website.
Does this satisfy to take precautions on how one chooses to communicate further?
#DailyBloggingChallenge (55/100)
The rule of thumb is that the more secure it is the less convenient it becomes and vice versa.
| Though there are plenty of examples where this is not the case like #PasswordManager | s. It is true that some are more convenient than others, thus we will stick with the concept. |
Good security practices state that one should have an unique #password for each account.
Doing this by hand is not that difficult, just choose a special character, use it as glue between two, at least, five letter words and append a counter.
This method is fine with a couple accounts. Now, if one has 100+ accounts, knowing if account X had counter Y or counter Z is not that straight forward.
With a password manager this task becomes trivial.
#DailyBloggingChallenge (56/100)
Location based #security
Location based security is when the devices are bound by location. This can either be controllable (e.g. an #authenticator on a device) or uncontrollable measures (e.g. IP block).
Most use the #convenience of the smart phone and have an authenticator on it. This is fine as long as there is an additional security barrier like a password to use the app.
Now imagine having more than one device for authentication purposes and one quickly realizes that these devices are location bound.
For the uncontrollable measures there are usually work-a-rounds. For example IP blocks can be circumvented by VPNs or Tor.
Another typical scenario is forgetting that a specific account is device bound and thus one hopes that fallbacks were instantiated.
This is why it is recommended to have redundancies in place. The caveat is that these then become another potential attack opportunity.
In the end, one should have a strategy in place how to protect one’s accounts.
#DailyBloggingChallenge (57/100)
Account #isolation #security
Account isolation security is when one does specific tasks with specific accounts.
Situation:
Let’s say one got a work laptop and one wants to use it privately as well. The best would be to set up three accounts/users: root, work, and personal. This way one has a clear cut between the three scenarios.
This also comes with the mental fortitude of creating a new location for every task at hand and thereby using the strategy of priming to create an environment to set the tone.
#privacy #WorkTips