Good Tech Habits and Quality of life

Hardening digital devices using layering

Basic Security Precautions - Part One

Here is a checklist that can help improve your "habits". I'm planning on going into more detail at some point but for now they are valid across the board - in other words they apply to phones, laptops, desktops, Windows machines, Macs, Linux, applications - you name it. Here goes:

1. Don't use old versions of software that are no longer supported. Why? Because old software bugs that are well known and documented are easy to exploit. Old versions of Android no longer get patches for bugs or security issues. Google typically guarentees "updates" for a Google phone for 3 years and they are the "gold standard" for Android phone manufacturers. Don't keep using Windows 7 for the same reason. Same for Macs.

2. When you buy a device, consider buying from a manufacturer that has a good history of patching their software. I bought an LG V20 phone that had awesome hardware but bad and infrequent software updates that irked me. I've moved to buying google phones now but there are a few other good manufacturer's vis a vis patches. Use Google and search for a manufacturer's software update history - and let that guide your purchase along with the other criteria you are using.

3. Learn to identify what patch level a device is at. If you don't do this, you won't be able to follow steps 1 and 2 above. If someone asks you what version of Android, or Windows or Linux or .... that you are using and you say "um um...." maybe take 5 minutes to understand how to find out. You would be amazed how many issues you can solve on your own using google if you knew this. For example, a google search for "Google Pixel 6 December patch" will bring you a whole lot of complaints about how poor the patches for the new Pixel 6 are. Yes I did say Google was the "gold standard" for software patches but name me one company that has NOT ever had issues with patches. New devices typically are the ones that have to get ironed out in the first few months...and this time the Pixel 6 is the example but I am 99.999% sure google will get this fixed sooner than later. Find Android version Find Windows version

4. Applications need updates too! If your phone asks whether you want to update apps on your phone install them.

5. Speaking of applications, installing a thousand and one apps is bound to include a few bad actors so don't do that. You may be inadvertently installing an application that isn't a "team player" and or it may want too much access to your phones (hello contact list). Some apps will ask for your e-mail and more. Do you really want your personal details (or your friend's) embedded in databases around the internet? Databases often get breached. So go through your applications and uninstall the ones you don't use and be stingy about providing your e-mail address and other information.

6. Use browser add-ons that can help you stay away from bad web sites. Ublock Origin and HTTPS Everywhere are very common and I use them too. Ublock Origin Link HTTPS Everywhere link

7. Don't use free wireless at the donut shop or elsewhere without a VPN. VPN's have their purpose and this is a good use for one.

8. Use the "Enable DNS over HTTPS" in your Firefox browser settings. Google it to get a link showing you how. I have "Cloudflare" defined in my "USE PROVIDER" field. There is also one for CIRA which is described here: Canadian CIRA link

9. Use 2 factor authentication! This should be on everyone's radar. Passwords alone are no longer adequate enough for logging into your bank or other "important" site. 2 factor authentication forces you to includin a code, along with your password and account name, before you are let in to a web site. The code requires that you have your phone or computer with you so if you are at someone else's house using their computer (hmmmm....) and you don't have your phone, you won't be able to use 2 factor authentication. You can install applications on your phone that will provide this additional code for you as the app and your phone get married together with 2 factor authentication. 2 Factor authentication link

10. Passwords. A simple thing but very difficult to get people to use properly because everyone wants easy. So what do they do? They use the same password for many or all the sites they login to? They reuse the same password. They use passwords that are easily hackable. Don't laugh. If someone gets hold of a password and that same password is also used at the bank you won't be happy.

You are supposed to use different passwords for each site and account you have. And not only that, they have to be cryptic passwords - i.e. they need to include numbers and funny symbols like ^ and # and &. Who is going to remember "Tyb276%%gf!" ?

Well there are different ways of dealing with this. Writing them down is one of them - just make sure thay are out of reach from prying eyes. There are also password managers - which are applications which store your passwords. There are also hardware keys like Yubikey - that also do 2 factor authentication.

This is a big subject though - you really need to get a good grip on this to be stress free.

Password Manager Apps link Yubikey link

Sometimes I make a sentence that makes strange sense to me which helps me remeber the password. For example: "My peewee baseball bat splintered horribly and died on me quite suddenly" From this I get a password like:

MpBbs#h9dom3s:(

I took the first letter from each word in the sentence and strung them together. Some I capitalised. Some letters always get substituted for the same number. For instance, 9 is a substitute for the letter "A". If there had been another word starting with "A" there would have been two 9's in the password above. 3 substitues for "q". The # after splintered makes sense to me because it symbolizes a fracture. The sad face :( was how I felt when I broke the bat. You will get the hang of this after trying it out a few times. It just takes practice. The crazier the sentence the better it works.