Originally I pointed out a few very basic ways one could improve their mobile security habits, but after some more thought on the matter I felt that I didn’t go far enough. So while I am going to expand on my original thoughts My goal is still to keep things as simple as possible. No walk-throughs or endless details just the what and why so you can make informed choices.
So let’s start with connected devices in general because we use them on a daily basis be it a desktop computer or a smartphone. Whether you’re web browsing or using an application some of them require a login to work. Therefore, the number one thing you should be doing is using a password manager. Password managers are more than just a place to create, securely store passwords. They can secure most, if not all your personal, private and even non-private information. There are many to choose from but to get started or maybe just choose a better one here’s a few of my suggestions depending on what your needs are.
If you are currently using nothing at all check out Bitwarden. It works on all the major desktop and mobile platforms and has browser extensions that work with all the popular browsers. It also wirelessly syncs between desktop and mobile devices so you will always have your passwords with you when you need them. It takes a minimalist approach to design using a clean and simple interface. Although, there are no fancy icons it also doesn’t look or feel like it was designed in 1998. Another good thing is if you prefer to have software looked at and vetted then Bitwarden should be at the top of your list because it is open-source software and it is free.
Now should you require an even higher level of security my suggestion here is KeePassXC. Like Bitwarden it too is open-source software but minus all the modern amenities like syncing and a mobile application counterpart. This is for a more advanced security minded individual in my opinion since it lacks wireless syncing. Users will have to manually copy its’ database from one device to another via an SD card or USB drive much like in the early days of the internet and prior to wireless technology. Also, since there’s no mobile application, you will have to use a separate application like Strongbox which can read the KeePass data if you want to have your passwords on your smartphone. Requiring more work than either Bitwarden or 1Password this setup is definitely not for everyone but, it is also the most secure route to protecting your passwords.
As I’ve mentioned before and in my opinion, 1Password is an excellent password manager with all the modern conveniences and more. It’s designed with all the bells and whistles one could imagine such as the usual wireless syncing and browser extensions, but it also includes features like backing up to cloud services (like Apple’s iCloud, Dropbox), compromised password alerts, repeat password usage alerts, two-factor authentication alerts and there’s even a smartwatch component on top of many more features. It’s more geared towards the average consumer with a beautifully designed interface and more categories than most people will actually need. Although, it’s built with proprietary code that doesn’t make it any less secure in its operations than it’s open-source competitors. Having used it for many years I can say I’ve never had any issues with it at all. So I don’t see it as a lesser choice if this is what you like or are currently using. Another password manager on the same level is LastPass. Although my experience with it is very limited it also works equally as well from my experience.
This category of password managers are geared more towards people who don’t have extremely high-level security needs or would rather use a more popular solution. They are good but in many ways are simply overloaded with functions that won’t be taken advantage of by the average user and require subscriptions to get it to work at it’s full potential.
Any of these password managers I mentioned will serve you well. They are all secure, will generate strong random passwords for you, allow you to organize your them so they’re easy to find and offer the use of software-based and hardware-based two-factor authentication. In the end it all boils down to personal preference, your current needs and in some cases skill level. You can pick from one of these or find another you like better. Either way you are better off with a password manager than without. And you can always move up a level as your skills or needs progress.
Another good habit to have is using two-factor authentication (2FA). If you aren’t or don’t really know what it is; it’s simply an added layer of protection that verifies you are who you say you are. So, if you are signing into your Gmail account for example and are required to type in a string of numbers Google sent to you via a text message or email after already entering your password that is a form of 2FA. It’s available in just about every service on the web from logging in to your banking institutions web site to the account you have for your favorite online shoe store. The more secure and better way to do this is to use a separate piece of software or hardware. The software version is usually referred to as an authenticator app regardless of the actual name it goes by, for example Authy, and the hardware version is called a security key such as Yubikey.
Both work the same way. They require you to have the app or key in your possession when logging into any apps or services tied to it. When you tap or plug it into the device your logging in from it will generate a random code you must then enter within a given timeframe to verify your identity. This is one of, if not the most secure way to log into just about anything and keep hackers at bay. Using a hardware-based security key is better because it is a separate device but if you don’t want to purchase one which is quite understandable at least use an authenticator app.
Moving on to another habit we should all have is using a Virtual Private Network (VPN). We live in a mobile world where just about everything we do is being tracked or could possibly being subjected to an attack in some form or fashion. So the last thing you want is to connect to some random and unknown wireless network especially during travel unprotected. Using a VPN will aid in securing your information by encrypting your connection and then routing your traffic through various servers to keep your identity and location anonymous.
Admittedly, though, this is the one and only thing here I just recently started doing and haven’t tried out enough of them to have any favorites to suggest. Currently, I am using ProtonVPN because along with the usual encrypted connection they also pass user data through privacy-friendly countries and so it can’t be coerced into monitoring its users. Do I need that high a level of security… probably not, but the idea of my location and web browsing being monitored just rubs me the wrong way. Another highly reputable service on this level is PIA VPN which also operates in the same way. These two seem to be very well known in the security sector but that doesn’t mean they are your only viable options. My only real suggestion for now is to be your own judge of what you need and do your homework before signing up for any service. You are not bound to any VPN provider either so, if it’s not working out for you or you found one better don’t be afraid to switch when it’s time to renew. These services are suppose to help protect you and if they aren’t it’s time find one that will.
To wrap up this topic but definitely not the least of important things are web browsers. They are your eye to the larger borderless world where almost every site try’s to inject a tracker to follow you around on the internet. So shouldn’t you be using one that puts your privacy first.
Tor for example is just that, open-source, regularly improved upon and supports browser extensions. It’s designed to hide your browsing history and route traffic through various servers (similar to VPNs) before reaching its destination resulting in masking your location from prying trackers. So if privacy is your utmost concern then Tor and the Tor-approved Onion browser for iOS is your best bet.
Another privacy-first browser is Brave. It’s designed to automatically block all third-party and advertising cookies by default. It also encourages web sites not to rely on tracking-based advertising and created a system where you can reward the sites and creators directly.
Then we have FireFox which is also based on Mozilla’s open-source framework. It has many downloadable extensions to help block trackers across the web. This is the the most popular browser of the two but like the others it puts the users and their prirvacy first.
This three browsers are your best choices in protecting your privacy on the web. Each one is open-source and accomplishes the same things just in different ways and with various levels of complexity. Any one of these is a good choice that should only be dictated by your needs.
Everything I listed here I’ve used or am currently using and listed them only as suggestions. Nothing here is an end all be all solution because technology especually when it comes to privacy and security is always changing. You don’t have to follow any of my suggestions but you should at least take this as an example of some of the things you could and should be doing to better secure not only your own online security but also of those closest to you. Safe surfing everyone.
Wyatt's Tech Corner 