32 SECURITY MEASURES TO PROTECT YOURSELF ONLINE 2017
1. Do not use the same password or security question/answer for multiple important accounts.
2. Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter, and one special symbol.
3. Do not use the names of your family members, friends or pets in your passwords.
4. Do not use postal codes, house numbers, phone numbers, birth dates, ID card numbers, social security numbers, and so on in your passwords.
5. Do not use any dictionary word in your passwords.
6. Do not use two or more similar passwords which most of their characters remain the same. (Example: ilovefreshflowersMac, ilovefreshflowersDropBox, etc…) If one of these passwords is stolen, then it means that all of these passwords have essentially been stolen.
7. When creating passwords or authentication systems, do not use something that can be cloned but remains unchangeable (such as your fingerprints or other biometric inputs).
8. Do not let your Web browsers( Firefox, Chrome, Safari, Opera, IE ) store your passwords, since all passwords saved in Web browsers can be easily revealed.
9. Do not log in to important accounts on someone else’s computer or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy. Using a PAID VPN which doesn’t keep traffic or connection logs is the only way to be fairly sure that your internet traffic is not being logged or stored in any way.
10. Do not send sensitive information online via HTTP or FTP connections. Messages and/or traffic transmitted via these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS and SFTP whenever possible. Consider using the “HTTPS Everywhere” browser add-on.
11. When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. Example: you can set up a private VPN (with MS-CHAP v2 or stronger protocols) on your own server (home computer, dedicated server or VPS) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer (or a remote server of your own) with PuTTY and connect your programs( e.g. Firefox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device (e.g. laptop, iPhone, iPad) and your server with a packet sniffer, they’ll won’t be able to steal your data and passwords from the encrypted streaming data.
12. How secure are your passwords? Perhaps you believe that your passwords are very strong and difficult to hack. However, if a hacker has stolen your username and the MD5 hash value of your password from a company’s server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly. To check the strength of your passwords and know whether they’re inside the popular rainbow tables, you can convert your passwords to MD5 hashes on an MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is “0123456789A”, using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash ( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.
13. Change your passwords every 10 weeks.
14. It is recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.
15. Encrypt and backup your passwords to different locations so that in the event that you loose access to your computer or storage account, you will still have an alternative method to retrieve your passwords.
16. Turn on 2-step authentication whenever possible.
17. Do not store your critical passwords in the cloud. Write them down in a journal and avoid storing them electronically.
18. Access important websites (e.g. PayPal) from bookmarks directly, otherwise check its domain name carefully. Additionally, it is a good idea to check the popularity of a website with the Alexa toolbar (to ensure that it is not a phishing site) before entering your password.
19. Protect your computer with a firewall and antivirus software. Block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.
20. Keep the operating systems (e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux) and Web browsers of your devices up-to-date by installing the latest security updates.
21. If there are important files on your computer, and your computer can be physically accessed by others, check for hardware key-loggers (e.g. wireless keyboard sniffer), software key-loggers, and hidden cameras when you feel it’s necessary.
22. If there are Wi-Fi routers in your home, then it’s technically possible to discover the passwords you typed by detecting the gestures of your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases. Additionally, it is even more secure if this virtual keyboard (or “soft keyboard”) changes layouts every time.
23. Lock your computer and mobile phone when you leave them even for a short time.
24. Encrypt your entire hard drive with LUKS or similar tools before putting important files on it. Always physically destroy the hard drive of your old devices before discarding, as previously saved data is easily recovered from “empty” and “deleted” hard drives.
25. Access important websites with your browser in private or incognito mode. Another option is to use one Web browser to access important websites and use another one to access other sites. You can also reserve access to unimportant websites for a browser that you have installed inside a virtual machine created with VMware, VirtualBox or Parallels.
26. Use at least 3 different email addresses. Use the first one to receive emails from important sites and Apps. Use the second one to receive emails from unimportant sites and Apps. Use the third one to receive your password-reset email if the first one is ever hacked.
27. Use at least two different phone numbers. Do NOT tell others the phone number which you use to receive text messages of the verification codes sent by your online accounts.
28. Do not click a link sent to you in an email or SMS message. Do not reset your passwords by clicking them unless you know these messages are NOT fake.
29. Do not tell your passwords to anyone via email.
30. Avoid using installed applications and software whenever possible as such software can be easily embedded with malicious code. Use Web based apps instead as they are more secure and more portable.
31. Be careful when using online paste tools and screen capture tools. Do not let them to upload your passwords to the cloud.
32. If you are a webmaster, do not store user passwords (or security questions and answers, etc) as plain text in your database. You should always store the salted hash values of these strings instead.
Credits for article – https://sites.google.com/oneliquidity.com/cyber