When you start practicing this stuff you are going to realize how easy it was to protect your privacy all along and have peace of mind that doing a few things makes all the difference.
Five Privacy Habits that Matter Most
HABIT # 1: Have unique and strong passwords for each email, financial, and social account
You probably already know that password security is of the most importance. They are your first line of defense for protecting your information. One could say that your Internet Privacy is only as good as your passwords, and you would be mostly right. The problem is that many people choose easy-to-guess passwords. Most people choose a passwords that are either extraordinarily easy to type or something easy to remember that is personal in nature to themselves. For instance the most popular password used by people is “123456”. Its also popular to use keyboard walks such as “qwerty” or “qazwsx”. If you are using a password similar to this in nature or one that has your loved ones name, child’s name, or family pet’s name you are asking someone to steal your information. I could go into extraordinary detail on how people crack your passwords with time and energy, but I wont, instead I am going to jump to the point and tell what you should be doing.
Select passwords that are 15 characters contain 3 uppercase letter, 3 lowercase letters, 3 numbers, and 3 special characters. The password should be unrelated to you personally and if you can avoid it don’t use any actual words in your password. Instead memorize a phrase, and use the first letter from each word in the phrase to make your password from using the rules stated above. In addition have a unique same password for each bank account, email, and social account. Finally, never share your password with anyone, keep your passwords private. There’s so much information about password security we wrote a guide on that all by itself if you would like to learn more.
HABIT # 2: Pay attention to what your Internet Browser is saying to you
Pay attention to the warnings and indications on the sites you are visiting in your web browser. Most web browsers will indicate the security level of the website you are visiting with padlock icon somewhere either on the address bar or somewhere else on the browser window. This padlock indicates whether the latest version of https is being used by the website. What this means is that the security of the website you are visiting is up-to-date and that the encryption certificate is registered. It further means that website you are visiting is actually the webpage you intended. Although it does not protect you from certain types of man-in-the-middle attacks, it does means that your information is encrypted between your computer and the website, and its safer to enter your username and password if the padlock is locked when not on WIFI.
If the padlock is not locked for some reason on a website then you should never enter a username and password or personal information on that site. If you get the warning message that says that the site’s certificate is not valid and it asks you to continue, its not safe to enter your personal information and you should only continue if you aren’t going to enter any information about yourself. If you are visiting your bank account and you get this error, chances are someone is eavesdropping your connection and are trying to steal your information. Never press continue for an invalid certificate on a bank account, email account, or your social media. These sites are almost always up-to-date on their security and the chances are very high that your connection has been hijacked if you get the warning.
There’s one exception on why you may be getting the invalid certificate warning that most people don’t know about. If you are accessing your personal accounts from a work location, its highly probable that the company you work for has a proxy that is un-packaging all your encrypted traffic checking it with their firewall, and possibly monitoring and logging what you are doing. Chances are you have signed some kind of policy stating that you understand that your company is monitoring your activity and that you content to their monitoring. In this case you should really think twice about accessing any of your personal accounts from work. There really is no limit to what your company may be capturing about your browsing, your personal information, usernames & passwords, and banking information could all be sitting in a company data bank. Do you trust the people in the IT department to handle your information?
Then again at work you may not get any security warnings at all if the company has configured their proxy to not warn you that they are un-packaging your encrypted traffic. The company may have pre-installed a proxy certificate on your work computer that enables your computer to explicitly trust the proxy. I know you are probably asking why do I need to know so much detail, but hold on we are getting to the point and it will be clear. The reason for diving into the details about this is to help you understand that its possible for a hacker to try an trick you to install a proxy certificate on your system when connecting to their free WIFI as a condition of using their free service. If you do this you will be powerless to know if your connection is being hijacked, never volunteer to install a proxy certificate or to downgrade your security for making a connection.
HABIT # 3: Update your software immediately when updates become available
Seemingly every day there is a new software bug or security vulnerability discovered. These vary in severity, but all stem from an unintended flaw of using the software. When these vulnerabilities are discovered the chances are its too late to implement a fix before a hacker takes advantage of the flaw. Often times the vulnerabilities are discovered because someone has already started to exploit the flaw.
You want to update your software immediately when patches are made available, so you can avoid becoming a victim of an exploit that is known to exist. These updates happen on a regular basis and if you are annoyed by them its understandable, they annoy most people. However, what is more annoying? Doing the updates or having your identity stolen and finances in ruin? A method for making this less of a chore is to get in the habit of closing all your windows at the end of the day and have your computer set up to automatically install the updates. If the updates require you to manually run them and restart your computer, you can either do this at the end of your day or the next time you log into your computer, since you have already closed all of your windows.
HABIT # 4: Use private windows when logging into email, financial, and social accounts
A little known secret is to make use private browser windows often. Private windows are not 100% private, but they are a tool you can use beef up your privacy. When you use private windows in a browser there are a few extra added protections.
First, private windows won’t keep your history, and any pages you visit wont be stored in your computer’s memory. This feature protects you from someone coming behind you and viewing your history. If someone were to get physical access to your machine and view your personal account they wont be able to learn what accounts you have.
Second, private windows wont store your passwords, however, if you have saved your password in your regular browser window previously those passwords should be available to you in a private window. We recommend that you don’t store your email, financial, or social accounts in the browser memory for your security. If you have done this already, and want to reverse it, you can go into your browser settings and remove these passwords individually, or wipe all of them in entirety. Not storing your passwords is an especially useful if you share your computer log on with someone, or if you must log into a public or friends computer. Your passwords wont be stored and no one will know the accounts you have visited.
Third, private windows prevent cross-tab sharing of information. When you log into your email or social account, they are running scripts to learn what other tabs are open on your computer and log this information about your and your browsing habits. If this is shocking learning this for the first time, here is a test, so that you can learn its behavior yourself. Log out of your social account, visit a page with the social media like or share buttons, and press one. You will be prompted to login to that social account. Log into the social account then open a new browser tab, and visit another page, and press the social like or share button. You did not have to log in this time did you? Repeat this experiment with private windows and you will be asked to log in to the social account each time. When you use regular browsing windows the tabs in the browser window share information.
You are probably realizing the power of private browsing now, and understand how it improves your security. Keep in mind that private does not mean encrypted, someone on the same WIFI network can still see your information. We recommend two things. First, don’t store your usernames and passwords to bank accounts, emails, and social accounts. Second, when you do log into these types of accounts make use of private tabs to keep your accounts more secret, and to definitely prevent cross-tab sharing.
HABIT # 5: Avoid using public or work computers for logging into personal accounts
Avoid using a computer that is not yours for logging into a personal website account. You should not use work computers, a friends computer, or a public computer for logging into a financial, email, or social account. If you do you are vulnerable to several privacy dangers.
As discussed habit # 2, if you log into your personal accounts from a work computer, its very likely that your place of work could be logging and monitoring your activity, and you might not be fully aware of the extent of their logging. There’s really not limit on the amount to which they could be logging your browsing habits. Who knows what they store in their data bank about you to protect themselves. The best practice is not to do it, and do these things on your personal time on your personal devices. If you really must have access to your accounts while at work, consider bringing your own laptop or tablet and tether the device to your own smartphone Internet connection.
What’s worse than logging into your work computer is logging into a public or friends computer. You really have no idea if their computer is up-to-date or if they have a computer virus. This could lead to a compromise of your information. If their computer is infected, your usernames and passwords could be logged and sent to a remote server somewhere, and it might even use your email account to spam others.
Additionally, you don’t know whether someone has installed a key logger on their own computer or if someone installed one on a public computer. Key Logger programs are freely available download for your personal use. They are one of the easiest ways to steal someones personal credentials. What Key Loggers do is log all the usernames and passwords of all the websites that are logged into. This bypasses all the security measures we mentioned above, as the information they are gathering is coming directly from the keyboard before it is transmitted to the browser. There is virtually no way to prevent or know whether one is installed on your friends computer or a public one without being trained to specifically look for one running in the background.
When you start practicing this stuff you are going to realize how easy it was to protect your privacy all along and have peace of mind that doing a few things makes all the difference. We hope that by adopting these five habits it makes your Internet and computing more private.