• Home
  • /
  • Blog
  • /
  • 👨💻 Personal Cyber Security CHECKLIST 👨💻 – PART TWO

Authentication (User Identity Verification) & Passwords

And here we have the continuation of the checklist. A few of you have gotten back to me with more tips, thanks! I'll add them gradually and then publish them as a comprehensive e-book. If we get through today's topic together, the bad guys will have a little more work to do again.

This is a crucial topic, so I have a big request for you. If you use passwords ALL THE TIME, CHANGE IT TODAY.

  1. Use a long, strong, unique password for each of your accounts - find out how strong your password is *1.
  2. I'm not an advocate of changing passwords frequently if the passwords are unique, long and ideally protected by two-factor authentication. Change passwords as soon as you suspect a password leak.
  3. Use a secure password manager to encrypt, store and fill in login credentials, such as BitWarden or KeePass / KeePassXC. Leave it up to you whether you entrust your passwords to a cloud service or use a solution that you have full control over. One thing I know for sure, you can't do it without a password manager *2.
  4. Don't store passwords in your browser
  5. Sign up for suspected password leak alerts and update passwords for compromised accounts *4.
  6. Enable two-factor authentication, if available, and use an authentication app or hardware token (e.g. Yubikey). You can use a multifactor app from Google Autheticator, Microsoft Autheticator, or choose an Opensource app *5.
  7. When you enable multifactor authentication, you will usually be provided with a few codes that you can use in case your phone is lost, damaged or unavailable. You should ideally store them on paper or safely offline - a disk in a safe, etc. I probably wouldn't recommend you store the codes in a password manager.
  8. If you use a PIN instead of a password, avoid using a 4 digit numeric code. It is popular for users to use the year of birth :-).
  9. Do not log in on other people's devices. If you can't do otherwise and have to, use inprivate mode / incognito window - Ctrl+Shift+N/ Cmd+Shift+N.
  10. Never answer truthfully to online security questions that are required in case of password loss/reset. Ideally, do not use this feature at all. This includes questions such as date of birth, mother's name, etc.
  11. Be careful not to be filmed by a camera when entering your password.

1 - How secure is my password

2 - Password manager

3 - Generating a username in Bitwarden

4 - Monitoring leaked passwords

5 - 2-factor authentication applications
List of web services and information on whether they support 2FA

Aegis - https://getaegis.app/
Authenticator Pro - https://github.com/jamie-mh/AuthenticatorPro
andOTP - https://github.com/andOTP/andOTP

Tofu - https://www.tofuauth.com/
Autheticator - https://mattrubin.me/authenticator/
Raivo - https://github.com/raivo-otp/ios-application


#hackerprotect #cybersecurity #technology #cloud #passwords

Get a non-binding quote for modern & secure IT
Don't you like forms? Call 777 800 167 or email sales@ict-group.cz. We will get back to you within 24 hours.

Why trust your IT to us? 

Your data will be safe

A cost-effective and transparent solution

100 % Representability and accessibility

Free initial ICT audit