UNDERSTANDING BASIC COMPUTER & MOBILE PHONE SECURITY

• SECURING YOUR COMPUTER OR MOBILE DEVICES

Every computer and mobile phone (especially smart phone) user, should take  deliberate steps to keep these devices secure as they usually contain a lot of information that can be valuable for others. It is important to imagine the possible risks of having the data sitting on your devices, falling into the wrong hands. With the rise in cases of leaked texts, intimate images and increased risks of theft, keeping one’s devices secure entails keeping your private information private and intruders out. Securing devices depends not just on good software and a strong PIN[1] or password, but also on responsible human behavior.

Securing your devise

• Use passwords, secure ones…

Very often passwords are the only thing that stands between our very private information and intruders. It is important to set up a password for your computer account at login stage and one’s mobile phone. But what makes a password secure? A good password normally has a combination of numbers, letters and special characters like #@!* for example. You should avoid storing your passwords in your diary, phone or stickers on your computer.

• Perform system updates

It is important to keep your operating system up to date by allowing your computer to install security updates when prompted. Your operating system (OS), is probably the most important software or programme that enables your computer to function. On a PC, you can usually find out your OS by searching for ‘Computer’ and looking under ‘Properties’, or your computer displays this when you switch it on (this might be Windows 7, Windows 8 etc). Developers of the operating systems occasionally provide important updates that either provide patches to identified security holes or simply make your computer run a bit more efficiently. People that regularly install updates often avoid common problems that result in computer crashes.

• Use authentic or genuine software

It is sometimes difficult to tell whether the software or application one has is authentic. The problem of using inauthentic or pirated software is usually one’s inability to then install official updates. Sometimes some pirated software come with viruses. It is important to procure software from legitimate known vendors. If one is incapable of procuring authentic software, there are a number of free and open source softwares (FOSS) that one can use e.g Linux as an operating system. This has advantages in terms of how the user is freely licensed to use it, and the source code is open, making it more transparent and easy to assess for flaws. You would rather use FOSS tools versus pirated software, which may eventually cause your system to crash.

• Install and activate antivirus software

It is critical to have regularly updated anti-virus software on both your PC and smartphone, as this constantly monitors your device in real time, to block or alert you to emerging and potential threats by way of viruses and malicious software (commonly referred to as Malware). Viruses spread almost in a similar fashion as flu and when they enter your system they make some changes and stay hidden. We commonly get viruses through some emails, downloads of files that look legit, or from the websites we visit. Both free and commercial anti-viruses afford your devices some level of protection. However, sometimes it is difficult to decide which anti-virus to use. Websites such as av-test.org, are useful in helping you understand what anti-viruses are available, trending and the level of protection they offer.

Last but not least, never install two anti-viruses on your devices, as they only end up conflicting each other, possibly read each other as viruses and will ultimately just both get disabled. A common misconception is that one antivirus will do one task that the other does not. No anti-virus is perfect, hence the need to settle for the best.

• Ensure physical protection

First rule of thumb is to never leave your devices unattended especially in unfamiliar environments. If you leave your devices even momentarily, ensure that they are strong password-protected to protect against quick access. Loss of devices makes it possible to access data directly on your hard disk using fairly simple methods. There is a chapter in this guide, dedicated to securing one’s personal data that you can look at, that among other things provides detail on encryption methodologies.

 

Hands On: How to enable computer password on Windows:

1. Click on Startand then Control Panel.
2. Click on the User Accounts and Family Safety

Note: If you’re viewing the large icons or small icons view of Control Panel, you won’t see this link. Simply click on the User Accounts icon and proceed to Step 4.

3. Click on the User Accounts
4. In the Make changes to your user accountarea of the User Accounts window, click the Change your password
5. In the first text box, enter your current password.
6. In the next two text boxes, enter the password you would like to start using.

*Entering the password twice helps to make sure that you typed your new password correctly.

7. In the final text box, you’re asked to Type a password hint.

This step is optional and highly recommended. If you try logging in to Windows 7, but enter the wrong password, this hint will display, hopefully jogging your memory.

8. Click on the Change passwordbutton to confirm your changes.
9. You can now close the User Accounts
10. Now that your Windows 7 password has been changed, you must use your new password to log on to Windows 7 from this point forward.

 

Hands On: Familiarise yourself with your PC’s Action Center

 It is important for PC users to know where to check for their system’s vital signs. The place to do that is the Action Centre, which is like a centralised location where one can view the status of one’s computer health. It is often color coded to notify you of security and maintenance items that require your (sometimes urgent) attention.

To access the Action Centre, follow steps below:

Step 1: Using the Search Option in your Windows platform, type “Action Centre”. Click to open Action Centre, and a window that looks similar to the one below will appear.

Step 2: Expand the Security option by clicking the drop down arrow on the right, for you to view the current state of your machine for security items. This will look something like the following:

Among other things, ensure Network Firewall, Virus Protection & Spyware and unwanted software protection are all set to ON. If for any reason these are not ON, implement recommendations that come up on each the specific option.

• Firewall: is your intelligent security guard, that checks all incoming traffic and alerts you of anything suspicious by first blocking it. You have the option to allow or disallow certain traffic to your computer.
• Virus: Software that replicates itself and can potentially cause damage to your data or computer/ device.
• Spyware: Software that collects information about your computer and how you use it and then relays that information to someone else over the Internet. Ordinarily runs in the background and often installs itself on your computer without your knowledge or permission.

Step 3: Expand the Maintenance Tab option by clicking the drop down arrow on the right in order to view the current state of your machine for maintenance items. Beneath is how it should look.

 

Troubleshooting: If you find that you are unable to turn any of the options on or off in the first place, this might mean that you do not have genuine Windows Operating System installed. In such a case, your computer won’t be able to perform system updates, (see chapter on Computer Hygiene for why this is a problem).

It is always important to make sure that Checking for solutions to problem reports is switched ON as this will make sure that whenever your computer encounters problems, Microsoft will be available to give recommendations to solve the specific problem.

Lastly, it is highly recommended to set your machine to Automatic Maintenance as this improves computer performance, ensuring that both software and hardware are working optimally and initiating relevant fixes in the background with minimal user interference.

• SECURING PASSWORDS

Very often the thing standing between our most valuable personal information and a potential adversary is a password, which is usually the first line of defence. With advancements in technology trends and increased usage among people, the more we store a lot of our personal information on computer hard drives and social networks. A lot of the cases we hear about stolen information occurs because the adversary simply guessed the victim’s password, sometimes using social engineering techniques.  A few incidents[1] of stolen passwords that have happened in the past include:

• In 2011, hackers stole 77 million Sony PlayStation Network passwords.
• Apple’s iCloud was vulnerable to password hacks, which led to the infamous celebrity photo hacking in 2014.
• In 2014, approximately five million Gmail passwords were hacked and released online.

There are other more sophisticated ways of obtaining people’s passwords. There are various methods we use to login to devices. Although most seem secure at face value, a closer look at each method reveals some challenges and susceptibility to different types of attacks. Some of the current login methods include:

• Facial recognition technology – while this is good, this method can be by-passed by people with similar facial features to the user. A good example of how this happens can be seen in Facebook’s tag function, which sometimes assumes that ‘Nqobile’ is actually ‘Albert’, his brother.
• Fingerprint technology– another great method of security but should you be a deep sleeper, or leave fingerprint impressions all over the place, then this method can be by-passed as well.

 

PIN Code– numerical, ranging from 4-6 numbers or more. Only secure when you are not using obvious or easy to find info like your birth year, street address, part of your ID number etc.

• Passwords- combination of upper and lower case letters. Should also not be easily guessable and complex.

• Passphrases- a combination of Upper and Lower case letter; numbers and symbols. This method tends to be much more complex in nature.

Types of attacks that can be performed against passwords

1. Brute force: uses software that tries out a combination of letters; numbers and steals lists, e.g.: the Adobe.com incident where a large list of people’s email addresses and passwords were stolen from their server. Brute force works best when one uses common passwords.

According to Time Magazine[1], these are some of the worst passwords for 2015:

1. 123456 2. Password 3. 12345678
2. qwerty 5. 12345 6. 123456789
3. football 8. 1234 9. 1234567
4. baseball 11. Welcome 12. 1234567890
5. abc123 14. 111111 15. 1qaz2wsx
6. dragon 17. Master 18. Monkey

 

2. Dictionary attack: can take two forms:

• Online Dictionary Attack — an automated software programme that includes a text file of words and will attempt to log in to a targeted platform, say email or social media account by repeatedly using a different word from the text file on each try.
• Offline Dictionary Attack—similar to the online dictionary attack. However the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and passwords are stored and uses an automated programme to determine what the password is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the password file.

 

3. Key logger: a computer programme that tracks and records every keystroke entry made by a computer user. Basically as you type, it records the keys you have punched in.

1. Over the shoulder surveillance – this is actually a common way that potential adversaries use to access and compromise your passwords. Be sure your privacy is secured.

 

Each of these attack methods can be slowed down significantly or even defeated through the use of strong passwords.

HOW TO MAKE PASSWORDS STRONGER AND MORE SECURE

Golden rules to follow for creating and managing good passwords:

1. Make it Unique- never use one password on multiple accounts and make sure your passwords are as random as possible with no discernible patterns.
2. Make it Long- make the process longer for the password to be hacked.

• Make it Complex- use a combination of words; letters; numbers; and symbols, vary the language to make a stronger passphrase. This will also make it exponentially more difficult to crack.

1. Make it Impersonal- don’t tie your password to anything that can be guessed by viewing your social media accounts, which tend to contain a lot of personal information. Steer clear from names of close friends and family, phone numbers, birthdays, and national identification numbers.
2. Do not share it – not with your spouse or anybody if you can help it. Sometimes we cannot rely on the ability of our loved ones to keep our passwords secure.
3. Change it frequently – how often you change a password is up to you, but there are some recommendations. Microsoft states that you need approximately 60 days before you change your password, while others recommend anything between 30 to 180 days. However, the validity of your information and the environment you are exposed to should determine how long one should take before changing their password. Changing your password frequently does the following things for you:

• It makes it very hard for a hacker to steal your password.
• It ensures that your password stays unique.
• It limits the amount of time your password is useful to anyone who may have managed to steal it.

 

How to create stronger passwords

*The first three methods help prevent Brute force and Dictionary attacks.

1. Using a memorable sentence then taking the first letter of each word – this can be from your favorite song or childhood rhymes:

Example: “Hey doodle doodle, the Cat and the fiddle, the Cow jumped over the moon!”

Password: HddtC&tftCjotm00n!

2. Combination of completely unrelated words. The trick is to memorise the words in their order:

Example: Kite Muroora Lekae  Gundwani

Password: KiteMurooraLekaeGundwani

3. Alphanumeric and symbols

Example: 2KitesH@kuna_Z0r@Butter!

Hint: If you are going to insist on using one password, at least make it complex using the tricks highlighted above, then create some kind of formula you can remember, to make a slight differentiation across accounts. For example, if you settle for 2KitesH@kuna as your main password, you can add ‘FB’ to make 2KitesH@kunaFB for your Facebook account, add ‘GM’ to make 2KitesH@kunaGM for your Gmail account. However it is important to note that if someone picks up on your formula, then your passwords are at risk.

4. Use a password manager or tool

A password manager such as KEEPASS can help you generate unique, long, random and complex passwords. Using a password manager is akin to the proverbial putting all of one’s eggs in one basket, just that this particular basket is secured with a strong password before accessing the rest. KEEPASS is a free and open source password manager considered fairly secure in the tech sector. It may be downloaded for free here: http://keepass.info where you should choose the appropriate installer.

HOW TO INSTALL KEEPASS ON WINDOWS OPERATING SYSTEM

Step 1. Double click the KeePass installation executable file that you would have downloaded, to begin the installation process. In some cases, the Operating System Warning dialog box may appear. If it does, select YES to start the KeePass installation.

Step 2. Click OK to initiate the Welcome screen

Step 3. Click Next to initiate the License Agreement screen.

Step 4. Make sure you have Check that you accept the agreement option to enable the Next button, and then click Next.

Step 5. Click Next to accept the default installation path.

Step 6. Click Next

Step 7. Make sure you make Check the Associate KeePass with .kdb file extension

Step 8. Click Next, and then click Install to start the Installing screen

Step 9. Check the Launch KeePass option and then click Finish to open KeePass immediately.

HOW TO CREATE A NEW KEEPASS DATABASE

Step 1. Select Start > All Programs > KeePass

Step 2. Select File > New

Step 3. In the Master Password field Type in the master password you have created.

Note: The Master password absolutely has to be unique, long, complex and impersonal (see section How to create stronger passwords above). Also aim to make the progress bar within KEEPASS show the colour green as this will show you that your password is strong. The greener the progress bar, the stronger your password is.

Step 4. Click OK and you will be asked to confirm the password

Step 5. Repeat in the same password, and then click OK.

Do not forget to save the database you created by doing the following:

Step 6. Select File > Save As

Step 7. Type in a name for your new password database file.

Step 3. Click SAVE

HOW TO ADD AN ENTRY TO KEEPASS

Step 1. Select Edit > Add Entry

Step 2. Enter the relevant information for the Title (The name of the global account), the username and the URL (website address where you access the account). There is no need to create the password because KeePass will create it for you. Depending on the account type you can also select its respective grouping in the Group option.

Click OK to save your changes.

HOW TO USE A PASSWORD WITHIN KEEPASS

Using KeePass is really simple and exciting, especially just having the comfort of knowing that you only need to remember your one master password to access your other many complex and secure passwords.

Note: you need to have changed your working account password with your KeePass password for this exercise to work.  

Step 1: Open the KeePass database; Select Start > All Programs > KeePass.

Step 2: Enter the Master Password and Click OK.

Step 3: Minimise the KeePass window and Open the specific URL for your account in your web browser. For example type in www.gmail.com if you want to open your email address using Google Chrome browser.

Step 4: Still in the web browser enter the username and minimise the browser window and switch to or maximise the KeePass window.

Step 5: Locate the specific account in the right hand side of the KeePass console.

Step 6: Right click on the specific account and select on Copy Password.

Note: The password will be copied into the clipboard for only 12 seconds by default thus one has to quickly switch windows before it is erased from the clipboard.

Step 7: In the browser window, Right Click > Paste or CTL+V, this will paste your copied KeePass password.

Step 8: Click Ok.

Congratulations! You have managed to use your KeePass Password to access your account.

You can minimise or exit the KeePass programme at any time. When you open or restore it again, you will always be prompted to enter your Master Password.