Digital security for physical creature in COVID-19 era
“Digital security it’s about mindset, and (not) just tools”
- Are you an activist, hacktivist or just a mere mortal human being, digital security gives you peacefulness and freedom
- Digital security start with awareness that password is only for you and for you only
- 2 FA [factor authentication] should be activated for ALL of your important digital account
- SMS OTP is the weakest link in our 2FA defense
- Some tools are very useful to use such as Password Manager and Authenticator Apps
COVID-19 and the increasing threat of digital security
COVID-19 is a black swan in our era, a very very rare event that almost all of us cannot predict [except Bill Gates and several other people, sorry Bill for letting you down], and when it already happen, it changes every aspect in our life and create “new normal”, and it changes how we perceived on digital security as well
COVID-19 create two new behaviors in digital world:
Increasing number of work from home [or non office] and from our own device. Before COVID-19, we go to office, using office internet and work from office device which both are under controlled environment. We always believe its someone else’s job to take care digital security in the office. Now, there’re no more someone else, it should be us to ensure our digital security are in control and safe from ransomware, hacking or any possible digital threat out there
COVID-19 push many country leaders to become more authoritarian — both in physical and digital. From spying your digital account, blackmail by exposing private secret and to hack your social media and framing yourself become the anarchist leader. Nothing new low is low in new normal. In the war against pandemic, some country leaders thinks all is fair and all is well for the sake of winning this war. Digital and physical oppression is the easiest shortcut to control people, rather than giving clear and transparent information.
Even with those reasons, some of you must be still asking — Why I need to do this? I’m nobody in this world. Why someone else want to go extra miles to hack my digital account?
The answer of this lies on what material you have in digital worlds, and it can be vary from one to each of you. such as:
- Bank and wallet account. Someone can steal your money
- Sensitive private information and photo that saved in your physical phone memory and digital account backup[google drive]. Someone can used this to blackmail and get advantage on you
- Social media [instagram, twitter and facebook] and social messenger [whatsapp, telegram and LINE]. Someone can used your account to asking money to your friends and family, or even frame you to be anarcho leader
- And any other things that only you, dark web and God knows
So in short, even nobody must have something important in digital world that she needs to protect.
Mindset first, tools second
Mindset are trained, not given. In Jason Bourne movie, Bourne have trained his mind specifically to recognized and remember every detail around him, from what cologne you use, what size of shoes you wear that day into car police number come across his sight.
Digital world, unfortunately, required each of us to become Jason Bourne our-self. nothing can be trust except our-self, not a big tech company, nor your own government. So next question is, what mindset we need to train?
- Password, in any form, device or account, is our responsibility and ours only. Never ever share your password, to spouse, family or even strangers who calling asking for your OTP [one time password]. This things is easier said and done, trust me, it need to be trained
- Never ever use public Wifi, always use your own network. But if you have to and don’t have any option, do it fast and open non-confidential things only. Don’t forget to safe guard it with VPN as well
- Build different password for different account, especially your important account. Why? because if one platform are breached, you can ensure non of your other account can be breached as well. So you will have a lot of password to be maintained and it’s not easy. One of the trick I used is to build some pattern from one account to another, like set 1 for social media, set 2 for social messenger, set 3 for bank, set 4 for email. Every password in the same set are still different, but have pattern that only I know. So lets say I have 3 account social media, at worst, I just need to try 3 times if I forget. Password pattern example: mycarislamborghini3, mycarisferari3, mycaristoyota3. This kind of pattern make it easy to remember, and you can still try to “brute force” a bit if you forget
- Change your password regularly, every 6 months or 1 year will be fine [as long as every password is different]. Don’t forget to marks in your calendar so you wont forget
- Every account are need 2FA [Factor Authentication], and please be noted, 2FA to SMS OTP are the weakest link in your digital security. Someone can [even tho is not that easy, some accident lately are showing it very possible] clone your sim card and get your OTP, never trust your telecommunication provider [and your government] on your digital security. So if the apps you use are offering 2FA to authenticator apps, just use it and takeout phone number from your 2FA list. Google, Instagram and Twitter are support 2FA via authenticator apps
- Never click random website link that you’re not sure what is this about. Never ever. It can lead you to phishing or any other form of malware. Be discipline
Security and user experience are double edge sword. You can’t get both optimized, you need to surrender one to get one. So this digital security approach you make will sacrifice your user experience on easiness how to use your digital account. But trust me, it just a matter of training your mental and mind state, once you get used of it, things will be easier.
Tools to make our life easier
Now let’s talk about tools, so far I only use 3 tools to make my life easier in this messy digital security life. Password manager, Authenticator Apps and VPN. Another important factor of using digital tools is, use the paid version. It gives you more control, more access [multiple device and platform] and more space. It only cost you a little compare on what you can get.
Now you use different password on different account, even you build some pattern on it, t’s still messy and sometimes you can forget your password. that’s why you need password manager apps. But remember, no password manager for password in password manager. So you need to ensure you DONT FORGET your password in password manager. if you’re scare on forgetting it, you can write it on paper and saved it in physical form that only you knows where you hide it.
Authenticator apps basically an apps to build dynamic password, a password that will be change in certain period of time. And most of the time, it only use as 2FA, not as main password. So lets say you [or someone who hacked your account] open Instagram in different device, the first time open in different device, the apps will require you to put password from authenticator apps and not from SMS. So even the hijacker clone your sim card, they cannot get anything.
VPN [Virtual Private Network]
I think most of you know how VPN works… It gives you anonymity by hiding your true location and protect yourself from untrustworthy and snooping Wifi
Life is about a choice, we all get used of the easiness of digital in our life for long time, but now black swan already change everything.
The question is, can we adapt to new normal?
Please be noted, even after you do all these things, there’s no guarantee that you’re 100% safe. Digital threat are like virus, the speed of mutation are so fast. And we never know everything…