Cybersecurity Recommendations For DSA Members

5 Minutes – Use Signal for Private Communication

Signal is an easy tool to ensure your communications are private. Use Signal instead of text messaging and phone calls. It’s free and available on Android, Apple, and Chrome. The Google Chrome extension only works after you have installed either the Android or the iPhone version. By habitually using Signal by default, you will be way ahead of the curve in terms of security. Please note that the Android version will only work if Google Play Services are installed on your device, which are not available on some devices and may pose privacy concerns if installed.

10 Minutes – Secure your mobile phones

Take the following steps to keep your phone safe:

  1. Lock your screen. If you lose your phone or it is stolen, you don’t want other to be able to access your contacts and data! Make sure your phone requires a password to unlock.
  2. Turn on automatic updates to keep apps and system software up-to-date. This will keep your phone secure. Tip: If you have a restrictive data plan, find the setting to update apps using wifi only.

1 Hour – Enable Two-Factor Authentication

Two-factor authentication is a method of verifying identity by providing two separate pieces of evidence. For example, when you try to log on to a website, after asking for your username and password, the website will contact you via text message, email or phone call and give you a code. Once you enter that code into the website, you can log on and continue about your business.

Check out https://www.turnon2fa.com for more info.

2 Hours – Create and Manage Strong Passwords

We recommend that you use a password manager. A password manager is a software application that stores your passwords for you. Once set up, the password manager is much easier and faster to use than having a bunch of passwords written down or memorized. The first advantage of a password manager is that you only have to ever remember one master password again. The second advantage of a password manager is that they create and store very strong passwords for you automatically.

1. Create and memorize a strong master password using the Diceware method: https://www.rempe.us/diceware/#eff (Seconds)

Write this password down and put it someplace safe so you don’t forget!

2. Select a password manager and put in your new master password

Great, easy to use, $3/month: https://1password.com/ (If you can pay for it, we recommend using 1password over the other two options.) 

Not so great, easy to use, free: https://lastpass.com/ 

Great, hard to use, free:https://www.keepassx.org/

3. Enter all your passwords into the password manager

It’s worth it, trust us! If you install the browser extensions for your password manager, whenever you go to a website it recognizes, it will automatically fill out the password field! It’s really cool and makes the internet so much easier to use. You don’t have to enter all your passwords in all at once either, the browser extension will watch you when you visit a website and ask you if you want to save the last password you entered in. Eventually, all your passwords will just end up in there and be safe. Here is a list of websites you probably want to keep safe and should put in your manager: Banking websites, Facebook, Instagram, Twitter, Google, Gmail,

Hotmail, Yahoo, Amazon, Reddit, Utilities

4. Change all passwords

Once most of your passwords are in the password manager, it’s time to change

all of them. One of the easiest ways to be secure is to change your password

to websites you care about often. Your password manager can generate new and

strong passwords for you. Don’t worry if the new passwords look complicated,

that’s the point! As long as you remember the master password, then you will

always have access to the rest of them.

 

Do not send passwords over email.

Email is public communication and you never

know who might be reading your email in the future. Your password manager should

have a feature that allows you to securely forward passwords to other people.

Otherwise, you can use https://onetimesecret.com/ to send secret messages that

can only be opened and read once.

Access the Internet Safely  

  • Use the Chrome browser for everyday internet usage. (5 minutes to install)
  • if your safety and identity is dependent on staying anonymous, use Tor. (5 minutes to install)
  • Use a paid, logless VPN on all devices at all times, especially on public wifi. We recommend purchasing Mullvad (mullvad.net, ~$5.25/month) or Private Internet Access(https://www.privateinternetaccess.com/, $6.95). (30 minutes to purchase and install)
  • Keep browser up to date (also all other programs on your computer but browsers especially!). No, really, let firefox restart every once in a while. 
  • Don’t click on weird looking links online.

Do not use access anything personally-identifiable over insecure Wifi

  • (coffeeshops, bars, public places, airports, airplanes) without a VPN in place.
  • Don’t connect at all to insecure Wifi if you can help it.

Secure your Desktop/Laptop

Let your computer update itself when it asks too. (~5-15 minutes every few days)

Let Flash update (we know, it’s really annoying, but it matters). (~5-15 minutes every few weeks)