Enable multiple ways to authenticate who you are: phone, faceprint, and a long passphrase. Use these to log into a pass manager like 1Password or the like. Use a privacy-oriented browser like Brave. Utilize a VPN when on public WiFi.
Edward Snowden said that encryption was one of the easiest ways to protect your data. It deters thieves from stealing your data but you need to do it correctly.
First, what does encryption do? It’s basically using a password to protect your data, except this password scrambles how your data looks like so that people can’t figure out what it is if they somehow bypass your password. Think about what would happen if someone took the drive out of your computer. Sure, you may have a password on it, but it’s not much use if they access the drive directly. Or if you’re signing-in online to a website; it’s not much good if you have a password if everyone can hear what it is! The encryption makes it all garbled up so that people don’t know what it is even if they can see or hear it.
An additional benefit is that you can also erase data very quickly! ‘Deleting’ files isn’t really removing them from existence, but rather telling the computer that that space is now rewritable. If that data is scrambled, it doesn’t matter if it’s writable or not; even if you can read it, it’s seemingly random. Now what happens when you throw away the key (the password)? Well essentially, that data stays scrambled unless you know the key or in other words, essentially writable space to unknowing eyes. This saves a lot of time from having to wipe your storage clean by writing random 0’s and 1’s; it’s done beforehand, but in a not-so-random way.
Even when something is encrypted, it’s really only as good as it’s password… or should I say passphrase! It killed me to use the word password before, but unfortunately, it’s so well-known that that’s what people know it as… just a word. This is a horrible practice as nearly every large organization has told you. They want you to include all sorts of uppercase letters, lowercase letters, numbers, symbols, etc. AND change it every 3 months. Well, that’s the right thinking, but not the right solution.
The idea is to make the passphrase more complicated, with more combinations so others can’t figure it out. The problem is people can’t remember it either! What’s better is a long passphrase, hence the word ‘phrase.’ The number of combinations is much greater by adding another letter, than it is adding other characters. This is mainly because you can now try remembering phrases instead of a short combination of letters, numbers, and symbols.
Basically, longer is better because it’s harder for computers to figure out what it is. Adding different cases, numbers, and symbols is even better, but it can make things hard to remember unless you use Snowden’s example of ‘MargaretThatcheris110%SEXY!’
How you create these passphrases is an even deeper issue. People are notoriously bad at this; they create easily guessed things. One way to make this easier is to use Diceware. This kind of software utilizing very good randomization, the kind that’s just random weather data to generate words from a dictionary. Why the weather? Because people are also really bad at forecasting that too! So if someone solves that problem, it’ll actually be better for the world. But wouldn’t a dictionary make it so you can look up words? Yes, but the key is running the diceware a few times so that you generate a few words for a longer passphrase. The idea is that the number of words in this dictionary is much higher than the number of letters or numbers there are so the mathematical combinations are higher! After you generate these words into a passphrase, you’ll need to string them together into a story you can remember, like the example above.
So lets say you’ve got a great passphrase; what if computers get a whole lot faster in the next few years and they can run so many combinations that they can figure that out too? That’s where multi-factor authentication (‘MFA’) comes in. You may have seen this when websites ask you for a phone number so that they can send you a text when you login from a new device or location. That’s one of the keys to MFA, something you own.
The idea of MFA is that you have to verify that you are who you are using multiple techniques: something you know, something you have, and something that is inherently you. The first is usually a passphrase, the second is usually a phone that gets a text message with a unique code, and the last is often a fingerprint. When you combine all these things together, it’s very difficult for anyone to login as you without your permission.
Think about it. Even if someone has your passphrase, they most likely won’t get your phone, the fingerprint to get into the phone, and thus the text message with a code to let you enter the site. If you’re using all these things together, the only way they can get to it is if you’re there and give it all up! This makes essentially every login unique. It’ll be easier than generating different passphrases for each website since each one will ask you for authentication.
The good news, is you’re not the only one responsible for your data security. Many websites and phones don’t let computers try a billion combinations a second; they know those are the bad guys since no human can do that. Bad guys can threaten your life or love ones though…
You can make it so you always need more than one person’s authentication to login, but their lives may be endangered as well. The moral of the story is, do the best you can, but maybe not dealing with bad guys and having nothing to hide is even better. Thankfully, the most valuable things in life are relationships which are hard to steal!