Cybersecurity for your personal computer: Difference between revisions

Strong passwords are essential to keep your computer and your accounts secure.  Refer to [https://docs.alliancecan.ca/wiki/Cybersecurity_Basics#Password_Hygiene_Habits Password Hygiene Habits] for more tips.

Avoid using public Wi-Fi as much as possible. If you need to, consider installing a trustworthy VPN solution and enable it when you connect to a public Wi-Fi spot.<br>

== Note == <!--T:13-->

The advice above is mainly for individuals wanting to refresh their cybersecurity awareness and improve cyber defense on their personal computers.<br>

Computers at the workplace are typically managed and protected by the organization’s IT services team where different sets of security measures may be applied.  You should follow your organization’s policy to protect computers at the workplace.<br> [[Cybersecurity: Personal computer health check|Check out our short quiz for a health check on your computer!]]

Despite many solutions that protect information and systems, stolen usernames and passwords (credentials) are still the most common way attackers gain unauthorized access.  This is frequently the result of weak, guessable passwords and re-used credentials that have been exposed.

What do you think is the best way to keep your passwords secure?

A. Change them frequently

B. Use special characters and a mix of lowercase and uppercase letters

C. Create each password long and unique

Long passwords can be quite secure, especially when they are unique. Adding complexity to a password can help, but length proves to be more important than the actual characters used. The best answer to this question is to create long passwords AND use a different one for each service. Why? Because breaches do happen and some service will eventually mishandle your credentials, which will then get exposed. Just have a look at https://haveibeenpwned.com/ to see that this has already happened to many. If your password isn't unique and is exposed, it can be used to access any system where your credentials are valid. This process called password stuffing is usually automated and can happen as quickly as 12 hours after the initial exposure.

** Regardless if you choose one that is standalone or integrated into your web browser, open source or commercial product/service, a password manager is essential when it comes to all the other steps below.  

* Use a different password for everything: every service, every system;  

** Again, easy with a password manager when you allow it to generate the passwords for you. Using passwords with 20 to 32 characters is not a problem since you don’t need to remember them anyway.  

* Never share it with anyone... really... no one... ever;  

** Your credentials belong to you, they identify you. Sharing them not only compromises your identity but is also usually a violation of the policies of the service or system they are used to access.  

* Change them only if there is a reason.   

** If you believe the password may have been compromised, may be reused, or is weak, you should change it. There is no good reason to change passwords based on a time schedule, which may still be required by some organizations.

If this is not what you’ve been doing, '''don’t panic!''' You can start making changes today. If you have hundreds of passwords, start with a few of them, do a couple every day at lunch. Every time you make even one set of credentials more secure you’re doing yourself a big favour.