I remember writing about this a few times already, but after last week, I thought that it is best to stress its importance once again. Last week, I taught my Introduction to Computer Science class about cybersecurity and cryptography. My freshmen students got a sneak peek into the topics they'll learn in future computer science courses. I wanted to share some quick and easy tips and tricks with them to help them start protecting their online data right away.
Passwords.
I noticed that more than half of my class reuses their passwords. Some of them are super short, like less than 10 characters long. And guess what? Less than 5 of them use a password manager. Oh, and one of them had their account compromised because they reused their password more than twice. That's a big no-no!
Here's the thing: NEVER REUSE YOUR PASSWORD! Students tend to memorize a few different passwords and then reuse them. But that's not a good idea. You'll end up with a bunch of accounts that are all the same, and that's a recipe for disaster.
The key to a good password is its length. The longer it is, the better. And don't be afraid to use random characters. Some browser-based password managers suggest this, and it's a great way to add some extra security to your passwords.
I mentioned the EFF.org's diceware system to the students, and explained how it works. Basically, you roll four 6-sided dice and use the numbers to map them to a dictionary. Then, you pick a word from the dictionary and use it as your password. The more random words you use, the better. Throw in a couple of numbers and non-alphabetic characters to make it even more difficult to crack.
On a personal note, I even wrote a simple shortcut for my iPhone, iPad, and Mac so it's easy to generate passwords. And guess what? Having multiple words for your passwords makes it easier to type them out than having a bunch of random characters.
Now, here's a trick that can help you keep your online accounts unique, yes unique email paired with unique password FTW! Instead of using your real email address, you can create an email alias. This means you can use a different email address for each of your accounts, and pair them with a unique password. Most browsers, like Safari, Firefox, and DuckDuckGo, offer this free email alias service. I personally use ProtonMail's SimpleLogin.io, but there are plenty of other options out there.
One more thing that's important is to use a dedicated password manager. Yes, no more memorizing those unique email aliases and unique passwords. While browser-based password managers can be helpful, they're not as flexible as a separate password manager. This is because they only store passwords for sites accessed via the browser. Accounts you create on different third-party applications might not be automatically stored in browser-based password managers, so better to have a dedicated password manager application. I recommend using Bitwarden, but there are also other good options like ProtonPass and the built-in password manager on your Apple device.
Now, let's talk about multi-factor authentication. This is a great way to add an extra layer of security to your accounts. It means that you'll need more than just a password to log in, and it can include things like a code sent to your phone or a security token. I don't recommend using SMS-based MFAs, because they can be easily intercepted by hackers. Instead, I suggest using an app-based authenticator, or better yet a hardware-based MFA, like a Yubikey.
Finally, let's talk about encryption. Encryption is like a secret code that only you and your account can understand. It's a great way to keep your information safe from prying eyes. I explained the concept of end-to-end encryption (E2EE) in the context of messaging and communications. A few students use Telegram, WhatsApp, Facebook Messenger, and Viber. I recommended Signal messaging application as the gold standard, and iMessage as the next best thing. The importance of learning the business model of the provider was also stressed, especially the collection and use of metadata for profit, like what Telegram, WhatsApp, Facebook Messenger, and Viber are doing.
So, there you have it! These are just a few quick tips and tricks to help you protect your student's online account. Remember, the more you know about cybersecurity, the better equipped you'll be to stay safe online.
In closing, I shared haveibeenpwned.com (HIBP) so the students can find out if their email accounts are on the HIBP database. They were surprised when one or more of their email addresses were compromised. One even checked their parents' email! Better be safe than sorry, right?