You don’t have to be savvy to be safe online. Just sensible. On Password Day, here are 5 things you should avoid doing, ranked by their increasing stupidity. Check number two for password advice!Be sensible online, avoid a few stupid pitfalls, and a safer internet will be within everyone's grasp.
5) The abandoned-phone toilet-dash
Ever felt that bursting urge for the loo on a plane? But you can't go because all the toilets are occupied? So you fiddle with your phone for distraction. And then as soon as a toilet becomes free, you swiftly throw your phone into the netting on the back of the seat in front, or into that charging cradle on long-haul flights, and make a glorious dash for liberty.
But you forget to lock the screen.
Any nefarious fingers nearby could easily scan your phone for personal data, such as who you are, where you live, your contacts, or any private details you've saved in a notes app, photos, or even worse. Unless you've got a two-factor authentication set up, one that requires a fingerprint or facial recognition, they may even be able to access your banking apps. Or credit card in your digital wallet.
Read more: Internet access: How rural Kenya is keeping pace
Mind, biometrics and fingerprint technology bring their own vulnerabilities — it's possible to re-create another person's biometrics and trick a device into unlocking — so don't use these technologies on their own either.
You may as well ask complete strangers in a café to look after your laptop, with it open and all your emails exposed. I've seen it happen.
Don't do it.
4) Using public WiFi without a VPN
The idea of "ubiquitous connectivity" — internet everywhere — is truly seductive. But all connectivity in public spaces should be treated with caution, whether it's your mobile data plan, WiFi, or Bluetooth. Each is a door into your device and data.
So protect yourself.
Use a Virtual Private Network (VPN).
A VPN creates a "tunnel" between you and your connection, and that tunnel should protect your data from being intercepted, stolen or hacked (altered) in any other way.
But beware: Not all VPN services are built equal. Some log your online behavior, while others don't. And some are based in countries that belong to a group of "Fourteen Eyes" of global mass surveillance.
You may want to consider getting one that's based in Panama, Switzerland, or the Seychelles. Those countries may be dodgy for other reasons, but they are less likely to be coerced into handing over your data to spy agencies like the NSA or GCHQ.
Check privacytools.io or That One Privacy Site. They might help you decide.
3) Trusting random people in chat rooms
We're too trusting online — bedazzled, as we are, by the magic of our devices. We think: How bad can it be? There's a whole internet between me and danger, right? Wrong. In places, the internet is a veritable swamp.
Take chat rooms, for instance.
Chat rooms have got to be among the scariest things online.
The things that go on in them — sometimes good, but all too often bad — will leave your jaw dragging on the floor. From female students posting half-nude images and getting "doxed" (basically, tricked and exposed) into revealing their true identities, to people seeking communion and help for emotional troubles and being lured into suicide.
Read more: Kenya and Nigeria get a bad internet freedom rating
Then there are multiplayer games, purportedly for kids — games that encourage violence and sexual trading. Not mentioning any names, the details are out there.
And the point is: you've got to know who you're dealing with online, especially if you need help or counseling. Verify people's identities by cross-referencing their public profiles and locations. And ask someone you trust, offline. If you're in any doubt, drop them. Don't hand over sensitive personal information to strangers — no matter how genuine they seem on a message board or forum. And if you've got kids, it's on you and schools to guide them through the challenges of life online. It's the same as teaching them how to cross the road and that they should never — never — accept sweets from strangers.
PS: You shouldn't really be posting naked photos of you or anyone online. Nothing against freedom of speech, or self-determination, but still…
2) Sharing passwords by searchable text
An ideal world would be one without passwords. Sure, we need something to protect out digital accounts, but passwords are inherently flawed, no matter how munged* they are. Whether it's letters, numbers, symbols, lower or upper case, even biometric facial recognition or fingerprints — my phone regularly fails to read my thumb when it's cold and the skin starts to crack — there are technical and human vulnerabilities.
The worst one of these is the human.
We all forget passwords from time-to-time. So you write them down for safe keeping, and you can see them in front of your eyes in a drawer at home. But the last thing you should do is ask someone to send you one in a text message or email.
If you really can't wait, ask them to tell you over the phone, using an end-to-end encrypted line (try, for instance, Signal or Wickr). Avoid mentioning what the password is for. Failing that, get them to draw it (do not type it) in a non-machine-readable format, and send it via an end-to-end encrypted line. Then delete the image at both ends.
*To munge: Modify Until Not Easily Guessed
1) Posting credit card selfies
At first, this sounded like a scam: The idea that people would voluntarily post photos of their new credit or debit cards (front and back, including that CVC security number)… It seemed even too dumb for humanity.
But it was all too real. Behind the sticky stuff holding a new card I recently received, was a line warning people that if they really couldn't stop themselves showing off, they should at least cover the numbers with a finger. But people live online to bare all, while at the same time getting totally outraged when Facebook, Twitter, Yahoo or their Xbox gets hacked.
Read more: Washington sues Facebook over Cambridge Analytica scandal
A safer internet relies on us all doing our bit. So be safe and sensible.
Protect yourself and your community.
It's like vaccines that provide people with "herd protection". They are only as good as the weakest link — that will be the one colleague who couldn't be bothered to get the jab. And it's the same with our digital health: there's always someone with a manky USB memory stick that they've stuck in every hole they can find.
But posting photos of a new bank card is about as weak as it gets.
The next time you get a new credit card, by all means, jump for joy — you've clearly won a plastic jackpot — but then pop it safely in an analog wallet, keep it to yourself, and only ever pull it out when you need it to pay for something.
You might still get robbed, but at least it won't be your own fault.