Beruflich Dokumente
Kultur Dokumente
https://ssd.e.org/en/playlist/want-security-start...
(/en)
1. An Introduction to
Threat Modeling
(/en/playlist
/want-securitystarterpack#introductionthreat-modeling)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
10.11.2014 21:56
https://ssd.e.org/en/playlist/want-security-start...
free password safe that you keep on your desktop. It's important to note that is
you're using KeePassX, it will not automatically save changes and additions.
This means that if it crashes after you've added some passwords, you can lose
them forever. You can change this in the settings.
Using a password manager also helps you choose strong passwords that are
hard for an attacker to guess. This is important too; too often computer users
choose short, simple passwords that an attacker can easily guess, including
"password1," "12345," a birthdate, or a friend's, spouse's, or pet's name. A
password manager can help you create and use a random password without
1. AnaIntroduction
pattern or structureone that won't be guessable. For example,
passwordto
Threat Modeling
manager is able to choose passwords like "vAeJZ!Q3p$Kdkz/CRHzj0v7,
(/en/playlist which
a human being would be unlikely to rememberor guess. Don't/want-securityworry; the
starterpack#introductionpassword manager can remember these for you!
threat-modeling)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
3. Creating Strong
You may use your passwords on more than one device, such asPasswords
your computer
(/en/playlist
and your smart phone. Many password managers have a password/want-securitystartersynchronizing feature built in. When you sync your password file,
it will be up
pack#creatingstrong-passwords)
to date on all of your devices, so that if youve added a new account
on your
What Ispassword
computer, you will still be able to log into it from your phone.4.Other
Encryption?
managers will offer to store your passwords in the cloud, which
is to say, they
(/en/playlist
/want-securitywill store your passwords encrypted on a remote server, and when you need
starterpack#whatthem on a laptop or mobile, they will retrieve and decrypt (/en/glossary
encryption)
/decrypt) them for you automatically. Password managers like this are more
5. Keeping Your Data
convenient, but the trade-off is that they are slightly more vulnerable
to attack
Safe (/en/playlist
/want-security(/en/glossary/attack). If you just keep your passwords on your computer,
starterpack#keepingthen someone who can take over your computer may be able to
get hold of
your-data-safe)
them. If you keep them in the cloud, your attacker may target that also. It's not
6. Protecting Yourself
usually a compromise you need to worry about unless your attacker
has legal
on Social
Networks
powers over the password manager company or is known for targeting
(/en/playlist
companies or internet traffic.
/want-securitystarterpack#protectingyourself-socialnetworks)
7. Choosing Your
Tools (/en/playlist
/want-securityThere are a few passwords that do need to be memorized and starterthat need to be
pack#choosingyour-tools)
particularly strong: those that ultimately lock your own data with
cryptography
2 din 6
10.11.2014 21:56
https://ssd.e.org/en/playlist/want-security-start...
1. An Introduction to
Threat Modeling
Reinhold's method involves rolling physical dice to randomly choose
several
(/en/playlist
/want-securitywords from a word list; together, these words will form your passphrase. For
starterdisk encryption (and password safe), we recommend selecting pack#introductiona minimum of
threat-modeling)
six words.
2. Communicating
with Others
Diceware method.
(/en/playlist
/want-securitystarterpack#communicatingothers)
3 din 6
10.11.2014 21:56
https://ssd.e.org/en/playlist/want-security-start...
/want-securitystartersend
you a
pack#introductionthreat-modeling)
For that reason, you
pack#communicatingothers)
3. Creating Strong
Passwords
(/en/playlist
/want-securitystarterpack#creatingstrong-passwords)
Many services and software tools let you use two-factor authentication
4. What Is
(/en/glossary/two-factor-authentication), also called two-stepEncryption?
authentication
(/en/playlist
or two-step login. Here the idea is that in order to log in, you need
to be in
/want-securitystarterpossession of a certain physical object: usually a mobile phone,pack#whatbut, in some
encryption)
versions, a special device called a security token. Using two-factor
Your Data
5. Keeping
authentication ensures that even if your password for the service
is hacked
or
Safe (/en/playlist
stolen, the thief won't be able to log in unless they also have possession
or
/want-securitystartercontrol of a second device and the special codes that only it can
create.
pack#keepingyour-data-safe)
Typically, this means that a thief or hacker would have to control both your
6. Protecting Yourself
laptop and your phone before they have full access to your accounts.
on Social
Networks
(/en/playlist
Because this can only be set up with the cooperation of the service
operator,
/want-securitythere is no way to do this by yourself if you're using a service that
doesn't offer
starterpack#protectingit.
yourself-socialnetworks)
Two-factor authentication using a mobile phone can be done in two ways: the
7. Choosing Your
service can send you an SMS text message to your phone whenever
you try to
Tools (/en/playlist
/want-securitylog in (providing an extra security code that you need to type in),
or your phone
startercan run an authenticator application that generates security codes
from inside
pack#choosingyour-tools)
the phone itself. This will help protect your account in situations where an
attacker has your password but does not have physical access to your mobile
4 din 6
10.11.2014 21:56
https://ssd.e.org/en/playlist/want-security-start...
phone.
Some services, such as Google, also allow you to generate a list of one-time
passwords, also called single-use passwords. These are meant to be printed or
written down on paper and carried with you (although in some cases it might
be possible to memorize a small number of them). Each of these passwords
works only once, so if one is stolen by spyware when you enter it, the thief
won't be able to use it for anything in the future.
If you or your organization runs your own communications infrastructure, such
as your own e-mail servers, there's freely available software that can be used
1. An Introduction to
to enable two-factor authentication for accessing your systems.
AskModeling
your
Threat
(/en/playlist
systems administrators to look for software offering an implementations
of the
/want-securityopen standard Time-Based One-Time Passwords or RFC 6238.starterpack#introductionthreat-modeling)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingattackers others)
can obtain your
In some jurisdictions, such as the United States or Belgium, you may be able to
6. Protecting Yourself
legally challenge (https://www.eff.org/press/releases/appeals-court-upholdson Social
Networks
constitutional-right-against-forced-decryption) a demand for your
password.
(/en/playlist
In other jurisdictions (https://en.wikipedia.org/wiki/Key_disclosure_law),
such
/want-securitystarteras the United Kingdom or India, local laws allow the government to demand
pack#protectingyourself-socialdisclosure. EFF has detailed information for anyone travelling across
U.S.
networks)
borders who wishes to protect their data on their digital devices in our
7. Choosing Your
Defending Privacy at the U.S. Border guide (https://www.eff.org
Tools (/en/playlist
/want-security/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices).
starterpack#choosingobstruction
of an
your-tools)
5 din 6
10.11.2014 21:56
https://ssd.e.org/en/playlist/want-security-start...
consequences. In some cases, this can be easier for the government to prove
and allow for more substantial punishments than the alleged crime originally
being investigated.
1. An Introduction to
Threat Modeling
(/en/playlist
A PROJECT OF THE ELECTRONIC FRONTIER FOUNDATION (HTTPS://WWW.EFF.ORG/)
ABOUT
(/EN/ABOUT/want-securitystarterSURVEILLANCE-SELF-DEFENSE)
CREDITS (/EN/CREDITS)
PRIVACY (HTTPS://WWW.EFF.ORG/POLICY)
pack#introductionthreat-modeling)
(https://www.eff.org/copyright)
2. Communicating
with Others
(/en/playlist
/want-securitystarterpack#communicatingothers)
3. Creating Strong
Passwords
(/en/playlist
/want-securitystarterpack#creatingstrong-passwords)
4. What Is
Encryption?
(/en/playlist
/want-securitystarterpack#whatencryption)
5. Keeping Your Data
Safe (/en/playlist
/want-securitystarterpack#keepingyour-data-safe)
6. Protecting Yourself
on Social
Networks
(/en/playlist
/want-securitystarterpack#protectingyourself-socialnetworks)
7. Choosing Your
Tools (/en/playlist
/want-securitystarterpack#choosingyour-tools)
6 din 6
10.11.2014 21:56