esoteriic.com

If you haven't already read the recent article from Guardian regarding online passwords I would suggest you do it. While the focus is upon passwords it does, of course, touch upon the subject of online security in general. Naturally, this is an interesting topic and also a necessary topic of discussion for everyone. As the article states, a secure password is only part of the solution to having a secure online web experience. You may have a very tough password but it doesn't help if you can't remember it, or if you freely hand it out. The last part may sound pretty stupid, as you would only tell you're most trusted companion (or whatever). However, it isn't so clear that a very long password is necessarily all that secure if you're general approach to online security is lax.

So apart from having a long/secure password there are a few other things you can do. One is to adopt an encrypted password wallet such as suggested in the article but that still isn't enough (see Bruce Schneier's Passsafe). If someone can get a trojan on to your computer then it might be able access your ''strong'' passwords that way, and essentially making your long passwords moot. The following is a suggested list of things to check.

Passwords

The day after I originally posted this article a new article about password strength came out on lifehacker, I'd suggested taking a look. It has many good tips for creating a strong and memorable password: Weighing security against convenience.

Operating System

Unfortunately, the most popular operating systems are the ones which are targeted most. Add to that, many will argue that Windows is easier to hack due to the way it has been designed. Linux on the other hand is less popular and intrinsically it is supposed to be harder to hack. Linux can also be a bit of a pain in the ass to use but it is more secure. Macs are probably somewhere in between the two. If you wanted to be even more secure than you could use an operating system that almost no one else does, like BSD. Unfortunately, it generally means that there is less software (programs) available for it. Installing things like Linux or BSD tend to be a little bit trickier too but once you know how to do it then it isn't so hard. The most secure might be OpenBSD (they boast that they've only had two security flaws since starting).

Firewall

All Windows computers should be running a firewall and a virus checker. There are free versions of both, and often they are bundled together in one program. They aren't so expensive and buying a commercial one is generally worth the money. Firewalls are designed to prevent people (or websites) accessing your computer without your consent, they also block programs on your computer from accessing the web without your consent. Both ways can lead to potential breaches in security.

A virus checker looks for malicious software and deletes it. Running this daily is probably a pain for most, but it would be best to do it at least weekly. Depends on your style of browsing: if you view a lot of risky sites then you should probably virus scan more often (especially if you use Windows).

Public web browsing

This is more of a general warning as there isn't a great deal you can do here*, I wouldn't be inclined to use a web-cafe for checking my bank online or for purchasing goods online. You might have done it and had no problems hitherto but its asking for trouble. The computer is likely to be running Windows, it might have a firewall but it might not (someone could have disabled it). There might be a lack of a virus scanner too so there it is hard to tell if there is malicious software on the computer. If there is malicious software then it could be something like a key-logger which can record your passwords or bank details. If a key-logger gets your email password then that might be enough to get a whole bunch of other passwords that you have stored 'safely' in your email.

*there is the potentiality of using a Live CD or a Live USB stick to run a more secure operating on a public computer but that's probably a bit advanced for here.

Browser

The browser is probably less of a concern than operating system or a lack of a firewall / virus scanner. I'm not entirely sure of the gritty details but I'd imagine Firefox to be as secure as Chrome, I don't know exactly but it is probably the least of your worries if you have all the other bases covered. The incognito function on your browser merely hides your browsing history and doesn't improve security.

That said there is an interesting new browser called Tor which almost guarantees anonymity. It is certainly more secure than the other web browsers, by design, but it isn't going to last if you have completely ignored all of the above. It may help you to last longer in a hostile world but it isn't going to protect you 100%. The Tor web browser uses some nifty techniques to hide your web traffic and essentially makes it very hard (near impossible?) for anyone to figure what you are doing online. As a consequence, it is a bit slower than a conventional browser as it provides a higher level of security.