The Internet’s 30+ Years Old. Now We Know What Can Go Wrong

Consumer use of the Internet began rapidly expanding in 1995. Now we’ve had 30 years to watch what happens when typical consumers use the Internet to connect with each other, purchase products, and conduct the everyday business of life.

The Internet offered tremendous convenience: renewing your drivers license from home, paying bills without envelopes and stamps, strengthening social ties with just a few clicks. The benefits are many and obvious to those of us who experienced life before the Internet.

But so much can also go wrong. We’re living through an explosion of online crimes against the public. Hackers are going after every age group, in every area of our online lives.

What can we do about it?

What is the best solution for most people?

Today we’ll explore guidance for cybersecurity best practices that anyone – regardless of experience – can implement to make their online life safer and more secure.

This guidance comes from the Electronic Frontier Foundation (EFF), long considered the standard-bearer of all things cybersecurity.

Unlocking Devices

Consumers should use a 4-6 word DiceWare passphrase to unlock their phones, tablets, and desktop computers. This strong passphrase should be memorized or written down and securely stored.

DiceWare is considered a rock-solid technology, which the EFF has upgraded and improved, using research from Ghent University. The country of Australia now tells all of its citizens to visit the EFF DiceWare page and use these passphrases online.

Logging In To Online Accounts

The era of memorizing passwords in bulk to log in to online accounts is over. We are now squarely in the era of the Password Manager, an elegant and amazingly effective solution. Consumers should use a high-quality Password Manager, preferably a standalone application and not the version built-in to their browser. Highly-regarded Password Managers that participate in security audits include: 1Password, Bitwarden, Dashlane, KeePasXC and Nordpass.

Password Managers create long, truly complex passwords composed of random characters that look like r8:W3=7uU0VpcS; impossible to remember but — that’s the point. Consumers should use a DiceWare passphrase as their master password for their Password Manager. Correctly using a high-quality Password Manager means ordinary consumers are:

• Free from the chore of thinking up passwords.

• Free from the burden of memorizing passwords.

• Free from the worry of forgetting passwords.

• Free from the bother of typing passwords.

• Free from the hassle of frequently resetting passwords. 

By locking their devices when they walk away from them, and correctly using a Password Manager, consumers don’t even need to know what their passwords are, which is a huge relief. Typical users can eliminate 95% of the pain of passwords. Right Now. Today. Not sometime in the future. This is our current reality.

Paper Password Storage

As attractive as this solution is, some consumers don’t trust Password Managers, or simply don’t want to use them. Their best bet is to write down their modern, complex passwords and securely store them. Some consumers might use a combination of techniques; writing down and securely storing passwords for their most sensitive accounts, and using a Password Manager for their other online accounts.

Occasionally you’ll see someone ridicule the use of a printed Password Book. Don’t be taken in by their lack of awareness. For many people, the possibility of someone breaking into their home and gaining access to their passwords from a book is far less likely than becoming the victim of an online Digital Kleptomaniac™.

Use Of Passkeys For Sites That Allow It

Some online sites now offer a newer, stronger security option called “passkeys.”  A passkey is a small piece of random data, generated on your device (like your phone, laptop, or security key) for the purpose of logging in on a specific website. Once the passkey is generated, your browser registers it with the website and it gets stored somewhere safe (for instance, your password manager). From then on, you can use that passkey to log in to that website without entering a password.

Although the roll-out of passkeys has been a bit bumpier than we hoped, some sites are reporting high adoption from their users.

Multi Factor Authentication (MFA)

Consumers should enable MFA on every online account which offers it. MFA isn’t perfect, especially “legacy MFA” systems which use SMS text messages to deliver security codes to consumers.

But even “legacy MFA” is better than none at all, and consumers are familiar with it. MFA which uses authenticator applications or physical security keys such as YubiKeys are the best solutions currently available.

30 Years Later — It’s Time To Become Brilliant At The Basics

After watching what happens when typical consumers use the Internet, we now know what goes wrong, and what to do about it. You can think of these as the 4 Basic Rules of Cybersecurity:

1. Use passphrases to unlock devices.

2. Randomize passwords and store them in Password Managers.

3. Use passkeys when offered by the site.

4. Always turn on multi-factor authentication, preferably with the strongest available option.

Typical Internet users can’t and won’t become cybersecurity experts.

But all of us using the Internet can become better at protecting ourselves, our families and our businesses. We can increase our chances of staying safer online. In fact, by implementing these 4 best practices, we can become Brilliant At The Basics Of Cybersecurity.

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™