Ignore the fact that Google’s going to downgrade your sites if they’re not HTTPS soon. That’s not what I’m talking about.
I’m a strong proponent of Net Neutrality and Freedom of Speech. I certainly intend to speak up and write and protest in the coming weeks and months, just like I have my whole life. I look at the world and I see things that need changing. So while this blog is about technology and computers and the Internet and websites, it has an impact on my political actions.
Or rather, it’s that my political actions impact this site.
People try to hack me all the time. All the damn time. Within the last 24 hours, over 400 people have tried to break into my ‘root’ account. It’s not named root. Good luck there. But the point is that people do try to hack me. They attack my WordPress install, my server, my email, my social media accounts, and my home wifi. I suspect the last one is my neighbor being stupid.
This means I know that speaking up will make me a target and, because of that, I need to secure the hell out of my stuff. And that means using Two Factor Authentication.
Use Strong Passwords
I use 1Password to both create strong passwords and securely store them. A popular alternative is LastPass, but having used both, I find 1Password easier to use. Regardless, use them. My passwords are things like
4seqKD)CsbG=iQnVoirwZ77+ which I hate typing in when I have to change them, but thankfully with browser extensions I not only don’t have to, but I don’t know my own passwords.
I can just generate and go.
Secure your Email
I know a lot of people use Gmail. I pay them for email right now (long story, tl;dr no one does spam better). That doesn’t mean I fully trust them but, since I pay them, I know I have a different relationship than the free Gmail one. Still I use 2-step verification on gmail.
If you need super secure and private email, ProtonMail is the way to go. Sadly it’d be $30 a month for my multiple domains. I wish they’d charge per email address, but that’s another issue.
Secure Your Panels
Everyone logs into web hosts the same way. We use a panel. It might be Plesk or cPanel or a home-grown system. It doesn’t matter which. Whichever one you use, make secure passwords, don’t share them with anyone, and if at all humanly possible, use Two Factor Authentication. If your webhost doesn’t offer it, leave. I know what I just said. If they don’t offer some method of verification, they’re not safe.
When you secure your panel, make sure you also secure your billing stuff. For example, I use LiquidWeb. They use cPanel and I activated Two Factor Authentication for that. But they also have a proprietary manage site where I log in for billing and server allocations. That also needs security. Make sure you do it on both.
Secure Your Blog
If you use WordPress.com, Turn on Two Step Authentication.
If you self host WordPress, use a plugin like Two Factor. That’s the feature project’s plugin that hopes to be added to WordPress core, so it’s a little rough around the edges. While I do have fundamental issues with 2FA being enabled by default for all users of a blog, it’s because I understand that most users are not technical.
It’s a double-edged sword. If we don’t teach people to be a little more technical to be a little safer, they won’t become safer. On the other hand, with things like 2FA and WordPress, there’s no real way for them to contact a person for help. If you turn it on, then everyone who locks themselves out gets to either call their webhost (who isn’t responsible for that) or a young relative (who didn’t sign on for that) or post in the support forums (who did sign on for that, but still).
Secure Social Media
Twitter’s sucks, by the way. It’s text based, which means you can only use it via text-messages. Facebook requires you to use texts, but allows it to be a backup to a code generator like Google Authenticator.
The moral of all this? Be secure.