What is Device Hardening?
Hardening is a set of practices and procedures to protect your computers, laptops, smartphones and accounts against threats from malware, theft, hackers, and privacy abuses.
Using strong passwords is the most effective way to harden your accounts and devices. Here is what you need to do.
Change all your passwords. All of them. Do it as soon as possible. Use a password manager.
Follow these guidelines:
- Use a minimum of 16 characters
- Use letters, numbers, upper case, lower case, and symbols
- Use a random character generator, example: Zl3b#XWa0DRBCHn9
- Never reuse a password–anywhere
- Use multi-factor authentication whenever possible, especially with accounts that deal with personally identifiable information, money, or systems administration
- Never store your passwords in your browsers or let your computer store your password for you. Passwords can be viewed and compromised with elevated permissions.
- Transfer your passwords from your browser to a Password Manager
- Delete your existing passwords in your browser
- Tell the browser not to offer to save your passwords
- Turn off your autofill
Using a Password Managers
Store all your passwords and vulnerable information in one place
A password manager stores all your strong passwords. Chances are you have hundreds of them. It’s also a vault where you can also store your important information in notes and encrypted files, for example: a digital copy of a birth certificate, your child’s social security number, your license plate number and VIN, or perhaps a software license key sent to your email. Your “vault” is encrypted and (by today’s standards) impossible to break.
Install your password manager’s app on all your devices
Use your smartphone to access your passwords when you need them work or school, on public computers or corporate networks. Install the Password Manager on your laptop and desktop computers so your passwords are always accessible to you. Most all Password Managers allow you to copy your strong password into your device’s clipboard, then paste it where you need it.
Use multi-factor authentication
Multi-factor authentication strengthens your credentialing by adding another layer that requires a second “key.” It makes it extremely difficult for an authorized person to access your account. Generally speaking, there are three types factors:
- Something you know like a password, PIN, or secret question
- Something you have like a security key, authentication app, or smart card
- Someone you can prove you are like with a fingerprint, or biometric device
The strongest factor
The least strongest is your password which can be broken, stolen, captured, or viewed. Others are secret questions like “Where do you meet your spouse or significant other?” Well your spouse would certainly know that information.
The second, in my opinion, is something like a biometric recognition depending on the technology. I was surprised to hear my nephew opened my brother’s Surface Pro notebook because they look so much alike.
The strongest is a security key or smart card which is a device that plugs into your device like a key to a door. This device cannot be replicated remotely, it must be physically plugged in by you.
Putting it all together, here is what your new “hardended” password practice looks like. Let’s say you’d like to use your bank account on your laptop. This workflow assumes you have setup multi-factor authentication on both your bank account and your password manager.
- Open a web browser
- Go to your bank’s website login page
- Open your Password Manager app
- Type in your Master Password
- [The Password Manager should prompt for a second authentication]
- Put in your second authentication
- [Password Manager opens]
- Search for your password
- Copy it to your laptop’s clipboard
- Go back to the bank’s login page
- Enter your user name
- Paste your password from your laptop’s clipboard
- Click submit
- Put in your bank’s second authentication
- You’re in [end case]
What Password Manager Do I Use?
I’ve tried many password managers. At the time of this writing, I like Keeper. It’s purportedly has the strongest encryption on the commercial market. I find it easy to use and I love that it supports many different platforms like Mac, Windows, Android, IOS, etc. I love that it supports a variety of 2-factor authentication methods. I love the self-destruct feature and that I can store actual files in my “vault.”
What Multi-factor Authentication Method Do I Use?
I use a Yubiko security key. It works with most of my important accounts. I use it wherever it’s an option when setting up multi-factor authentication. I keep it on a special key ring and safeguard it like keys to my home.
What is my Go To Authenticator App?
An authenticator app is a form of multi-factor authentication. It’s paired with an application or website and generates a code that changes every 60 seconds. I use Symantec VIP for no other reason than my former bank used it as their authenticator app. I put all my accounts in this one app essentially making it my “credential wallet.”
If you’d like assistance with hardening practices and navigating security issues, please contact me. I’d be happy to give professional advice and assist as needed.