(201) 961-8023 russ@tovar.tech

What is Device Hardening?

Hardening is a set of practices and procedures to protect your computers, laptops, smartphones and accounts against threats from malware, theft, hackers, and privacy abuses.

Strong Passwords

Using strong passwords is the most effective way to harden your accounts and devices. Here is what you need to do.

Change all your passwords. All of them. Do it as soon as possible. Use a password manager.

Follow these guidelines:

  • Use a minimum of 16 characters
  • Use letters, numbers, upper case, lower case, and symbols
  • Use a random character generator, example: Zl3b#XWa0DRBCHn9
  • Never reuse a password–anywhere
  • Use multi-factor authentication whenever possible, especially with accounts that deal with personally identifiable information, money, or systems administration
  • Never store your passwords in your browsers or let your computer store your password for you. Passwords can be viewed and compromised with elevated permissions.
    • Transfer your passwords from your browser to a Password Manager
    • Delete your existing passwords in your browser
    • Tell the browser not to offer to save your passwords
    • Turn off your autofill

Using a Password Managers

Store all your passwords and vulnerable information in one place

A password manager stores all your strong passwords. Chances are you have hundreds of them. It’s also a vault where you can also store your important information in notes and encrypted files, for example: a digital copy of a birth certificate, your child’s social security number, your license plate number and VIN, or perhaps a software license key sent to your email. Your “vault” is encrypted and (by today’s standards) impossible to break.

Install your password manager’s app on all your devices

Use your smartphone to access your passwords when you need them work or school, on public computers or corporate networks. Install the Password Manager on your laptop and desktop computers so your passwords are always accessible to you. Most all Password Managers allow you to copy your strong password into your device’s clipboard, then paste it where you need it.

    Use multi-factor authentication

    Multi-factor authentication strengthens your credentialing by adding another layer that requires a second “key.”  It makes it extremely difficult for an authorized person to access your account. Generally speaking, there are three types factors:

    • Something you know like a password, PIN, or secret question
    • Something you have like a security key, authentication app, or smart card
    • Someone you can prove you are like with a fingerprint, or biometric device

    The strongest factor

    The least strongest is your password which can be broken, stolen, captured, or viewed. Others are secret questions like “Where do you meet your spouse or significant other?” Well your spouse would certainly know that information. 

    The second, in my opinion, is something like a biometric recognition depending on the technology. I was surprised to hear my nephew opened my brother’s Surface Pro notebook because they look so much alike. 

    The strongest is a security key or smart card which is a device that plugs into your device like a key to a door. This device cannot be replicated remotely, it must be physically plugged in by you.

    In Practice:

    Putting it all together, here is what your new “hardended” password practice looks like. Let’s say you’d like to use your bank account on your laptop. This workflow assumes you have setup multi-factor authentication on both your bank account and your password manager.

    1. Open a web browser
    2. Go to your bank’s website login page
    3. Open your Password Manager app
    4. Type in your Master Password
    5. [The Password Manager should prompt for a second authentication]
    6. Put in your second authentication
    7. [Password Manager opens]
    8. Search for your password
    9. Copy it to your laptop’s clipboard
    10. Go back to the bank’s login page
    11. Enter your user name
    12. Paste your password from your laptop’s clipboard
    13. Click submit
    14. Put in your bank’s second authentication 
    15. Submit
    16. You’re in [end case]

    What Password Manager Do I Use?

    Keeper Logo

    I’ve tried many password managers. At the time of this writing, I like Keeper. It’s purportedly has the strongest encryption on the commercial market. I find it easy to use and I love that it supports many different platforms like Mac, Windows, Android, IOS, etc. I love that it supports a variety of 2-factor authentication methods. I love the self-destruct feature and that I can store actual files in my “vault.” 

    https://keepersecurity.com

    What Multi-factor Authentication Method Do I Use?

    Security key

    Yubico logo

    I use a Yubiko security key. It works with most of my important accounts. I use it wherever it’s an option when setting up multi-factor authentication. I keep it on a special key ring and safeguard it like keys to my home.

    https://www.yubico.com/

     

    What is my Go To Authenticator App?

    Symantec logo

    An authenticator app is a form of multi-factor authentication. It’s paired with an application or website and generates a code that changes every 60 seconds. I use Symantec VIP for no other reason than my former bank used it as their authenticator app. I put all my accounts in this one app essentially making it my “credential wallet.”

    https://vip.symantec.com/

    If you’d like assistance with hardening practices and navigating security issues, please contact me. I’d be happy to give professional advice and assist as needed.