How To Build A Virtual Castle To Defend Against Hackers Simple Enough For Anyone To Accomplish
I built my first computer with my father (rest his soul) when I was 11 years old. Since then I was hooked. I loved computers and everything about them. They would become my career, plague my life view philosophically (simulation theory) and become the thing I spent most of my time on. Which I have no RaGrets.. not even one letter. 😐 I eventually became a QA Tester for video games at THQ, 2K Games, Activision, etc. etc. and finally found my way into cyber security thanks to the humble beginnings of Sub7.
Now that you have an extremely simple intro into my life, I will layout the basics to creating a system that will help make you pretty much un-hackable as long as you follow these best practices, which hopefully I’ve made as simple and noob friendly to follow as possible. Let’s get started.
- Create multiple email accounts, I’d personally say at least 3 or 4 for maybe more advanced users, but definitely no less than 2.
- First e-mail (or second if we count the e-mail that you use as default currently and won’t be changing most likely) will be your most secure e-mail.
- Second (or third) e-mail, will be one that you can start using on things that you still want to be secure, but should not remain on your currently (most likely breached) account. I.E. your Amazon, Netflix, Hulu, Etc. Things containing financial data, and still important accounts.
Lets say that you have 3 emails (ideally you will have at least 3, but absolutely no less than 2), one will be the main address that you’ve been using over the years and probably can’t get rid of at this point, so we’ll keep it that way, but it will now become a sort of junk email. Assume this e-mail has been compromised over the years and is no longer safe. It probably has. You can type your e-mail into haveibeenpwned.com to find out.
I personally don’t like clicking links if I don’t have to, nor creating links myself, but for the convenience of others:
So that means that we will need to make a new e-mail with a brand new, secure password, and update our information on a couple of different accounts. This does take some work, but will be completely worth it in the end.
Make an email that you specifically and only use for your financial logins/websites/etc. Basically anything that deals with your finances or has the same importance.
For Example: I could make seanfinancesonly@gmail.com let’s say. This would be my most secure email, that I have a password created for this email that I use for absolutely nothing else. (I will go into examples for systems on secure passwords later on.) Ideally this email and password are created in your home network, with a VPN turned on, your mobile data should be fine as well, considering you trust you carrier enough with your data. Still I always use a VPN no matter how trusted my network is.
Make an email that you will use for things that you need to be secure, but not necessarily your finances. This could be anything else you view as life altering if hacked, or just important information websites, things you don’t want leaked. Whatever the reasoning may be. (i.e. Facebook, Twitter, Amazon, Netflix, etc.)
I could make seansecurestuff@gmail.com for example and again, have a password used only for this email and nothing else whatsoever. The same applies from above to everything that continues on through this email:
Always use a VPN, I can not stress that enough, even on your home network, privacy is something we are just barely on the forefront of and can’t be assumed that it’s safe in anyone’s hands but your own until we finally get to whatever point it is where we are safe. Tor network works as well, but when setting these things up, make sure you are secure when creating these, or it defeats the purpose.
Then your original mail that you have already, will become your junk mail for lack of a better term, or least secure mail, considering that you can’t verify the security of it over the years of use, so might as well just assume it’s not super secure and leave it be, it’s still usable.
That means, after creating your new emails, update all of your logins that are necessary to do so. Update your bank logins, credit cards, investment profiles, etc. Anything financial. You can use the password you used for the secure email you created considering you will not be using these or leaking these emails or anything about them for any other reason.
Start using your second created semi-secure email for things that you don’t want hacked, or are very important, try to keep this at a limit and pay attention to where you enter this email into and what sites get access to it’s existence.
After you get everything switched over and have all your super important accounts set up under your new secure emails, don’t use them for anything else and do your best to keep the internets awareness of these emails to an absolute minimum.
Now to password best practices: The best option is to use a password manager. I personally like Dashlane, and that’s what I currently use and I pay for the premium option, it’s completely worth it. You can use my referral link to get 6 months free: https://www.dashlane.com/cs/vINlRvc2zJuP
Also, Look into buying yourself a FIDO U2F Security Key as well, such as a Yubikey or Google Titan. U2F stands for universal second factor, and it’s like a physical password that requires your physical authentication to log in.
This is the part where I’m supposed to tell you to absolutely never reuse passwords. I will tell you that, of course, however I am human and guilty of this and probably will commit this crime a few more times this week alone. So don’t feel bad if this one takes a while to get into a habit of.
However, when I do reuse a password or whatever let’s say my password is my name SeanPass9#&%^ make sure you always use a few capital letters, numbers, and symbols in your passwords, always, they can always be the same symbols to make it easier, but I’ll change it up:
for example SeanFacebook9#&%^, or SeanInstagram9#&%^, etc etc. I’ll use the same format for my passwords, where the middle part will be the variable that I know I will remember when I create the password, a lot of times, using the site or service that I’m signing up under.
Obviously these are just examples, don’t use your first name, and a better option is to use an entire sentence or phrase like “My Facebook Passw0rd Is Something 1 Will R3m3mb3r” is a good option too, with spaces and all.
My main point is try to set up a system that is easy to remember Word+Variable+[numbers+symbols] or same thing with a phrase “My [Account] Passw0rd Is Something 1 Will R3m3mb3r 9#&%^”
Take Aways:
- You’ve probably been compromised if you’re the type of person that hasn’t worried too much about your personal security when it comes to the internet. So get started on changing that.
- Always, Always, ALWAYS use a VPN on Public WiFi at the very least.
- Always make use of 2FA, or MFA when possible. I use Google Authenticator, and I use another one that allows cloud backup of my keys just in case. I also have a personal decentralized cloud, not google drive or anything like that, that I back everything up to. (However, Google Drive should be sufficient.)
- I have multiple security keys, I recommend Yubikey and Google Titan. I have all of them. I have the Google Titan, a Yubikey 5c, and a Yubikey 5 NFC which is also USB capable.
I hope this helps people understand how to secure themselves a bit more in this crazy world. Most “hacks” that occur are based on human error. Not zero-day exploits or other vulnerabilities, however those obviously exist as well.
Good luck everyone on your intraweb adventures and stay safe!
If you liked this article, please Follow me, subscribe to me, and give as many claps as possible (50 claps is max, just mash the clap button until it won’t let you anymore) if you like my content and don’t mind supporting a new writer getting his start, no matter how big or small the support I am eternally grateful for it all! Thank you!
My site will be up soon on unstoppabledomains:
https://definanced.crypto.hosting
Thanks a bunch everyone, hope you enjoyed! I appreciate all the support! Please Follow me and the slower you read the article, or more time you spend on the page helps out more than you could ever imagine. Thanks again.
-Sean “Legionz” Thomas