I’ve spent a lot of time talking about general computer security issues in GeekJabber’s Tech Tips sections. These topics have also been discussed in great detail in different GeekJabber Live episodes we’ve broadcast. The reason for this is that this is one thing people frequently get wrong.
Security has become a hot topic recently due to the recent data breach over at Twitch, one of the biggest streaming services for gamers. This is an important discussion to have. This may be old news now as it happened a few weeks ago, but I think it’s about time to summarise a few security principles to help protect yourself when these breaches occur.
We have delved into this in a recent GeekJabber Live episode. I think it’s time to also add a hopefully easy-to-digest article to add to our tech tips section.
So why should security matter to me?
In the context of the Twitch breach, some may be asking why I’m not diverting more of my effort towards Twitch. Indeed, they should be taking responsibility for the vulnerabilities that caused the breach, and it appears they have made some effort to do so.
There’s one thing that seems to be missed in these discussions though. A site like Twitch has several hundreds of thousands, or maybe even millions, of lines of code powering it. There are also several hundred servers powering these sites. Most responsible platforms will go to great lengths to make their site as secure as possible. But it only takes one mistake in their code for a vulnerability to exist. It only takes one server to be misconfigured for a vulnerability to exist. It would be almost impossible to guarantee that a project of the size of something like Twitch would not have a single mistake.
This complexity means that any site is potentially vulnerable. It’s inevitable that significant breaches like the Twitch breach will continue to occur, even on sites that take security seriously. By taking a few precautions, you can help limit the damage should one of your accounts be caught up in a breach. In this sense, it makes security a shared responsibility. The sites you use should take responsibility for making sure their services are as secure as possible. You should take responsibility for making sure you’re following good security practices to reduce your risk.
So here’s a summary of things you can do to reduce that risk.
Use Good Password Security
This is one of the most basic things people get wrong. People choose passwords that are easily cracked, and reuse those same passwords across multiple sites. The risk here is that, in the event of a breach, your password might get quickly cracked and then be used to log into other accounts. This opens you ujp to a bigger data breach, including possibly identity theft.
There’s an easy way to manage this. The biggest one is to use a reputable password manager. This will help you choose good secure passwords as well as help you keep track of unique passwords for each service you use.
By using a password manager in this way, if one of your passwords ever get breached, it only affects that one service. It makes it quicker to secure your account again in the case of a breach, as you only need to reset one password.
Use Two-Factor Authentication
A lot of services now allow you to use two-factor authentication. This usually works after you’ve entered your password by sending a code to you via SMS or by requiring you to enter a code from an app on your phone to complete the login.
This can go a long way to improving the security of your account. If one of your passwords becomes compromised, it adds another step that needs to be compromised before the account is usable.
We’d recommend switching this on where it’s available. It’s usually only a minor inconvenience, and it will make it a lot harder for someone to successfully get into one of your accounts.
Use Reputable Antivirus
Most PC gamers use the Microsoft Windows platform out of convenience. It’s the most popular platform for PC games. One of the downsides of this platform is it’s one of the biggest targets for malware and viruses, due to its install base on desktop computers and laptops.
That’s not to say other platforms are immune. Malware exists for the Apple Mac platform and, while it’s rare to it them in the wild, malware and viruses technically do exist for Linux.
This means that an antivirus solution of some description is a good idea. The ones built into Windows and MacOS have improved significantly over the last few years and are better options than they used to be. There are third party options that offer additional functionality and, in some cases, offer additional protection over what’s built into the operating system
Whichever option you go for, having it enabled will help guard your machine against malicious code. This will help keep your machine from any threats that might try and intercept you entering any of your login details.
Install Security Updates
Windows Update has built a reputation for occasionally breaking things. While I personally have not been affected by this, it seems some are affected nearly every time. This has meant that some people are discouraged from installing updates.
At the very least though you should be installing security updates. These patch particular vulnerabilities on your computer that could be used to attack you or someone else. Even if you don’t install other updates, security updates should be installed to offer protection from these vulnerabilities.
Regularly Visit HaveIBeenPwned.com
The Have I Been Pwned website is an invaluable resource. You can regularly monitor your email addresses to identify whether you have been caught up in some high-profile data breaches that you might not be aware of.
The site also has a lot of valuable tools to work out whether a password you have has been breached previously placing you at greater risk. It’s a very valuable resource for helping you keep track of breaches that might affect you that might have escaped your attention.
The website can be accessed here.
There’s always a risk that one of your accounts will get caught up in a security breach. There are risks that are outside your control that you won’t be able to mitigate against. After all, with the sheer size of the code that runs most websites and the number of servers running them, it’s very difficult to get it right 100% of the time, even amongst sites that take security seriously.
Having said that, being proactive with the above tips means that you reduce your exposure should a breach occur, and help limit the damage to you. This is important as, while it doesn’t do anything to undo an attack, a bit of common sense means that it’s a lot easier to clean up and there’s a lot lower risk of long-term damage to your accounts or reputation.