J.D. Roth recently wrote about his journey to finally use a password manager for his old and weak passwords. I know what this is like as I used a (password protected!) spreadsheet to track my passwords for years, which kept track of passwords that I generated when I was a teenager. I use Lastpass which is essentially $1 per month per device. Makes it very easy to create passwords of the max length allowed by the site and that are not easy to guess.
In addition to a password manager, enable two factor authentication (2FA) for your accounts. This forces you to be more deliberate with your login procedures, but should prevent someone from accessing your accounts through password attacks. You can also stay logged in to an account so you don’t need to use 2FA each time, but if you forget to fully log out then you could be saving your account data on certain machines or profiles.
To enable 2FA, you will likely get a text message from your account, use a code given by the system when you enabled 2FA, or use a one-time code from an authenticator app, such as Google Authenticator or LastPass Authenticator.
To get even more complex, you can use encrypted folders on your local machine. I use ecryptfs which is relatively easy to install on Ubuntu based systems. The folder is decrypted each time I logon and encrypted each time I logoff. Windows 10 encrypted folders can be a little more complex and the types of encryption available vary based on the version of Windows 10 you have installed.
- Security ebook from ProtonMail
- Open Source Intelligence (OSINT) techniques
- Tools from the USA show Mr. Robot
Update: I grew weary of Google Assistant listening to my conversations and making unwanted suggestions. Finally found a way to turn it off here.