Security

You may be aware that there have been many cases recently of websites being hacked and user account details being compromised. ( recently Yahoo, dropbox, talktalk etc..) You can check if your email account details have been "pwned" here

https://haveibeenpwned.com/

Your online security depends on maintaining your PC virus free, using secure passwords, and making sure your old equipment does not have recoverable information when you dispose of it.

Passwords

We are told for security to use long (more than 8 characters) passwords that include Capitals, numbers and symbols; not to use a single word that could be in online dictionaries; not to use the same password on different sites; and not to write them down. Most 8 letter passwords could be cracked in a few seconds.

Here are some examples of OK and poor passwords:

Weak: Ih8Dave (Too short and password crackers know about text speak!)

Poor: Jim@15/08/1971 (Your name and DoB are all in the public domain)

Good: 6%tools%CATTLE$$ - combines numbers, symbols, upper & lower case - 16 characters.

Unfortunately different sites have different requirements for passwords. Some allow spaces, many dont, some force the use of digits and upper case, or will not allow more than 8 characters. So a common strategy which would help you remember them is not feasible.

Also, of course, if you FORGET such a password its a major problem! So one way or another you need to keep a secure record of your password for each site.

Keep a secure record of important passwords

Password managers: There are password managers - indeed some are free. I don't choose to use these because I dont feel "in control". If the password manager software fails I'd lose my passwords for important sites. Also if I need to access sites from another PC, I can not access my passwords.

Store important passwords on a secure document: This is my chosen approach. I open a document in WORD or (better still) OPEN OFFICE / LIBRE OFFICE and list my passwords and log in details like this:.

Barclays Bank username billybob password Bi11yBob£IsME

When my list is complete I save the document. But not yet - here is the trick. You need to ENCRYPT the file with a password. Its easy.

In WORD: Click the "Office" Button (top left of the window) and choose "Info" or "Prepare" depending on your version. Choose "Encrypt document" and add a SECURE, MEMORABLE password. Its the only one you will need to remember. Save as a WORD document.

In OPEN OFFICE or LIBRE OFFICE: its even easier. "Save as" and tick "save with password". Save as an ODF text document (.odt)
Again, use a SECURE, MEMORABLE password.

Now you can keep copies anywhere you like - even give them away - because without that password they can not be read. Keep a copy on your google drive and you can access it anywhere - and Open Office runs on Android as well as PC.

An example file passworded "billybob" had its password cracked in about 30min on an average PC - so pick a good secure memorable password!.

You can check the level of your password security here - but MAKE SURE the site address is correct before you enter a password.

https://howsecureismypassword.net/

 

For "unimportant" log-ins - forums etc - I use a common password that I can easily remember and type. A simple way to do this is to follow a pattern on the QWERTY keyboard - such as Xde4%tgh.

qwerty passcode

Data recovery and Secure disposal

Sooner or later you learn the value of backing up your data - onto CD, DVD, memory stick, or the cloud (Dropbox, Google drive etc). However when your PC breaks down its too late. Music videos etc are replaceable, but your photographs and documents may not be. Depending on the nature of the fault and the value of the data we can often recover at least some of your files from a faulty or failing hard drive. Early intervention is always best - if you suspect you have a problem please contact us.

For "mission critical" data you would need to use a specialist (=expensive) service if the drive was badly corrupted.

 

Secure Disposal

The only parts of a PC (or laptop) that maintain a record of your data are the hard drive(s), and ( if present) any installed memory cards or connected flash drives. All other information "evaporates" within a few seconds of the PC being turned off. There are several strategies for ensuring that secure data can not be recovered from your hard drive, depending on whether or not the system is still working, whether it is to be sold on, and whether on-site (i.e. supervised) destruction is required.

1G laptop hard drive

For working systems where the drive will continue to be used: (these processes can be followed by a clean reinstall of windows)

  • Format the drive - quick but not very secure.
  • Use a secure deletion software to overwrite ALL the drive several times - secure but VERY slow - up to 24 hours.

For non-working systems:

Remove the hard drive, install or connect to a working system, and use a secure deletion software to overwrite ALL the drive several times. Even if the drive will be destroyed mechanically its best to do this first.

Mechanical processes: These rely on total destruction of the drive.

Sledgehammer: drive enclosures are very robust, this isn't recommended.

Open drive case, remove the media, and score with a scriber, drill holes, or scarify with emery paper. Data can not then be recovered except with equipment only available to security services.

Open drive case, remove the media, burn or etch with strong acid; hazardous and not totally reliable.

Destroy disk with specialist equipment (shredder) - there are mobile services that do this. 100% secure.

Flash Memory

This should be securely deleted as described above. The important thing is to make sure that undeleted flash memory does not escape from your control.

flash memory