Difference between revisions of "Security notes / Unsorted"

From Helpful
Jump to: navigation, search
m ("Is it important to use a VPN?")
m (Is it important to use a password manager?)
 
(3 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
==Is it important to use a password manager?==
 
==Is it important to use a password manager?==
 
<!--
 
<!--
As in a password manager, so that a generated password per site becomes easy?  
+
As in, have it generate and automatically fill in a password per site, something that's a little too annoying to do yourself?  
  
 
It's wiser than not doing so.
 
It's wiser than not doing so.
  
  
Since you do not really know the quality of any one site's security, you should assume likeliness of a particular site being hacked as likely to happen eventually.  
+
Primarily because of password reuse.  Since you do not really know the quality of any one site's security, you should assume likeliness of a particular site being hacked as likely to happen eventually.  
  
If that user/password combination is used on many other sites (most people reuse just a few passwords), damage control is much harder on you. Largely because you probably don't remember which ones.
+
If that user/password combination is used on many other sites (and most people reuse just a few passwords), damage control when that happens is harder on you. Largely because you probably don't remember which ones.
Having it always be just the one is
+
  
  
(changing one's password is suggested, and sometimes policy, for similar reasons: it means )
+
This is sort of true ''even'' if the password manager isn't perfect, just because it's easier for hackers to attack one site will a million users, than it is to attack a million users individually.
 +
 
 +
 
 +
There ''are'' a handful of further footnotes to this, though.
 +
 
  
 
-->
 
-->
Line 22: Line 25:
 
=="Is it important to use a VPN?"==
 
=="Is it important to use a VPN?"==
 
<!--
 
<!--
mostly not.
+
Mostly not.
 +
 
 +
The VPN (sponsored) ads you've seen lately are leaning heavily on the "overheard in public" kind of fear.
  
The VPN ads you've seen lately are praying on the "overheard in public" kind of fear.
+
(Also, there may be good, but not-so-easily-put-in-these-ads reasons, like getting around country restrictions, or not getting disconnection warnings from your own ISP for using P2P.)
  
And/or need to have good sounding reasons next to the reasons some people will really get them, like getting around country restrictions.
 
  
 
Upsides
 
Upsides
: wifi points can't snoop on the increasingly small set of unencrypted data
+
: public wifi points can't snoop on the unencrypted data  
 +
:: only necessary for sites that don't encrypt - more and more do
 
: your ISP can't snoop on DNS lookups, i.e. the names (and ''only'' the names) of the sites you visit
 
: your ISP can't snoop on DNS lookups, i.e. the names (and ''only'' the names) of the sites you visit
  
Line 39: Line 44:
  
 
Neither:
 
Neither:
: doesn't make you more anonymous (browser wise)
+
: it doesn't make you anonymous, it doesn't protect your identity or privacy in many meanings
:: any site you log into knows you
+
:: your ISP doesn't know anymore, but the endpoint, the sites you onnec to, do.
:: there are plenty of other browser-based tracking methods
+
:: particuarly browser-wise - any site you log into knows you, and there are other tracking methods
 
: doesn't ''increase'' security for most things that matter
 
: doesn't ''increase'' security for most things that matter
 
:: ''All'' sites where security matters (banks etc) use encrypted connections already. This is what that padlock in your browser represents. (it indicates HTTPS (HTTP over SSL/TLS))
 
:: ''All'' sites where security matters (banks etc) use encrypted connections already. This is what that padlock in your browser represents. (it indicates HTTPS (HTTP over SSL/TLS))

Latest revision as of 23:38, 3 December 2019

Security related stuff.

Practical


Theory


Unsorted


This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)


Is it important to use a password manager?

"Is it important to use a VPN?"