Online Security

I was thinking about some computer security practices that I think you should implement to help keep you safe and secure as you start to use your new phone. Lately I have been interested in computer security. These are presented in order that I would think you would do them if you had nothing set up yet, but the order is not really that important.

Section 1: The basics
A. Update you phone operating system and software. You should update the base software, called the operating system or OS, to your phone, which is usually found at the bottom of your settings. It is probably already up to date, but it is good to check. You should also update any apps you have on your phone, and try to keep them up to date, this is typically done via the Play store or the App store.
B. Don't download software you do not trust. Generally, the apps from the play/App store are safe but check permissions for apps before you install. The less you know about an app the less you should trust it.
C. Beware of scams and other tricks to get you to give away your personal information. There is so much to say about this but I will trust you to do your own research on how to avoid getting ripped off or getting you identity stolen.
D. Do not use the same password for two sites/apps. Do not use easy passwords. Store your passwords in a safe place
E. Require the PIN to login to your phone.
Section 2: Good passwords.
A. Writing down passwords on paper is safe as long as you have a good place to store them. Paper can not be hacked and basically nobody is going to break into your house to steal passwords.
B. To store passwords on you phone do this: Download Keepass, Google authenticator, Gmail, and Google drive. I think these apps are the basic ones that you will need to start generating and storing passwords.
C. Generate a strong, memorable password and a PIN for your phone with diceware, found here https://www.eff.org/dice You should write them down, on paper and store the paper somewhere safe and where it wont get lost.
D. Open Keepass and generate a new password container. Use the password you generated above as your master password.
E. Create a Google account. Make sure to use a secure password generated with keepass.
A. Enable two factor authentication with Google authenticator. You can find this in Google security setting You should probably also write down a complete set of one time use code and save them someplace safe. You could consider adding a phone number as a third back up. You will also need to back up your google password.

F. Back up the keepass database to Google drive.
G. Now whenever you need a new password generate it with keepass and then save the database. This way you have a unique password for every site, that is also hard to guess and it is easy to use. Most apps stay logged in all the time so you will not have to copy paste your passwords very often.
H. Sometime when you create a new account on a website it asks you for security questions (the classic example is your mothers maiden name). You should just use another randomly generated password to fill out these questions. For example Mothers maiden name is now x!$juIg7 Of course you also have to keep track of this inside of keepass.
Section 3: Bonus
A. I think the best messaging app is called Signal, developed by Open Whisper Systems. https://whispersystems.org/ It includes, text, mulitmedia messaging, group chat and voice calling. You need a mobile phone number to sign up. It can replace your default text messaging app, which lets you use it with out thinking about it.
B. The second best app is called Wire. https://wire.com/ It has all of the features that you would want in a messaging app, text, pictures, video, calling, multi user video calling. My username is “verkohlen”
C. I think the third best messaging app for you to use is called GetGems http://r.getgems.org/m/kXaKaKaeOn The app has text, group text, mulitmedia, stickers, secret chat and voice messages.
C. I would be sure to write down and store in a safe place the following: Your phone PIN, you google password, a set of google one time codes, and your keepass master password. You could tape it to the bottom of your desk, put it in your favorite book, bury it in the back yard or something else cleaver. You might want to tell a trusted friend or family member where you put it as a back up.

D. To learn more try these websites
https://www.bestvpn.com/the-ultimate-privacy-guide/
https://ssd.eff.org/

Doing these things will keep you safe from most of the common attacks that occur these days. Password reuse is really a significant attack and using a password manager will help with that.

I think implementing these basic security practices should help keep you from getting any of your on line accounts hacked.