The Webteam is approached from time to time on issues of securing your identity, privacy, security, safety, and spam.
Please use the following advice to improve your privacy and security practices when using email, your phone, or your computer.
Secure your device
- your account or login with anyone, ever
- if you are sharing a computer, create a separate standard account for every user, and a separate admin account (see more information)
- always lock your device
- on a mobile device ensure you have a pin, swipe, or biometric password turned on
- use automatic lock, e.g. after a timeout
- never, ever, give user accounts administrator privileges
- create a separate admin account with administrator privileges, using its login when escalated privileges are required from a standard user account, e.g. to install software
- install and configure remote locking and tracing software
- mobile device security check
Secure your email
Your main email account is the key to your identity, and probably many of your assets.
- your passphrase (aka password), ever. This means don't tell anyone, don't email it (but you can write it down in a secure place, or use a password manager)
- always use two factor authentication, e.g.
- choose a strong passphrase
- use a unique passphrase for your email account, and for each other "high value" account, e.g. your bank account
- if using passphrase recovery questions do not use ones that can be discovered (e.g. mothers maiden name, first school, etc)
Maintain your device
- keep the operating system up to date, enable automatic updates
- keep all software up to date, where possible enable automatic updates or checking for updates
- use anti-virus software, e.g. the following are free for personal use
- always ensure the firewall is on
- choosing secure passwords (Bruce Schneier)
- creating a strong password (Google)
- create strong passwords (Microsoft)
- CERT NZ guide to cyber security