21 security tips for working from home during COVID-19


#1

Android, iOS, macOS, and Windows devices all have built-in encryption systems

yes, i’m sure they do … what a shit-show the start of 2020 turned out to be !

better yet - start transitioning to free-software ! and look for Purism products !


#2
  1. Enable two-factor authentication on all your accounts

This is a two-edged sword. We all understand why you might want to enable 2FA. However there are reasons to want not to:

  • It means sharing even more personal information with the provider (web site) and/or exposing yourself to even more spam and scam.

  • It may mean having to run an untrusted app on your phone.

Hardware 2FA tokens are better in that regard.

  1. Change your home WiFi’s password … especially if you have shared that password with guests.

I recommend having a router that supports multiple SSIDs. Then you can conveniently change the passphrase every time a guest has used your (guest) WiFi. If your router (WAP) can’t do that then having a second WAP just for guests can be an improvement. That may also better allow you to control traffic from the guest WLAN e.g. limit what kinds of traffic are allowed and e.g. limit what other devices on the LAN guests can access.

Fortunately noone has guests at the current time, right?!?!

  1. Turn off network name broadcasting

I think this is generally considered to be bad advice - because it doesn’t actually suppress the SSID ever being broadcast but it does make your life more difficult.

Video conference securely

  1. Ensure there is no sensitive information sitting on your desk or in view of the camera

This bears highlighting!!!


#3

Exactly the reason I refuse to accept annoying offerings to enable mfa using my mobile phone. If you do not support standard TOTP - sorry, would rather be rekeying my password frequently enough.


#4

I know at least one bank who’s passwords are not case sensitive and only offers text for MFA… So while the most secure thing would be to not use that bank if that’s not a practical option for some reason the text based MFA is the best you’ve got to work with.


#5

can the librem key be used as such ?

what other open-hw/free-sw implementations exist on the market ?


#6

Good question(s) but even if the answer is ‘yes’, the web site itself would have to contain the necessary support.


#7

How does using a authenticator app share even more data. The only thing you are using to set it up is a shared string or barcode. The only thing being potentially shared is that you are logging into a service maybe. Seems like a small trade off for essentially barring 99.9% unauthorized login attempts…

To your second point: Are there really no trusted authenticator apps on your phone? Trust is the magic buzz word tossed around here a lot, but I think we’ve already established that for the average user, trust is something that has to be offered, whether it is a big corporation, nameless open source contribution, or anything in-between, and they will be clueless to the way the app actually works. Previous rant thread here on the forum I think demonstrates this well.


#8

That bullet point more went to those web sites that want a mobile phone number for 2FA and you would not otherwise have had to provide a mobile phone number.

I guarantee that there are no trusted such apps on my phone - because the one that is there is untrusted - hence my desire to push it off onto Anbox cloud. Of course it is laughable from a security perspective doing 2FA via Anbox cloud but when you have no choice about using 2FA, you do what you have to do.