182 sats \ 4 replies \ @SimpleStacker 21 Aug \ on: What would you recommend for non-tech people to improve their online security? security
The biggest security gains will come from your own behavior, not from software. No amount of privacy browsers or password managers or security oriented OS will help if you don't practice good operational security
While I agree with the spirit of your statement, I think its important to remember something. In the same way we expect everyone to be in ultimately in charge of their own health, we simultaneously don't expect everyone to have the same knowledge that a doctor has. It should be clear and obvious to me that something like smoking will damage my health even without education, hence the warning label.
Software engineers and security experts have a duty to make it as easy as possible to do the right thing, and the reality of the situation we have now is that its actually kind of hard for a normal person to practice decent security online.
For example, telling everyone to use a unique password everywhere and simultaneously remember all of them. Its hard to even explain why that is important. Its all far too complex for most people. Especially the elderly. Password managers are a good step but the facts are websites are breaking compatibility with them all the time and it is still hard to use them without paying for a subscription. Passkeys are a good further step. Hopefully we get to a place where no one is expected to have a photographic memory for random strings or pass phrases.
reply
Yeah, I agree with you too.
I think the point I was more trying to make was: don't just think you're safe just because you have the right tools. If you don't have good security practices along with those tools, you can still easily be compromised.
Phishing and social engineering are the obvious examples, but there are other simple ones too like turning off clipboard history (which is turned on by default in windows), setting an automatic lock time on your password manager, etc.
reply
"don't just think you're safe just because you have the right tools." - exactly.
This reminds me the quote from Bruce Schneier:
"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
And yes, my first recommendation for the people is to educate themselves and others. Cyber awareness. However, I sometimes got the question about the "top" (tech) thing what the non-tech people could do for better protection. In addition to the education. Something which helps with preventing the common attacks. Some quick-win or low hanging fruit.
Obviously, we cannot expect that 1, 3, 10, or hundreds technical countermeasures will stop all attacks. However, with several simple things, we can help people to prevent or at least recognize lot of common attacks.
reply
Very nice. My professor at the University once told us, that regarding Security, the Computer Science failed in one thing: while we have lot of proofs that bricks are safe and secure, we still cannot guarantee that the house built using those bricks will be safe and secure too.
Basically, we do not have simple techniques how to connect the bricks together, how to use glue in the way that we do not affect their security.
There are lot of formal proofs using Turing machines and finite-state automata, but we lack of proofs for the computers and software we use on daily basis.
reply