9. The Application of Cybersecurity: Principles and Practices 239 This is a type of password manager solution, but it may not be as secure as a full-featured password manager. There may not be a master password protecting the passwords, plus, the browser’s password security may be more vulnerable to attack. The bottomline on password managers is that they represent yet another security tradeoff. They make it feasible and convenient for people to use unique and uncrackable passwords for every website. This is a major security gain. However, they also suffer from the keys to the kingdom dilemma. If a single password is compromised (the master password), then all of a user’s passwords are compromised. The master password must be a strong password because password vaults are subject to cracking attacks just like password hashes. Another issue is that if the auto-fill feature is used with a password manager or a web browser, evil maid attacks are much more devastating. Once access to the browser is gained, then all of a victim’s online accounts could be compromised. This is one reason why password managers should only be opened when they are needed and closed immediately afterwards. An alternative to password managers is to write passwords down on paper. This is a valid security model because it eliminates the threat of the online hacker. It heightens the in-person threat, but for most people, the risk of physical theft or snooping is small compared to the online threat. However, it is also much less convenient—passwords are difficult to maintain and update on paper—and care needs to be taken to “backup” and safeguard the paper-based copy. 9.2.1.3 Use Multi-factor Authentication This text has mentioned multiple times the importance of multi-factor authentication. It heightens a user’s security profile substantially without requiring a significant amount of extra work. This is one area where the security versus cost tradeoff is clear—the costs are definitely worth it. Especially for important online accounts, for example email, social media, and any account involving financial information or health records, users should adopt a second factor. For most users the most convenient second factor is a push-based smartphone app. Another option is investing in a security key (see Section 8.1.3.3). 9.2.2 Use Cryptography Cryptography is the bedrock of cybersecurity. It is how cyberspace information is protected from theft and manipulation. Data needs to be protected in storage (at rest) and during transmission over computer networks (in transit). This section will highlight some best practices in both areas. 9.2.2.1 Protect Data at Rest Data at rest is data stored on a computer’s hard drive and on removable media. This includes all kinds of data such as personal documents, pictures, and videos. If the data is not encrypted, then it can be viewed by anyone that gains physical access to the storage medium. For example, if data is copied onto a thumb drive as a backup or for physical
RkJQdWJsaXNoZXIy MTM4ODY=