These 4 rules are idiotic, created by idiots. They demonstrate how anybody can claim to be an expert by telling everyone else to "take security seriously".https://twitter.com/Liberationtech/status/1212463610057895938 …
-
Show this thread
-
It's like in that Simpson's episode when Homer is afraid of getting fired, so he tries to make it seem like he's doing something important by going around telling everyone to "stop being so unsafe" and "safen up!".pic.twitter.com/NTDP9E003W
2 replies 1 retweet 13 likesShow this thread -
Let's look at number 1, updating devices. Yes, all else being equal, you should be updating devices. But updating devices has a cost. For the average person, the cost of keeping everything updated may be larger than the costs of not doing so.
3 replies 1 retweet 4 likesShow this thread -
"Updating" usually take's the #1 spot on such lists because it's the purest trope of "taking security seriously". It pretends that your risk comes from moral weakness like laziness, greed, pride, etc. The advice is that you be 'strong' in some fashion.
1 reply 1 retweet 7 likesShow this thread -
The #2 item on that list, "Strong passwords", come from the same trope. Stop being so weak, if only you were strong. Easily guessed passwords really aren't much of a problem.
1 reply 0 retweets 2 likesShow this thread -
Now, password reuse is a big problem. Password reuse is your #1 threat. Don't use the same password across your accounts. It's okay to use weak, easily remembered passwords and to write them down as long as YOU DON'T REUSE THE SAME PASSWORD ACROSS YOUR ACCOUNTS.
3 replies 4 retweets 22 likesShow this thread -
But people don't understand the order of things. They imagine security is about being morally strong, so they choose a big complicated password. Which, of course, they can't do for each different website, so end up reusing the same password everywhere.
1 reply 0 retweets 5 likesShow this thread -
As for #3, free public is fine. I'm using it right now as I type this. If all the websites you visit are protected by SSL, you are probably fine. Be wary of any website that isn't SSL protected.pic.twitter.com/2gsG2eZj5r
5 replies 0 retweets 12 likesShow this thread
Sure, web browsers are pretty good at using HTTPS properly. But you don't have to go too far back in time to find popular mobile apps that don't validate connections. Some quite important, such as mobile banking applications. One more reason to not install apps for websites!
-
-
This Tweet is unavailable.
-
This Tweet is unavailable.
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.