tantek.com

CSF_01: Three Steps for IndieWeb Cybersecurity

on (ttk.me b/5af1) using BBEdit

Welcome to my first Cybersecurity Friday (CSF) post. Almost exactly one week ago I experienced (and had to fight & recover from) a cybersecurity incident. While that’s a much longer story, this post series is focused on sharing tips and incident learnings from an #indieweb-centric perspective.

Steps for Cybersecurity

Here are the top three steps in order of importance, that you should take ASAP to secure your online presence.

  1. Email MFA/2FA. Add multi-factor authentication (MFA) using an actual Authenticator application to all places where you store or check email. Some services call this second factor or two factor authentication (2FA). While checking your email security settings, verify recovery settings: Do not cross-link your emails as recovery methods for each other, and do not use a mobile/cell number for recovery at all.
  2. Domain Registrar MFA. Add MFA to your Domain Registrar(s) if you have any. Optionally disable password reset emails if possible (some registrars may allow this).
  3. Web Host MFA. Add MFA to your web hosting service(s) if you have any. This includes both website hosting and any content delivery network (CDN) services you are using for your domains.

Do not use a mobile number for MFA, nor a physical/hardware key if you travel internationally. There are very good reasons to avoid doing so. I’ll blog the reasons in another post.

Those are my top three recommended cybersecurity steps for protecting your internet presence. That’s it for this week. These are the bare minimum steps to take. There are many more steps you can take to strengthen your personal cybersecurity. I will leave you with this for now:

Entropy is your friend in security.

Glossary

Glossary for various terms, phrases, and further reading on each.

content delivery network
https://indieweb.org/content_delivery_network
cybersecurity
https://en.wikipedia.org/wiki/cybersecurity
domain registrar
https://indieweb.org/domain_registrar
email recovery
A method for recovering a service account password via the email account associated with that account. See also: https://en.wikipedia.org/wiki/Password_notification_email
entropy
https://en.wikipedia.org/wiki/Entropy_(information_theory)
MFA / 2FA
https://indieweb.org/multi-factor_authentication sometimes called Two Factor Authentication or Second Factor Authentication
mobile number for MFA
https://indieweb.org/SMS#Criticism
web host
https://indieweb.org/web_hosting

Syndicated to: IndieNews