What are security best practices?

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

What are security best practices?

Postby mcarrara » Wed Sep 12, 2012 12:12 am

Since recently having my laptop stolen I have been on a crusade to up my personal security. I have been using Last pass for a couple of weeks on my computers. I have done the following to secure my computers:
1. Created a security email on a domain I own that I don't use for anything
2. Use Google two factor authentication with last pass
3. use at least 15 character password for all accounts
4. Never save my email or password when I log in to Last Pass.
5. Set Last Pass to log off when I close the browser.

To me there are two risks to my accounts, someone gaining physical access to my computer (like my stolen laptop) or someone 'hacking' my online accounts

Have I done everything reasonable to secure my accounts? Any opinions are welcome.

Mark
mcarrara
 
Posts: 7
Joined: Thu Sep 06, 2012 10:08 am

Re: What are security best practices?

Postby Lars » Wed Sep 12, 2012 12:24 am

I would say you have it pretty tightly secured.
Lars
 
Posts: 2577
Joined: Wed Jul 14, 2010 10:48 pm
Location: So Cal

Re: What are security best practices?

Postby JoeSiegrist » Wed Sep 12, 2012 5:17 am

[quote="mcarrara"]Have I done everything reasonable to secure my accounts? Any opinions are welcome./quote]

Just about -- you might want to consider also setting the idle timeout in LastPass Icon -> Preferences -> General
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: What are security best practices?

Postby mcarrara » Wed Sep 12, 2012 9:55 am

Thanks for pointer about the icon preferences. Now I have set them.
mcarrara
 
Posts: 7
Joined: Thu Sep 06, 2012 10:08 am

Re: What are security best practices?

Postby Bubbly » Wed Sep 12, 2012 11:50 am

Good going. I suggest looking firewall/anti-virus/anti-malware, especially if you use Windows.
Bubbly
 
Posts: 237
Joined: Fri Jan 13, 2012 12:45 am

Re: What are security best practices?

Postby mcarrara » Wed Sep 12, 2012 11:06 pm

This is probably heresy but I have no anitvirus software running on my computers. I haven't for several years. I think it gives users a false sense of security. I have not had a virus and only one incident of malware ( I do use malwarebyte to scan once a month). I see users at work that have some of the best AV software available Kaspersky and Sophos and they still get viruses. I do use a Sonicwall small business firewall at home.
mcarrara
 
Posts: 7
Joined: Thu Sep 06, 2012 10:08 am

Re: What are security best practices?

Postby Bubbly » Thu Sep 13, 2012 5:45 am

I have no good experiences with Windows and malware/viruses at all and millions of others do neither. It's best to get rid of known threats instead of hoping not to get them. I suggest you use a free one at least every now and then. It's better to do so before you become the victim of one of these little crappers, just like it would have been better for you if you had upped your security before your laptop got stolen. It won't always prevent stuff from happening, but it helps safekeeping.
Bubbly
 
Posts: 237
Joined: Fri Jan 13, 2012 12:45 am

Re: What are security best practices?

Postby kotor610 » Tue Sep 18, 2012 1:43 am

i would concur that unless you are a computer whiz and actively keep tabs on all your processes and network traffic, a anti virus is worthwhile. unless you never download anything(ever) you cant be certain. the software firewall and the hardware firewall are indeed your best proactive defense against viruses, but there are 50,000 viruses created everyday. and to say you know about all of them is foolish. i would run your antimalware at least once a week. and occasionally do a scan by another vendor, to see if it picked up anything your primary did not.

as for your email suggestions. first LastPass doesn't send password resets to your email so i am unsure as to your supposed benefits of using your own domain, the only thing i can think of is that it makes you a smaller target, but again that is only security through obscurity, which i don't hold much faith in.

my contribution to this thread is to increase the iterations used. it is defaulted at 0, yet LastPass recommends between 1-1000 with 500 as a healthy balance
kotor610
 
Posts: 25
Joined: Fri Aug 17, 2012 2:27 pm

Re: What are security best practices?

Postby Bubbly » Tue Sep 18, 2012 4:06 am

Exactly, although for iterations the default on old accounts was 1, newer accounts were random between 1 and 500 and since whatever date they're defaulted at 500. I think you're safe (no severe speed loss) to increase it to at least 1000, although I suggest more. Especially with new machines with stronger JS engines it won't bother you.
Bubbly
 
Posts: 237
Joined: Fri Jan 13, 2012 12:45 am


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 5 guests