# Important steps to take while frolicking around the Internet



## Khaiyote (May 23, 2016)

In the wake of recent events, I feel like this is a pretty important topic. I am by no means new to the internet, however I am not a tech savvy person either. If I can make something work technology wise, the last thing I want to do is start messing with it. However, it has been brought to my attention that something as simple as making sure your email is up to date with FurAffinity is an extremely important thing. Never in a million years did I think it was going to be an issue. I would love to see some examples of things similar to this, that people may not be thinking of, that is in all reality very important. I do not think it is very helpful to simply search the internet for this stuff, when I am not even really sure what I am looking for. Thank you everyone in advance for your time, and it would be great to see something official from FA about this once the dust has settled.

Things such as adding numbers and symbols to your passwords, using different passwords for each account, and keeping a physical copy of your sites/passwords all seem like some basic things that have been mentioned repeatedly for anybody who even attempts to make their internet experience safer.


----------



## Saiko (May 24, 2016)

You can compromise on the insecurity of a single password and the difficulty of remembering a billion of them by making up a tiered set of passwords which you use for different things. Have a throw-away password for random accounts or sites that aren't valuable. If there are digit sequences you like to tack on, you might leave them off for particularly unimportant sites or ones you don't trust to properly store the passwords (coughcoughfuraffinitycoughcough). Then have a couple secure ones for things like Amazon or Steam which might have a credit card associated with them. Use very strong and unique ones for your bank account, PayPal, and the associated emails; and turn on two-factor authentication for them (i.e. logging in requires a code texted to your phone). This gives you five or six passwords to remember, which isn't terribly burdensome; but you still keep your accounts isolated enough to protect your most vital ones.

Also, an easy way to create new passwords is to take a sentence you can remember easily (such as a quote you like) and yank out the first letter of each word. Sprinkle some caps in places you can remember, and you suddenly have a thirty character password that you won't forget. At that point you wouldn't even need numbers, though you're welcome to use those too.


----------



## Khaiyote (May 24, 2016)

Saiko said:


> You can compromise on the insecurity of a single password and the difficulty of remembering a billion of them by making up a tiered set of passwords which you use for different things. Have a throw-away password for random accounts or sites that aren't valuable. If there are digit sequences you like to tack on, you might leave them off for particularly unimportant sites or ones you don't trust to properly store the passwords (coughcoughfuraffinitycoughcough). Then have a couple secure ones for things like Amazon or Steam which might have a credit card associated with them. Use very strong and unique ones for your bank account, PayPal, and the associated emails; and turn on two-factor authentication for them (i.e. logging in requires a code texted to your phone). This gives you five or six passwords to remember, which isn't terribly burdensome; but you still keep your accounts isolated enough to protect your most vital ones.
> 
> Also, an easy way to create new passwords is to take a sentence you can remember easily (such as a quote you like) and yank out the first letter of each word. Sprinkle some caps in places you can remember, and you suddenly have a thirty character password that you won't forget. At that point you wouldn't even need numbers, though you're welcome to use those too.


Thank you!


----------



## darien (May 24, 2016)

I think XKCD explained this most concisely, so I'll go ahead and just leave this here:


----------



## Wakboth (May 24, 2016)

Note that the various mnemonic tricks and such are getting less and less effective in protecting your password. There have been some big password leaks that released huge amounts of actually-in-use passwords onto the 'net, and that has given the crackers an unprecedented opportunity to study how people actually create passwords, and to take that into account in order to narrow down the amount of random guessing they have to do. It's not yet at the point where any password you can easily remember is inherently insecure, but we're definitely heading that direction.

See, for example, this blog post by Bruce Schneier (who knows his stuff):A Really Good Article on How Easy it Is to Crack Passwords, and note that it's three years old. Things have gotten easier for password crackers since that.


----------



## ChromaticRabbit (May 28, 2016)

An important piece of 'Internet security hygiene' is finding the right balance between convenience and control. No matter how secure your passwords are authored or stored, it may not add up to much if an exploit can take advantage of a flaw in your web browser or an add-on or plugin to execute arbitrary code there or on your PC to do things that defy your will. These can range from exfiltrating identifying personal information for use against you in advertising databases to turning your PC into a botnet zombie doing the bidding of international organized criminals. 

Unfortunately, the more you lock down your web browser, the more some websites tend to be broken, and so, a usable world wide web is about finding the appropriate compromise and exposure to risk you're willing to shoulder, what your level of trust and comfort is with various sites and advertisers and networks to protect your privacy from other parties. On some sites, you are the product being sold, and so, for me, it's kind of a game to see how little of myself I can allow to be linked back to me or even my fictional characters online. Others can't be bothered to understand, much less care, how their control over their own information security all plays out and will continue to play out in the coming decades. 

A basic suggestion I'd make is to avoid browsers that don't give fine-grained control over what is run in the browser, what is shared, what is stored. I still tend to prefer Firefox, but then, that traces directly back to my use of JWZ et al's Mozilla in 1994; it's always been oriented toward "power surfers," I suppose.  If you use it, disable or instruct it to 'always ask to activate' before running plugins, particularly Adobe Flash or Java, if present. Take it a step further by installing the Add-On 'NoScript' to default-deny the execution of JavaScript, keeping in mind this breaks most websites, but reveals the degree to which they open up access to third parties.

It can be fun to give as little permanent access to outside servers as is necessary to make a site functional, though some sights will be unworkable altogether. Finally, consider another Firefox add-on like 'Ghostery' set to very locked-down settings to block trackers for Advertising, Site Analytics, "Social" Media, and so on. Peer warily upon sites that want to feed your activity back to Facebook, or require external centralized sites like discqus.com merely to participate in web commentary, etc. If blocking all sites seems too extreme or doesn't fit your preferences, find a pattern of use that does without trusting everything that comes along without question. 

E-mail is its own separate and deep topic, though suffice to say if you run an e-mail client on your desktop or mobile device, precautions are urgently warranted as this a major source of malware and other exposures. Being a citizen of the Internet requires constant diligence and continuing education. You may never be entirely safe, but it's usually still possible to avoid being an easy target. Good luck and trust nothing online to have your best interests at heart entirely, not even furaffinity.net's owners and external partners.


----------



## AsheSkyler (May 29, 2016)

Never use Facebook on the same browser you use for the rest of the internet. Or at least log out of the damn thing every time you're through. Scribd.com taught me that one when I went to log in to my Scribd account a few years back and I was greeted with all my personal information on display on their site. -_-;


----------



## Simo (Jun 1, 2016)

My way of staying safe is to have really horrible credit, and be flat broke. Nobody would wanna steal my identity, and they wouldn't find a dime to steal in money. 

Easy!

Well, only partly true 

But what they said as well.


----------

