Edward Snowden knows a thing or two about online security. We can guarantee his password isn't "123456" (we tried it on his Facebook account - no luck).
Still hiding out in deepest darkest Russia (Moscow), the NSA whistleblower met with The Intercept's Micah Lee to discuss how to reclaim your online privacy.
He provided the following four steps that anyone can carry out without a detailed knowledge of encryption systems or computer programming.
Thanks, Ed. Now on an unrelated matter, what was the name of your first pet? And your mother's maiden name?
(Images: Shutterstock, Rex)
Encrypt your phone
"The first step that anyone could take is to encrypt their phone calls and their text messages," says Snowden.
The easiest way to do this is by downloading the free app Signal. Developed by Open Whisper Systems, it prevents 'adversaries' (anyone a message or call isn't intended for) from accessing your calls or texts. The person you're interacting with has to have Signal installed as well.
Encrypt your hard disk
Obvious, but Snowden is adamant that not enough people encrypt their hard disks or computers.
"If your computer is stolen the information isn’t obtainable to an adversary - pictures, where you live, where you work, where your kids are, where you go to school."
You can read Lee's guide to encryption here.
Use a password manager
"One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps," explains Snowden. "Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account."
A system like KeePassX can generate passwords and manage your various accounts without fear of other people accessing it. Give it a go.
Use two-factor authentication
Services and domains like Gmail, Facebook, Twitter, Dropbox and GitHub all offer something called 'two-factor authentication': should an unknown device access your account with a legitimate password, you'll receive an email or text asking you to verify the login.
"The value of this is if someone does steal your password, or it’s left or exposed somewhere… [two-factor authentication] allows the provider to send you a secondary means of authentication - a text message or something like that."
[Via: The Intercept]