Difference between revisions of "Security Advice"

From Audacity Wiki
Jump to: navigation, search
(New page.)
 
(Made it a bit less geeky, assuming this is meant to be for users.)
Line 7: Line 7:
 
==General Advice==
 
==General Advice==
  
===Passwords===
+
===Logins and passwords===
  
 
* We STRONGLY suggest users use a different password for each different website you use. No matter how you feel personally about the value your account might provide an attacker, please make all your passwords different.  
 
* We STRONGLY suggest users use a different password for each different website you use. No matter how you feel personally about the value your account might provide an attacker, please make all your passwords different.  
* Use a second authentication factor when possible, preferably not using SMS text messaging, as it was recently deemed unsafe (as those in the telecommunications community already knew).
+
* Where possible, use a [https://en.wikipedia.org/wiki/Multi-factor_authentication second authentication factor] in addition to a username and password. This is usually some information only you know or physically have. Don't have information sent to you by the login provider as an SMS text message because this has recently been [https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html deemed unsafe] (as those in the telecommunications community already knew).
  
 
===Security Incidents===
 
===Security Incidents===
  
 
* Keep calm.  This is really important.  This is the time when you can easily be panicked into making a mistake that makes the problem far worse.  Hackers may have set things up in such a way that such a mistake is likely.
 
* Keep calm.  This is really important.  This is the time when you can easily be panicked into making a mistake that makes the problem far worse.  Hackers may have set things up in such a way that such a mistake is likely.
* Be paranoid, but kind.  Enquiries about the incident may be from hackers looking to get clearer information on what you do and don't know about the incident.  E-mails may be spoofed and not from whom you think they are from.
+
* Be paranoid, but kind.  Enquiries about the incident may be from hackers looking to get clearer information on what you do and don't know about the incident.  Emails may be spoofed and not from whom you think they are from.
* Don't use audacityteam.org emails for communicating sensitive information.
+
* Don't send any information about your accounts or logins by email.

Revision as of 16:19, 4 August 2016


Warning icon This is a work in progress on some security tips.


General Advice

Logins and passwords

  • We STRONGLY suggest users use a different password for each different website you use. No matter how you feel personally about the value your account might provide an attacker, please make all your passwords different.
  • Where possible, use a second authentication factor in addition to a username and password. This is usually some information only you know or physically have. Don't have information sent to you by the login provider as an SMS text message because this has recently been deemed unsafe (as those in the telecommunications community already knew).

Security Incidents

  • Keep calm. This is really important. This is the time when you can easily be panicked into making a mistake that makes the problem far worse. Hackers may have set things up in such a way that such a mistake is likely.
  • Be paranoid, but kind. Enquiries about the incident may be from hackers looking to get clearer information on what you do and don't know about the incident. Emails may be spoofed and not from whom you think they are from.
  • Don't send any information about your accounts or logins by email.