Coming soon will be guides on improving your security, soon I will take a look at protecting your accounts from takeover. Aiming these guides at the home user who is curious, I want these guides to feel friendly and to explain things from my perspective, how I do things. I don’t want it to feel similar to every other guide on the internet, so I plan to take readers through security tools then hopefully explain to you how an attack would work. This will allow us to piece together how the methods might throw a spanner in the works for an attacker.
We will go over passwords… What makes a good password? We will take a look at the UK’s National Cyber Security Centre and its three random word recommendation, then compare it to using a password manager. After we learn how we can create strong passwords, I will take you to the offensive side and look at how attackers go about breaching accounts. Lightly touching on offline vs on-line brute-force, going over lockouts again and more.
Next we will investigate Multi-factor authentication, how effective really is it? Does it have any vulnerabilities and how can I mitigate those? Why should we use it if we have super strong passwords? I won’t demonstrate an attack against MFA as I don’t yet have that understanding, but we can explain the different ways of authentication. Compare methods of implementing MFA (SMS, App, Email, Security key etc.) We can then link this to weaknesses with passwords and see how this helps counteract those.
Then we can look at phishing, as it is a big problem with passwords and one of the issues our MFA works to improve. We can go over some phishing attacks but also look at the broader general social engineering (con games) tactics. Pull up some case studies and look at them, I really want to emphasise on why we fall for these things… People use terms like “stupid” or “idiot” to describe some victims, this is not the case and does more harm to our Security culture. After that long chit-chat about victim shaming, ill get some examples of malicious messages and detail the red flags. Then we can see how these attacks increase in complexity based on the attacker’s skill and just quite how professional some are.
Phishing and social engineering will be a long talk, there’s just so much to cover on them as they represent the two most likely attack vectors against both businesses and individuals. Both can ultimately render our password and MFA useless if carried out correctly.
This should be coming in the next month or two, I’m using this as a plan but really want to deliver some unique and quality content. I will be starting off with home guides for the user who just basically watches videos, sends emails and plays games, this is because that’s the majority of people out there… Encryption, Federations, Zero Trust and things like that do not affect these users like they do IT workers. Encryption I will certainly touch on at some point however, there is a basic level of understanding I think everyone should have as it will help them stay safe. There’s more I want to explain but won’t until I have gone through the content with my viewers.
I’m looking forward to developing these guides, there’s a lot out there but I’m hoping I can offer something unique and most importantly something you’ll remember.
“Just because they’re aware, doesn’t mean they care”
Hope to see you here soon, stay safe!