In 2015 I led a short internal company lecture after we had issues with a ransomware. Looking at the slides five years later, I realize that having healthy browsing habits is still relevant.
If you work in the corporate world, it's possible that your company policy force you to change your password every couple of months. After the third time, you might be out of ideas often because of requirements such as:
- lowercase letters:
- uppercase letters:
- special characters:
@, #, \$, %, etc.
- minimum of 8 characters
And you can’t use passwords such as
Recommendation for passwords
To make my life easier, I use just two rules when creating a new password. Think for a phrase and change letters with numbers and symbols. The change is not arbitrary, and I follow strict rules such as the table below similar to the Leet or l33t system.
|A||4 or @||G||6||Q||9|
|B||8||H||#||S||5 or $|
Let me show you an example and choose the phrase:
The best wife :).
If we write
thebestwife the password will not meet the most popular requirements and the time to be brute force is 9 hours on an average home computer. The data is from Kaspersky password checker.
If we add capital letters, the password will be
TheBestWife which again won't meet the requirements and the time for brute force is 18 days.
But if we replace letters with numbers and symbols and spaces with underscores, the password will be
Th3_B3$t_W1f3 meeting the requirements and the time for brute force is 14 centuries which makes it unbreakable.
I love how accurate this image is. There is a wild jungle out there with all the ads. They say that we have a virus, we can have million dollars and other fantastic opportunities just a mouse click away.
Recommendation for ads
This can be handle easy with browser extensions or addons called ad blockers. My favorite is "uBlock Origin" and it support all major browsers.
I don’t mind ads and for some they are the only means for income, but on many websites they are too aggressive. I recommend whitelisting the good ones and punish the rest.
Classic title scam
example.com !== exampIe.com
You can see that on the right side we change the letter "L" with the capital "i". This is because of the font I am using in the blog, but change it to Arial and it will be undistinguished.
Others play with subdomains, for example,
firstname.lastname@example.org. In the hurry we can think email is coming from
example.com, but it comes from
Most of the time these email direct us to a login page from which scammers can steal our credentials or other sensitive information.
Recommendation for fake links
My recommendation is to save websites in the bookmarks and only open them from there or type them manually. Doing that will protect us from scam emails or fake links.
Following these steps will improve web browsing, but will not exclude the risk of threats. But practically all that is too easy, too important or too good might be a scam.