The best solution for the most people.
On this page, you’ll find guidance on cybersecurity best practices that anyone – regardless of experience – can implement to make their online life safer and more secure.
This guidance comes from the Electronic Frontier Foundation (EFF), long considered the standard-bearer of all things cybersecurity.
Consumers should use a 4-6 word DiceWare passphrase to unlock their phones, tablets, and desktop computers. This strong passphrase should be memorized or written down and securely stored.
DiceWare is considered a rock-solid technology, but hasn’t yet found popular acceptance. As a consumer product development practice, Loistava doesn’t make technology. Loistava makes technology popular.
Our next product is an updated, physical, modern version of DiceWare designed for wide distribution.
Logging In To Online Accounts
The era of memorizing passwords in bulk to log in to online accounts is over. We are now squarely in the era of the Password Manager, an elegant and amazingly effective solution. Consumers should use a high-quality Password Manager, either built-in to their browser or a standalone application.
Password Managers create long, truly complex passwords composed of random characters that look like r8:W3=7uU0VpcS; impossible to remember but — that’s the point. Consumers should use a DiceWare passphrase as their master password for their Password Manager. Correctly using a high-quality Password Manager means ordinary consumers are:
- Free from the chore of thinking up passwords.
- Free from the burden of memorizing passwords.
- Free from the worry of forgetting passwords.
- Free from the bother of typing passwords.
- Free from the hassle of frequently resetting passwords.
Using a Password Manager also massively shortens the length of the interruption in the consumer’s “flow” as they use a website.
By locking their devices when they walk away from them, and correctly using a Password Manager, consumers don’t even need to know what their passwords are. Typical users can eliminate 95% of the pain of passwords. Right Now. Today. Not sometime in the future. This is our current reality.
Paper Password Storage
As attractive as this solution is, some consumers don’t trust Password Managers, or simply don’t want to use them. Their best bet is to write their passwords down and securely store them. Some consumers will use a combination of techniques, writing down and securely storing passwords for their most sensitive accounts, and using a Password Manager for their other online accounts.
Although perfect bound books are used most frequently for paper password storage, we’re developing a compact, multi-ring binder which provides a separate page for each online account. This approach provides users with greater flexibility to add or remove pages and to alphabetize or otherwise sort their password pages.
Multi Factor Authentication (MFA)
Consumers should enable MFA on every online account which offers it. MFA isn’t perfect, especially “legacy MFA” systems which use SMS text messages to deliver security codes to consumers.
But even “legacy MFA” is better than none at all, and consumers are familiar with it. MFA which uses physical security keys is the best solution currently available.
People Using Passwords With Computers
People Using Passwords With Computers began at scale in 1961. Within weeks the policy change at the Massachusetts Institute of Technology (MIT) went sideways, with users writing their passwords on small pieces of paper and leaving them at their workstations, or sharing passwords with their coworkers.
Within 18 months the entire list of passwords was compromised. Over the decades since then, the very highest-level thinking about passwords has changed radically. People Using Passwords With Computers has been replaced with Computers Using Passwords With Computers, While A Human Looks On.