Waters Security
This web site is my attempt at providing my opinion on "best practices" for personal cybersecurity. I feel like much of the current advice has the following issues:
- Some search results sell security software or hardware, usually with indecipherable buzzwords.
- Some search results will be too advanced and directed towards a technical audience.
- On the other extreme, the results think too little of a non-technical audience. Now of course, much of cybersecurity is too complex for a general audience, such as the math for cryptography or computer networking. However, I believe the basic idea of, say, public/private key pairs can be understood. Without using any math, I still believe the basic cryptography concepts are interesting and make understanding the "best practices" easier.
- The onus should be on the user to the least extent possible. For example, preventing phishing or "spear-phishing" through user vigilance alone will ultimately be a losing battle.
- There is often a lack of discussion on recovery methods, i.e. the "I forgot my password" methods to recover your account. But a vulnerability in account recovery is as important as a vulnerability in the main account sign-in flow.
Here are the articles:
Crypto Basics - I first wrote a big long thing, then tried to put it down to the bare minimum of terms for symmetric encryption, asymmetric encryption and certificate authorities for a non-technical audience to read.