Web Browsing and Account Management - Part 1
Introduction
This is the second article in the in a series that presents an opinionated and hopefully simple way to protect your online accounts. To see the motivation as to why I'm writing this article, please see the previous article.
The Web Browser Choice
Continuing with the opinionated approach, we are going to setup the Chrome web browser. At the time of this writing the usage share of web browsers at Wikipedia reports that Google Chrome is used by well over 50% of individual's surfing the internet. Because of this large market share, many web sites are optimized to run with Google Chrome. This particular browser is developed by Google, its core software is open source so that professionals from all walks of live can review it for vulnerabilities and fix them quickly. The parts that aren't open source are developed by Google directly, and when you are using Google products the company is making money [1][2]. Because of this, it is in Google's best interest to invest heavily in some of the best engineers and security experts in the world to keep Google Chrome safe and free of vulnerabilities.
NOTE: This is the perspective/opinion of why this browser was chosen, there are many facts and other perspectives from professionals that can present a good case to counter this. But for the sake of ease, we will continue with the opinion/perspective listed above.
Downloading Chrome
If you are using a Chromebook, then I say congratulations to you! By default Google Chrome is already installed and you can skip this section.
If you are using Windows or macOS you will need to download Chrome from Google directly. If you click on this link: https://www.google.com/chrome/you will receive instructions on how to download the Google Chrome web browser.
Creating a Google Account - Optional
Creating a Google Account is mandatory for Chromebooks, but is optional for Windows and MacOS. While you certainly don't have to create an account with Google to move forward with this guide, it is recommended. And the reason being is that Google will allow you to seamlessly get access to your bookmarks, browsing history, and browser configuration on any machine that has Google Chrome on it once logged in. So if you have multiple computers in your family its a easy way to ensure a consistent experience on all your machines. In addition to that, Google will proactively monitor your account and let you know if someone/something is trying to get into your account that isn't you. Again see the opening opinion about why this is a good thing to have a company the size of Google keep their eyes on your stuff. You can create a Google Account (which comes with a free gmail.com email) by going to https://accounts.google.com/signup and following the directions.
Making Chrome Better - Extensions
Once install Chrome is a fantastic web browser with tons of great features, and a lot that happens under behind the scenes to keep your web browsing safe. But believe it or not, there are a handful of things that can improve your web browsing experience on top of this. Browser extensions can be installed to prevent ad's from being thrown in your face every time you goto a website, other extensions can be installed to prevent cookies from tracking your online activity. We are going to install two extensions HTTPS Everywhere and the LastPass: Free Password Manager. Please click on the two previous links and click install extension when prompted too, I will explain what they are and how they work in the next few paragraphs.
HTTPS Everywhere - What is it?
HTTPS Everywhere is an extension that monitors where you are trying to go on the internet. Specifically it checks the url you are attempting to go to see if it is using the https protocol. By default HTTPS Everywhere will not allow you to connect to a website that does not encrypt web traffic unless it's explicitly told its ok. As I write this I'm thinking about the reader responding, what is so important about https, encryption, and why do I care? From a technical perspective encryption is complicated, it involves math, computer science, standards and other many other things. However, I found a great illustration about why you want to use it a few years ago. Mariko Kosaka posted a diagram called "Why you should HTTPS" which depicts a communication from a buyer and a seller online. For illustrative purposes, once you have looked at the diagram think of yourself as the individual on the far left, and your bank or amazon.com being the store on the far right. In a nutshell HTTPS Everywhere helps stop you from getting into a situation where anyone can directly see what you're sending to websites. The result being your passwords, credit card information, email address, and whatever you type into said website is kept between the two parties.
LastPass: Free Password Manager - What is it?
LastPass is a password manager that encrypts your passwords and keeps them available to you online. The extension that I had you install will allow you to access all of your passwords, and will pre-populate the login information when a website asks for your credentials. LastPass is a freemium service, meaning its free forever but you can pay for additional features. For greater details on how it works, I figured it would be best to let the company describe it: https://www.lastpass.com/how-lastpass-works. Unlike the HTTPS Everywhere extension, this is actually a service so the extension requires an account with LastPass to work. So please create an account with LastPass. Once that is done, click on the extension to the right of the address bar in Chrome and login with your LastPass credentials. Once this is done - LassPass will monitor the websites you're going to and check to see if you already have an account. This extension will populate your login credentials on the sites you login to (which is why its important to make sure that all your communications between web sites is encrypted). When you go to create an account with a new website, then LastPass will detect whether or not you have an existing account - if not it will offer to generate a secure password for you.
The Browser - What have we accomplished?
If you've made it to this point congratulations! You have successfully installed a web browser, and two extensions that help protect your data online! Whats more when you visit a web site, only you and the website you're visiting will directly be able to see what is sent between your computer and the website. Secondly you now have a password manager that will create unique passwords for each website you create an account with. What does that mean? In the off change your bank account, email account, etc. becomes compromised your compromised password was unique to that single site. So you can have LastPass create you a new one for that website (a complicated one that you don't have to write down or remember) and as far as it depends upon you, your account should be secure again.
What is next?
In the next article we will be talking about multi factor authentication, using another free service called Authy this will add an additional layer of protection to your accounts.