Well now that it is officially December, we can start getting ready for Christmas. If you are anything like me, you haven’t even considered Christmas gifts until now, and we are running out of time. No need to worry, we have you covered. In this blog, we will look at several InfoSec gifts that are perfect for your family.
My first suggestion is probably my favorite. LastPass gets its name because it is the last password that you will ever need to remember. Here is how it works: you set 1 really strong password to get into your ‘vault’ which then store the rest of your passwords to other sites. I personally use this password manager and love it. If you put a gun to my head right now, I wouldn’t be able to tell you what my password to my bank account is. Instead, I know my password to my LastPass vault and I had LastPass generate a 20+ character random string for my bank. Additionally, LastPass works well with your phone too, integrating with FaceID or TouchID to authenticate you. This is a great gift for those who use the same, weak password across every site or are constantly complaining about their accounts being “hacked.”
Now that they have all their passwords in the vault, it is time to really lock down access to that vault. Any account that is important to you should have multi-factor authentication to protect it. Multi-factor authentication requires you to know your password, but then take another step, like having a physical device to gain access. This way, if an attacker guesses your password, they will still have to possess the key, which is your second factor used to authenticate you. While there are apps that can do this (e.g. Google Authenticator), they are potentially less secure or less convenient. Enter Yubikey, which is a USB-based hardware token that you can use to add multi-factor authentication to any of your sensitive accounts, including LastPass.
If you have family members that use Macs, consider getting them Little Snitch for Christmas. Little Snitch is one of my favorite applications. It is a host-based firewall for macOS. When you first install Little Snitch, it will ask you about every inbound and outbound connection your Macbook is making. Over time, it remembers these choices and only allows connections that you have previously approved. This will prevent an attacker from making a new connection. Additionally, Little Snitch allows you to set different profiles, so that the connections you allow while you are home are not the same you allow at the Starbucks.
In today’s blog, we had a little fun and got into the Christmas spirit. Specifically, we threw out LastPass, Yubikey and Little Snitch as potential Infosec gifts for your family/friends. Let us know what you think! Did you end up getting one of these or is there a gift we forgot? Hit us up on twitter @TriaxiomSec or contact us.