C. PASSWORD MANAGERS AND TWO FACTOR AUTHENTICATION (2FA) Even the most secure encryption is rendered null if your passwords are weak or compromised. A determined hacker can gain access to your accounts using “brute force” techniques that sequentially tries a database of common passwords, or by using old passwords found on one of several publicly available leaks. Create stronger passwords. This can be done by: • Combining upper, lower and alphanumeric symbols. The more complex a password is, the more effort it takes to expend, and even more so if it’s not a dictionary word. For example, the password “newspaper” can be cracked within 0.2 seconds, but “rewspapen” would take around 2 hours to crack. By comparison, “R3wsp@pen!” would need two full months of brute forcing to crack the password. You can use an online password strength checker such as Nordpass (https://nordpass.com/secure-password/) to check whether your password is secure enough. • Doubling up. Two factor authentication (2FA) is a secondary layer of protection that can be enabled on most email, social media and even banking platforms. It requires a secondary confirmation when logging into your account from a new device, and can range from a prompt on a 2FA app on your smartphone to an automated voice call or SMS containing the authentication code. Microsoft’s Authenticator (https:// play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_ZA&gl=US/0) app & Google Authenticator app are free to use and can work using biometric verification. • Use trusted tools to create a password manager. A password manager can simplify the creation and storage of strong, complex passwords without needing to remember all of them. The drawback: you need a strong, memorable passphrase to secure it. Apps such as KeePassX and LastPass allow you to generate and store passwords centrally and to automatically enter the correct password when visiting a website. • … and keyphrase. The obvious risk is that if your password manager is compromised, all your passwords are compromised too. A strong passphrase is essential: use a series of five or more words to construct a phrase you will remember. HaveIbeenPawened can be used to find out if a password has been compromised although ultimately this is the ultimate responsibility of the user to ensure that the password is protected. • Take it offline. There is nothing wrong with writing your passwords down, as long as you take extra steps to keep it secure. A strong password hidden in the margin of an old journal is much better than a weak password you can remember easily. D. SANDBOX ENVIRONMENTS AND VIRTUAL MACHINES When receiving electronic files or digital evidence of an unknown origin, it is important to take the necessary precautions to verify the safety of the files. Anti-virus and anti-malware scans should identify most threats, but for the utmost safety a sandbox environment can be used first. • Virtual machines. A virtual machine or VM is a virtualised environment created on your existing computer or laptop using specialised software. Think of this as a PC within your PC, one that you can reset as simply as pushing a button. If you maintain a fresh installation of Windows or Linux (even trial versions will work) you can access the files in an environment that keeps the rest of your work safe. VMWare (https://www.vmware.com/) and VirtualBox (https://www.virtualbox.org/) are popular options for setting these up. Page 14 A SURVIVAL TOOLKIT FOR JOURNALISTS