8 Steps to Online Security Health and Restoral (15 Jan 2021)

Ryan

Note - This is the original advise that was posted on the Proboards forums some time ago. I am FULLY aware that a lot of this advice is no longer best practice and will be updating it shortly and would encourage any thoughts in the comments as well!

Ensure your PC/Mac is running anti-virus software and that the virus definitions are updated. Windows includes a free anti-virus package called Windows Defender and Apple provides very limited protection based on a lower risk profile however you can get a free Mac AV application such as Avira. You should strongly consider installing a free app by the name of Malwarebytes that can run in conjunction with your current AV software to check for additional malware that might of escaped detection from your primary AV software.
Ensure your mobile phones and tablets are secure as well. For Android devices, you can install AV software as you would with a PC and the aforementioned Malawarebytes is available as well. For iPhones, you’re reliant on Apple’s walled garden for security however check the iPhone (or iPad) for any unknown profiles that you might have inadvertently downloaded and installed (Settings - General - Profies or Profiles & Device Management); if using an iPhone provided by your company, there might be an Enterprise profile; don’t remove that.
Ensure your passwords are strong and change them as necessary. A strong password is one that can’t be readily ‘cracked’ - use a site like https://password.kaspersky.com to test the type of passwords you use and fast they can be cracked. If you have too many accounts and don’t want to keep track of all the various passwords, use a password manager. If using a PC, Lastpass is considered one of the best and in the Apple/Mac/iPhone world, 1Password is highly rated but both are cross-platform however. In either case, you must ensure you pick a master password that can’t be readily cracked or all your passwords could be compromised. If your passwords are weak or you use the same password for all sites, change them immediately, especially the passwords for Minecraft/Mojang, Forum (Proboards), Multiplay (if you have Clanforge), Twitter, Skype, Google, Facebook and especially Tapatalk if you use it to access all your forums including TF. NEVER use the same password for different accounts
Use two-factor authentication for services that offer it such as Google, Facebook, Twitter, Amazon, etc. An app called Authy can make it easer to use and includes tutorials - see https://www.authy.com/app/mobile/
At home, ensure your router/WiFi passwords are strong just the same as your online account passwords; you don’t want all your neighbor or drive-by hacker on your network.
On the road, avoid use of open public WiFi or if you must use it, consider using a VPN service that will fully secure your connection between your device and the VPN host. A service such as ExpressVPN is one of many. Do not use VPN services for nefarious activities as these services do not make you anonymous; they only secure your connection between your device and the VPN service provider. If you must use open WiFi without VPN, avoid doing any sensitive activities such as banking.
When reviewing emails or using Skype and files are sent to you for download, ensure you trust who sent it and scan the files for malware as noted above; files can also be surreptitiously downloaded in the course of web surfing.
If you do get breached, run the checklist again from step 1.

NOTE: When filling out the email address on your forum profile, avoid using an address that's used for your mojang, forum, skype, etc. It's possible for anybody to view that email address and than potentially try to hack it.

Additional suggestions can reviewed in the replies (feel free to contribute)

volleo6144

*yes, I know that those are also used in Japanese and for special purposes in Korea and Vietnam, but I don’t care right now, as clarity trumps technical correctness here and I don’t have a better name for it

[deleted]

Another little thing that I'd like to add: Don't pirate stuff, that is the easiest way to get a virus.

deleted

About 3 and 4:

Passwords are shit. I know it sounds weird, but they’re actually pretty weak, modern computing can do 1 trillion attempts in a second, breaking the most secure passwords in a couple of minutes..Modern 2FA is also not decent enough, as has been proven by simjacking. A FIDO2 device, preferably a NitroKey, due to the fact that it is FOSS, is actually a really good alternative to these and I would recommend buying one if you have the money. Most big services support it (but sadly, not discord.).

Use it everywhere you can.

EDIT: I really hope Flarum supports FIDO2 so we can use it.

StevenNL2000

deleted The minimalist nature of Flarum means that there is no built-in 2FA support whatsoever. As far as I can tell, there is no Flarum plugin that adds support for FIDO, although there is one for OAuth.

I personally use the YubiKey 5 NFC because it has every possible feature that kind of device can have, so you don’t have to manage separate things for FIDO, TOTP, PGP, etc.

Ryan

StevenNL2000 the closest one I could find which we’ve had for a while is one that doesn’t use a password and instead does one time links to your email to Auth you. Though how much you trust your email provider is then the next issue.

deleted

StevenNL2000 Neat, but I prefer NitroKey personally because

it’s already in the EU, so no huge shipping fees
GERMAN ENINEERING BISH
FOSS

StevenNL2000

Ryan It’s a bit awkward because it doesn’t ask for your password, so it’s not actually 2FA, just an alternative 1FA. It would be 2FA if you could make it require an email in addition to your password, but of course that’s not supported…