Andrew Han
11 Feb 2020
One of the most important aspects of your digital security is having a secure password. This is because a password is the direct line of defense against hackers and people who seek to invade upon others' privacy. However, not all passwords are created equal; the majority of 8-digit passwords only containing numeric characters can be cracked in 3 milliseconds or less (1). Fortunately, by increasing the password length or using a variety of different characters - such as symbols and lowercase and uppercase letters - this can be improved. For example, a 12-character password that incorporates uppercase and lowercase letters, numbers, and symbols would take around 50 thousand years to crack. Although some find it irritating, there is a good reason why some websites only let you create a password that passes certain requirements, like password length and character variety: in order to make sure their users are safe from digital attacks. What these websites don't do for users, however, is make sure that the password is not a commonly used one. Even if a password meets the criteria of the website, if it is one of the most common passwords, hackers can easily use password databases to crack it. Therefore, users should be careful to not generic passwords like "password123".
The security of a user's password is irrelevant if the website being used is not a secure one. Administrators of websites should also be wary of the steps they need to make in order to protect their users. A crucial component of website security is HTTPS, or Hypertext Transfer Protocol Secure, which is in simple terms a more secure version of HTTP. The way it achieves this is by encrypting all data sent from and to the website to the client (user's computer) (2). This prevents hackers from tapping into the connection and being able to read all of the data that is transmitted, such as passwords and personal information. HTTPS websites also need to acquire a security certificate from a certificate authority in order to verify that the website is from the organization it claims to be. For users, HTTPS websites are a way to make sure that the website they are visiting, be it a banking website or an online forum, is genuine and trustworthy.
Much like how actual firewalls prevent fires from spreading, digital firewalls block harmful information coming in from the internet or networks (3). One of the most common ways they do this is through something called "packet filtering". Essentially, the firewall analyzes each "packet" of data coming in from the outside source to check for anything that is potentially malicious and dangerous. Anything that is recognized as a harmful packet is filtered out, but lets the other packets pass through. "Stateful inspection" is a newer method that compares the key parts of the data being transmitted against databases of trusted information to check if they are safe or not. This is not the only way firewalls can be used though. They can also be used to block traffic from specific websites and IP addresses. For example, the TDSB uses firewalls to block certain websites and apps on its Wi-Fi networks.
Antiviruses protect computers from viruses and other malicious programs. Whenever you launch a program on your computer, your antivirus (if you have one) checks to see if the program contains a known virus (4). They also do "heuristic checking" to test for a potentially new computer virus. You can also do a full scan of the existing programs within your computer to check for other viruses. When they do catch a virus, antiviruses usually "quarantine" the program; that is, they segregate the program from the rest of your computer file system so that they cannot do any damage. Then, the user can decide if they want to delete it or the antivirus software does it automatically after it catches the virus. However, though antiviruses are helpful in catching malicious programs, they are not foolproof. No antivirus software contains a full list of every computer virus in existence, because of the sheer number of them and the fact that there are malicious programmers constantly creating new ones. In what's known as a zero-day attack, these viruses can infect your computer without your antivirus knowing. Another flaw of antiviruses is that they often flag false positives: programs that the antivirus says are harmful but are actually benign. One extreme example was when Microsoft Security Essentials, an antivirus for Windows 7, flagged the Chrome browser as a virus. This caused the user to not be able to use their browser unless they manually whitelisted the program. This is why users, on top of having an antivirus from a reputable developer, should be mindful about what kinds of programs they install on their computer and the fact that antiviruses are not a one-click cure for all malicious programs.
(1)Collider, Hadron. "How Secure Is My Password?" How Secure Is My Password?, howsecureismypassword.net/.
(2)Hoffman, Chris. "What Is HTTPS, and Why Should I Care?" How, How-To Geek, 15 Oct. 2018, www.howtogeek.com/181767/htg-explains-what-is-https-and-why-should-i-care/.
(3)Tyson, Jeff. "How Firewalls Work." HowStuffWorks, HowStuffWorks, 24 Oct. 2000, computer.howstuffworks.com/firewall1.htm.
(4)Hoffman, Chris. “How Antivirus Software Works.” How, How-To Geek, 26 Sept. 2016, www.howtogeek.com/125650/htg-explains-how-antivirus-software-works/.