---
title: 'Security: Start today'
teaser: 'Simple actions can make a big difference in Security. What can we do today
  to make our lives safer?

  '
tags: beginner,security
author: Matheus Richard
published_on: 2022-01-24
---

Security, we know it's important, but let's be honest, it feels hard and is often overlooked. To fill some of those gaps, join me on an adventure to learn more.

We'll be talking about making our apps more secure, the common pitfalls, and how
to address them. Today, though, we're going to start working on ourselves. What
can we do today be safer on the internet?

## What can I do today?

Most of these are simple actions, but they have a significant impact on your
security, and the safety of your business/clients' data as well.

### Please, please, please! Don't use the same password everywhere!

If you're using passwords in multiple places, you depend on the security of 
the least capable of them. It's the weakest link principle: when the system 
with the worst security has a breach, **all** other accounts that use that 
same password are now compromised as well.

It's impracticable to have unique passwords for every account we have _and_ keep
track of all them in ours heads, so we're going to use a tool to help us. This
kind of tool is known as a **password manager**. It encrypts and stores all of
our credentials for different sites and apps in a safe place[^caveats].

[^caveats]:
    Of course, you still have to trust the password manager, and using any tool introduces risk. But provided you choose a trustworthy solution, your risk is greatly reduced compared to re-using passwords.

There's a bunch of them, with different features and prices (here are two
[popular][popular] [ones]). They integrate into your browsers, so it's easy to log
in to your accounts, generate new passwords, and handle two-factor
authentication.

Another nice side-effect of using password managers is that we can use longer,
more complex -- and therefore safer -- passwords.

[popular]: https://1password.com/
[ones]: https://bitwarden.com/

<aside class="info">
  If you want to know whether any of your passwords have been compromised, you can use
  <a href="https://haveibeenpwned.com">have I been pwned?</a>.
  Change the password for any app you're using that has been breached.
</aside>

#### What if I need to share my password?

The easiest way is using an organization account in a password manager. This is
a great approach for businesses, where it's common to share passwords among
employees. It's also good for sharing the credentials for that streaming service
with your family.

Now, say we don't have an organization account, how can we share a password
safely? If you're a developer, you probably can get by using something like
[GnuPG], but that's quite cumbersome. I'd suggest using an end-to-end encrypted
tool like [Keybase][keybase] (it's even better if it supports self-destruction).

[gnupg]: https://8thlight.com/blog/aaron-lahey/2018/10/23/sharing-secrets-with-gpg.html
[keybase]: https://keybase.io

### Disk encryption and why it matters

As developers, we often have to deal with sensitive data, like credentials and
private source code. Can you imagine what would happen if someone stole your
hard drive? That's the problem that [disk encryption] solves.

<aside class="warn">
  <strong>Important:</strong> Please note that encryption
  <a href="https://www.packetlabs.net/encryption-encoding-and-hashing/">is different</a>
  from encoding and hashing.
</aside>

When you encrypt your disk, the computer can only read the encrypted data after
you unlock it with a passphrase. So, if someone steals your disk, they won't be
able to read any of your data. This feature is available on most modern
platforms, so you can use it [on][on] ∙ [every][every] ∙ [major][major] ∙
[operating][operating] ∙ [system][system].

[on]: https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/#windows
[every]: https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/#osx
[major]: https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/#linux
[operating]: https://support.apple.com/guide/security/encryption-and-data-protection-overview-sece3bee0835/web
[system]: https://source.android.com/security/encryption
[disk encryption]: https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/

Be aware, though, that disk encryption **does not protect you against network attacks**.

### My laptop was stolen/lost. What should I do?

There's very little you can do **after** you lose your laptop, so it's better to
be safe than sorry. As a precaution, use a remote tracking tool like [Prey] to
keep track of your devices (it is also available for mobile devices), and in
case of theft or loss, wipe your data out.

[prey]: https://preyproject.com/

## Next steps

This article is mainly focused on what you can do for yourself, but in the
following posts we'll dive into application security topics like HTTPS, CORS,
CSRF, SQL injection, common security breaches in apps, and how to prevent them.
Stay tuned!