Given the recent FurAffinity takeover (see WikiFur article specifically “2024 hijack”), I believe its important that we all collectively take a moment to check our security settings and make sure our accounts are well secured.
This blog post is going to be a general one about online account security, however it goes without saying that you should always keep in mind what you do and say online including separating your furry/online stuff from your real life stuff so that nothing draws back to the other and vice versa.
First off, I’m going to walk you through my usual stuff. I haven’t had any incidents yet but that could change any time; the same goes for you all.
Get a password manager
This step is absolutely essential and you cannot skip it, in my opinion.
There are several password managers available today, in no particular order (copy and paste in URL bar):
- BitWarden (https://bitwarden.com/, open source)
- 1Password (https://1password.com/, closed source)
- Dashlane (https://www.dashlane.com/pricing-personal, open source)
They have browser extensions available too.
N.B.: Open source means something is easily accessible. That’s simplifying the explanation a lot, essentially it means anyone can audit the code and look out for malicious or otherwise bad code that could affect users’ security and/or privacy.)
I can’t recommend any specific one, but they all have free and paid plans depending on your needs. (1Password offers 30 day trials and if you like the product you can subscribe to the service.)
Using a password manager instead of your browsers built-in password storage guarantees that no matter what, in the event of browser compromise or similar your passwords won’t be affected. Additionally password managers often offer more secure defaults e.g. randomising your passwords and storing them for you so you don’t have to remember them among other things.
Export and replace your passwords with more secure ones
If you’ve used the Chrome browser up to this point for saving passwords alongside your usual browsing activity (we all see that e621 page…), and want to transfer/export your passwords to a password manager, here is a guide on the Google site: https://support.google.com/chrome/answer/95606
Scroll down until you see “Show, edit, delete, or export saved passwords”. It will show the following:
To export passwords, follow the instructions on number 3.
The instructions for importing passwords to your password manager will vary, so for ease of use I’ve linked the instructions for each one:
- BitWarden (https://bitwarden.com/help/import-data/)
- 1Password (https://support.1password.com/import/)
- Dashlane (https://support.dashlane.com/hc/en-us/articles/360004101920-Import-your-data-into-Dashlane)
Now what?
“Now what?” indeed.
Once you’ve imported your data into your password manager, go through each and every password and change it to something more secure. Answers vary wildly on how long the password should be, how frequently you should change it, whether it is random etc: the point is NO PASSWORD REUSE at all whatsoever. That’s how most data breachs happen.
Once you’ve changed them all… congrats, you’ve just made your accounts more secure!
But that’s not all.
2FA
Many sites offer 2FA (two factor authentication) nowadays. Why is that important? Lets use a basic analogy here:
Your house has a lock, right? That lock represents your password. It’s fine enough. What if you added a second lock to it, a lock that changes every minute or so? And no one could guess what the second lock is due to that!
That’s basically what 2FA does, and it’s highly secure due to the unpredictability factor (lock changing every minute or so). It’s less exploitable than the average “we’ll text you a code to get in” message.
Most password managers offer this option in some form. BitWarden and 1Password definitely do this, I don’t know about Dashlane. However if you want to use 2FA separately (and I strongly recommend this), there are some apps out there as well:
- Aegis Authenticator (https://getaegis.app/)
- Authy (https://authy.com/), note you cannot export 2FA codes if you want to change authenticators
- Etc…
There are many, many others out there. A word of warning: please do research on your desired authenticator before settling on it!
Once you’ve got your 2FA app up and running, its just a matter of finding the 2FA option on your favorite sites and activating it via pointing your phone camera at the QR code and scanning it – or in the rare cases you don’t have a camera or it doesn’t work, sometimes these sites will offer a 2FA manual key for you to input into your app of choice. These sites will ask you to verify that you’ve set it up correctly by getting a 2FA code and inputting it into them.
Thats it?
Yes, more or less. You should keep in mind that its important to be careful about how much you share online and when, as bad actors can and will spend hours of their day trying to find the most irrelevant details about you so they can dig up something from your past.
Ultimately, the best security you have is yourself. Try not to overshare in public spaces and you’ll be fine.
Stay safe and be well!