I've decided it's time to ramp up my online security and I know there are a lot of very competent people on this forum, so I figure this is the best place I know of to ask some questions. I was also thinking it might be an interesting exercise to see what people consider my vulnerabilities to be and what approaches can be taken to plug the leaks. This is a bit long so sorry for that but I wanted to make sure I covered everything.
So, the situation is thus:
I have 3 main internet access points. My home PC, my work PC, and my iPhone. I have a bajillion different websites and online accounts with passwords. There are very few sites where I use auto password features as I figure I'm better off forcing myself to remember passwords so I can still access things if I'm not using one of my main computers. I do use different passwords for almost everything, but they're not that different. I have a few basic templates with some variation based off of something about each website so I can generally always figure out what my password is even when I can't remember. Different types of accounts have different levels of complexity, ie: forum passwords are a lot less robust than financial sites. That being said all my passwords are basically shit, as I semi-knew, but finally really accepted when I started running them through this:
http://www.passwordmeter.com/At this point you're all thinking "Use KeePass dummy", which I've been considering but I'm unclear on a few points and their FAQ didn't really help. It sounds great when I'm sitting at my home PC and have my password DB all set up and good to go. However I'm not sure what happens when I'm not there. My work PC isn't really all that important, my work isn't very sensitive, but I do need to be able to access a range of different e-mail accounts while I'm there. That's easy now because I know the passwords, but if I use Keepass to make super safe passwords what do I do then? Can I have a shared DB on the two computers or put it on my USB stick or what?
And what about my phone? I have a bunch of email addresses I need to be able to access from my phone. I have my accounts set to auto login on it so I don't have to enter all the passwords every time I refresh my inboxes. I also have my GPG private key on my phone so I can decrypt any emails I get using encryption without needing to be at home. I have the phone PIN protected and it's set to erase all the data after 10 failed entries. I figure that's pretty good protection in the event my phone is lost or stolen so I don't worry about the email passwords being discovered, and I don't have to worry about my GPG key being compromised. I can make robust passwords and set them up on the phone but how is that info secured within the iTunes software that backs my phone up? Is it possible for someone to get my passwords via that channel? Of course at that point someone is already in my home sitting at my PC so I've maybe got bigger problems if it's gotten that far lol.
I also have an online poker account that I run a certain amount of business through. The poker client itself is pretty secure with a password level and an RSA token level so I'm not too worried about the client itself. Most poker account hacks happen when someone's email is compromised and the attacker uses the e-mail address to have the client password reset. I combat that by having a unique e-mail account that is used solely for the purpose of communicating with the poker site. No one knows that address but me and the site so that should be pretty safe, you can't attack an e-mail account that you don't know exists to the best of my knowledge. That e-mail address is linked to my phone, and needs to be as I need to know when I get fund transfer confirmation emails and stuff like that, but I think I'm ok there due to the PIN protection I mentioned in the last paragraph.
Lastly is a question about my home internet connection. I have a wireless router, which I'm actually plugged into via cable as I need the reliability, but it's still sitting there broadcasting. The big problem is it is not password protected. The bigger problem is that it's firmware is in Korean (I live in Korea so that makes sense) which I don't read so I can't set the password. After a lengthy e-mail exchange with the manufacturer it's been determined there is no way to change the language to English. Apparently a special manufacturing run for Korea only so no way to make the change. How big a concern is that? Yes the neighbours can use my internet but how much at risk am I of someone accessing my PC? From a technical standpoint I should say, my risk of someone actually bothering because I have something they want is pretty low, but random hacker neighbour might be a concern.
Now, all that being said, and thank you if you bothered to read it all, what can I do to improve my situation? Are there any factors I'm not considering, things I'm worried about that I don't need to be, or places I think I'm safe but really just aren't.
