PrivacyWiki

Guide:Resisting technological domestic abuse: Difference between revisions

Guide Discussion

Guide:Resisting technological domestic abuse (edit)

Revision as of 18:36, 18 June 2021

137 bytes added ,  2 years ago
adding media
VisualWikitext
No edit summary
(adding media)
Line 110:
While genuinely hacking a major online service like Amazon or Google is very very difficult, a much easier way way to compromise an account is to simply keylog the password while it is being entered by the legitimate account owner.<br> A keylogger is software which simply records everything that is type on a particular device and makes it available to the perpetrator. This of course includes all the private conversations you may have had (at least, your side) but it also means that all your passwords will be recorded (as you enter them using the keyboard). Keyloggers may be stand-alone malware, but keylogging may also be a feature of the aforementioned stalkerware.
======Countermeasures======
[[File:Logging in with 2FA on Wikipedia.png|thumb|A typical login screen requiring another factor, in this case a temporary password.]]
Best countermeasure against any password based attack is multi-factor authentication (sometimes know as second factor authentication). When you provide a password, this is considered one piece of evidence (a so-called factor) that you're authorised to access the account. A password is 'something you know'. However, if you simply add other factors (bits of evidence) to the authentication process, now you have a login which requires more than just a password; multi-factor authentication. The end result is that the perpetrator cannot log in even if they know the password, and they cannot keylog the temporary password, because it expires very quickly.<br>
In practice, the most common multi factor authentication method is an one-time password. This can take shape of a SMS message being sent to your phone with a time limited code or an authenticator app which calculates a temporary password using the [[w:One-time password|OTP protocol]].<br>
Line 121 ⟶ 122:
=====Normal phishing=====
You could also be a target of a more conventional phishing attack, where the perpetrator sends you to a website which looks like the target website, but in fact is on a different address. In these cases, the browsers will not popup a warning, because there is no man-in-the-middle being detected.<br>
The best advice here is to not blindly trust links sent to you. Instead, enter the web address manually in the address bar, and go from there. If you must follow a link, look at the page address in your browser, such as {{SERVER}}. Do not get distractedbydistracted by any anything after the address, even if it looks convincing.
=Setting up a safe computing environment=
While we cannot possibly anticipate every exact combination of technology-enabled domestic abuse you may face, we can help you set up a safe working environment that you can use for your essential computing needs without the fear of being spied upon or intercepted by the perpetrator.<br>
Retrieved from ‘https://privacywiki.xyz/wiki/Special:MobileDiff/15955