Read on Twitter
So, you got arrested protesting in Seattle and a news organization is about to dox you: a (thread) guide to protecting yourself.
First: Your email is *the* key to your online security, b/c your password reset emails go there. 1/12
First: Your email is *the* key to your online security, b/c your password reset emails go there. 1/12
Set a strong new password for your email right now. Make a new, 4-5 words (random words, not a quote) password. Write it down on paper. (We'll fix the paper later, but this will get you started.) Here's how on Gmail: https://support.google.com/accounts/answer/41078 Leave more space on that paper.... 2/12
Then download Authy (or Google Authenticator). It's a "second factor" holder, meaning you'll need your phone to log into things on the Internet; it keeps your account safe from password guesses. Here's the link for Authy: https://authy.com/download/ Set it (or Authenticator) up. 3/12
Then, enable 2FA on your email. Here's how for Gmail: https://support.google.com/accounts/answer/185839 Use an app (like Authy) or a push notification from Google, not SMS, because SMS can be taken if someone asks your cell provider to "activate a new phone." 4/12
Then change passwords and enable 2FA on your social networks that you use. Here's how on Facebook: https://www.facebook.com/help/148233965247823 Twitter: https://help.twitter.com/en/managing-your-account/two-factor-authentication Instagram: https://help.instagram.com/566810106808145 For each, make a new strong password (and write it down on paper), enable 2FA... 5/12
... and change your "security questions" to lies. Write those on the paper, different for each site. Then, change your passwords and "security questions" on any other email, banking, and cell phone provider websites. Then breathe; the worst is over. 6/12
After breathing, it's time to set up a password manager. There are only two good options: 1Password ( https://1password.com/ ) and LastPass ( https://www.lastpass.com/ ). 1Password is nicer, and it can hold your 2FA tokens (like Authy), but it costs money; LastPass is free. 7/12
Set up your password manager with a *very* long, new password; think 6-7 words (not a quote though!). Install it in your web browser, on your phones, everywhere. Then take all the stuff you wrote down on paper and enter it into the password manager; one entry per site. 8/12
Going forward, as you log into sites, notice if you're using an "old" password or a "new" one. If it's old, use the password manager to generate a new one; you won't remember it, but you don't have to (that's what the password manager is for), and enable 2FA as well. 9/12
Bonus points: call your cell phone provider and set up "port-out protection" with a long password that you can generate and store in your password manager. VZW: https://www.verizon.com/support/port-out-faqs/#setup-freeze T-Mo: https://www.tomsguide.com/us/tmobile-port-out-scam,news-26574.html AT&T: https://www.tomsguide.com/us/att-port-out-scam-warning,news-26707.html 10/12
Finally: this is just what to do AQAP. Before your next protest, check out @EFF's guide: https://ssd.eff.org/en/module/attending-protest. Also write down your local @NLGNews number for jail support: in Seattle, it's 206-OK-TRY-ME. 11/12
For further reading: https://ssd.eff.org/ , @VioletBlue's https://nostarch.com/smartgirlsguide , and don't ever talk to the police without a lawyer present. You don't have to give your passwords to the police, but they can make you FaceID/TouchID. So disable it.
DMs open for Qs. 12/12
DMs open for Qs. 12/12
Oh, and if you're a news organization and JAQing off about people arrested by a deeply racist, violent policing group who HAVE NOT BEEN CONVICTED but who you're doxing anyway (because "it's a public record! Mah free speech!!!one!)... you discredit real journalists with your spew.
A brilliant colleague of mine pointed out that “random string generated in your password manager” is preferable to “lies” for your security question answers! She is entirely correct; once you have a password manager set up, you can use its random strings for *everything*!
