Twelve Commandments for Internet Security

A reader asked in a comment to my post about unsafe password managers:

So, what is the solution?

It is a good question and prompted me to write this answer.

My Recommendations With Regards to ‘Evil Password Managers’

  1. Always keep in mind that the internet is dangerous and there is no security available and never will be. Because:
    All technical solutions to safety, secrecy and security are for phishers, gangsters and secret services what is sh*t for flies.

  2. Distribute your money between several bank accounts at different banks. So if one account is hacked, you will still keep a big part of your money.

  3. For bank accounts, keep a unique password or -phrase for every one which does not resemble any of the others.

  4. If you cannot keep these in mind, write them down onto a sheet of paper.

  5. Write them down with a simple encryption which you can remember and calculate easily in your head. So in the rare case that somebody finds it by chance, he still cannot take your money.

  6. Hide this sheet of paper somewhere in your home. Maybe glue it into a book or the like.

  7. Use an extra computer for doing banking related stuff. Use this computer for nothing else. Do not surf the web or read mails or watch %/*%/@&* on this computer.

  8. Keep it switched off all the time when you don’t need it.

  9. Run an obscure and seldom used operating system on the extra banking computer.

  10. For all medium important stuff – non-banking and not really important but quite annoying if hacked – build a base password or passphrase. Modify this slightly for every of these accounts.

  11. For all fun stuff – accounts where you could live well with them being hacked – use one and the same simple password for all of them.

  12. If I needed to do communication that must stay secret under all circumstances – for example being a freedom fighter in a state run by criminals – I would not use the internet or a phone or any technical thing at all. I would do extremely delicate communication only face to face in real life.

I can not claim that my methods are safe. Because – see point number one above – nothing can ever be safe.

But in my view, my methods are much much safer than using any kind of password manager or things like TOR or encryption algorithms which I do not understand.

What do you think about my solutions to evil password managers? Do you have better ideas? I’d love to hear your opinions.