Holiday season is coming up fast, but what could you buy for that special person in your life to keep them safe and improve their security? Well, the following ideas can help everyone, from regular folk to die-hard cybersecurity geeks.
There’s a ton of great books on the subject of Cybersecurity, but you don’t want to be reading a user guide as you’re tucking into leftover Turkey sandwiches. Here, I’ve chosen three books that focus on the stories behind people that made their mark and have changed the world.
Ghost in the Wires by Kevin Mitnick – the incredible story of a hacker that started off as a curious tinkerer, ended up on the run from the FBI and made full use of his hacking skills to stay one step ahead of the Feds. Probably the world’s foremost expert in Social Engineering, Kevin is informative and entertaining and truly inspiring.
Exploding the Phone by Phil Lapsley – before computer hacking, there was phone phreaking. Curious phone phreaks reverse engineered the telephone network to get free calls, access undocumented features and call high profile figures.
Hackers by Steven Levy – profiles the beginning of the hacking scene borne out of curious MIT students in the 1950s, through to Microsoft founder Bill Gates and Apple founder Steve Wozniak and many others who shaped the world we live in today.
Hardware Security Keys
One of the best ways to increase your security is by adding additional verification factors to your logins. This is typically called 2-Factor Authentication (2FA) or multi-factor authentication (MFA). Some methods are easier to manage like SMS or Email but if you want the gold standard of security you really want a hardware security key.
Security keys come in a range of shapes and sizes and contain a securely designed chip that stores a unique cryptographic secret. Depending on the model, these can work with your PC, phone or tablet via USB, Bluetooth and NFC. Once connected, you can register the key alongside your login to create that extra layer of security.
The technology is supported by many popular websites and support is growing. Look out for websites and devices that support U2F (Universal Second Factor) or FIDO2 (Fast IDentity Online). There are a lot of great options for keys out there and I’ve laid out my favourites below…
Yubikey – probably the market leader in my eyes, and manufacturers of great kit. Yubico were founded by XXX back in 200X and have really been a huge driver in the apron of the technology. They’ve got a huge range of keys depending on whether you want to support USB A for PCs, USB C for Macs or Android phones, Lighting for iPhones or NFC for mobile devices. You’ll get a good device with a price of $20 in the basic Security Key but if your budget stretches a bit further the flagship device is the Yubikey 5 Series at around $50.
Nitrokey – The security community on the whole prefers open source solutions. This typically means that the code is publicly available, which allows anyone to view the code and potentially spot and fix flaws making the solution more secure.
Nitrokey provide an open source security key and not only is the software open source but also the hardware designs are publicly available for anyone to view, scrutinise and use. Again, Nitrokey have a few models depending on your needs but the Nitrokey Fido 2 at €29 is the one to get.
SoloKeys – another open source option that also has a version shipped in “hacker” mode, the keys start at £17 / $20 and are great value. The most interesting model however is the tiny Somu that barely sticks out of a USB port, and it’s only £30 / $35.
Google Titan – Last up it’s worth mentioning Google’s own hardware here. Again, it’s a closed source offing and comes in a bundle with a USB key and a Bluetooth dongle for £50, or a small single USB-C key for £40.
So there’s a lot of great options, and you won’t go wrong with any of them but when you’re thinking about budgets there’s one thing to bear in mind. If you setup your website accounts so that you need a key to log in, what happens if you lose the key? Sites will always have a process for this situation but it could be painful and time consuming, most sites however let you register multiple keys. So, if your budget stretches to it, consider getting two keys (they don’t have to be the same brand) or at least bear in mind your recipient may wish to get a second.
Password Manager Subscriptions
The average web user these days reportedly has 70-80 passwords to remember, so how do you remember all of those passwords? Well, actually – the best way to handle the situation is not to remember them. Password managers can help you generate secure passwords, store logins and secret notes and even share passwords. It’s also a space that’s become quite mature in the last few years and there are some great choices…
Dashlane – a great password manager with some interesting extra features including a VPN and “dark web monitoring”. There’s a free version but anyone serious would want the Premium offering which is $39/year and can be purchased through their handy gift facility that lets you send Dashlane as a gift.
Last Pass – another top notch solution, perhaps with less shiny features but actually with some great practical ones. The secure password sharing capacity is marvellous. They make gifting a little more awkward by insisting that you login but there is a gift option.
1Password – another great option for remembering your passwords that will also check and monitor to see whether your password has been leaked in a data breach. Their approach is to let you buy 1Password gift cards in $25, $50 or $125 but the services only costs a manageable $2.99 month for the individual subscription.
Cryptocurrency Hardware Wallets
Now, these are only really relevant if someone holds any cryptocurrencies like Bitcoin, Ethereum, Litecoin, Ripple, etc. but you’d be hard pressed not to find someone into cybersecurity that either hasn’t played with cryptocurrencies or isn’t interested in the technology. The main point of a hardware wallet is allow you to store and manage your own private keys instead of keeping your bitcoin on an exchange that could be hacked. It’s a big responsibility since if you lose the device and the backup ‘seed’ any funds you’d stored in it are totally lost but it’s the only way to keep your wallet completely secure.
There’s quite a good choice in this growing sector, the leaders really being Ledger and Trezor but new entrants are coming into the market with great solutions so if you’ve looked before, it’s worth looking again…
Ledger – the first of the ‘big two’ hardware wallets that have been around for some time. Ledger have two main offerings, the older Nano S for £55 or the Nano X with a larger screen and Bluetooth connectivity for £109.
Trezor – the other of the ‘big two’ hardware wallet manufacturers again with two main offerings the Trezor One at €60 or the Model T with colour screen and MicroSD storage for €180.
A newcomer to this space is Safepal – the cheapest of the bunch at just $40 but backed by Cyrptocurrency exchange Binance and packed with a whole bunch of features, certainly a cool little gift for someone and if they’re not into cryptocurrency yet, this might just give them the start they need.
Security Stocking Fillers
PortaPow USB Data Blocker – you may not have thought about this before but if you ever plug your phone in to charge in a USB port at work, in a library, an internet cafe or at someone’s house – they may be able to access your data. Both iPhone and Android devices do have protections but the risk here is that a typical USB cable handles both power AND data, meaning that whenever you plug in to charge you’re actually exposing the data line and any potential security flaws the phone may have. The PortaPow is a nifty little device for just £4.50 thay simply blocks the data lines but retains the power line so that you can charge in any USB port without exposing your data.
Webcam Covers – if an attacker compromised your laptop, could they use the camera to watch what you’re doing? In fact, this happens and it’s not always malicious hackers, in 2010 a school district settled a lawsuit for $610,000 for remotely activating cameras in student laptops. There are loads of cheap promo webcam covers out there but if you want something more interested turn to the hand-crafters at Etsy where you can buy a whole load of weird and wonderful webcam covers for laptops.
Lock Picking Kit– you might think that lock picking is for criminals, ne’er-do-wells or rogues in RPGs but it’s actually quite a popular hobby and even a sport. Locksport events can be serious competitions with crazy challenges such as speed trials, blindfolded picking and handcuffed picking in pairs. If someone you know is into security and likes puzzles, they’ll probably love lock picking. As a stocking-filler you can pick up a basic set for less than $10 / $10 on sites like Wish and eBay but if you want a serious version you could spend a little more at $25 / £25 from specialists such as Lock Pickers Mall or UK Lock Pickers. You may also want to buy one or two cheap padlocks but don’t buy too expensive otherwise they might be too difficult for a beginner! The key here for beginners is that simple is best, a small set of picks will handle most basic padlocks.
If you’ve got any suggestions, please leave a comment or find me on LinkedIn!