There’s always a touch of whimsy to tech giant Google and that extends to the individuals that help keep the place running. One key member of its team is the self-appointed Security Princess (yes, that’s on her business card): Parisa Tabriz. While security is serious business, Tabriz wanted to inject a bit of fun into her work, thus the unusual job title.
Hired as white hatter, the Iranian-Polish-American computer security expert has been with Google for the past 10 years and is one of over 500 people at the company who work on security and privacy. In the last five years, she leads a team of engineers who sniff out and fix security threats on Google Chrome.
We got to sit in during a Google Hangouts interview with her as she updates us on what’s new in her sphere in the business. She also left us with some often reminded, yet largely ignored tips on how to keep yourself safe online. (And really if security royalty says you practice these tips, perhaps it’s time to listen, yes?)
“Web feels really safe to people,” Tabriz says. “[It’s] like you’re talking directly to a website… people may think by default you get security when you access the web, but you don’t.”
She didn’t want to focus on the big elaborate hacking schemes we seen on TV or in the movies. Instead, she hones in on what the common attacker usually wants: making quick money using the easiest way.
Don’t reuse passwords.
We’ve all heard this before and Tabriz reiterates how important this is. Hackers who want to cause trouble can target weak sites and get passwords there and then they can use this to attempt to get to your more sensitive accounts. As expected, she recommends to use Google’s own password manager, which you can find more about here.
Now, if you’re the type who doesn’t trust password managers, Tabriz says it’s still safer to write down passwords and keep these in a secure place than share passwords for your different accounts.
Avoid using shared public computers or connections.
According to Tabriz, these are more likely to have malware and keyloggers that can log your keystrokes. If you input a password or other sensitive information while on these networks, you could be sending it off to hackers.
This piece of advice from Tabriz might hit a snag here since a lot of Filipinos use free public Wi-Fi. One additional piece of advice she gives is to not do any shopping, banking, or accessing anything sensitive while on these unsecure networks.
One way to monitor your Google account is to check your account security settings. You can easily access that through this link or just Google the term “Google Account Security Settings.” We’d suggest you even do a Security Checkup.
Enter two-factor authentication.
Whichever site or service offers it, Tabriz encourages you to turn this on. While not bullet-proof, two-factor authentication offers one more layer of security. She also encourages people to invest in a security key for added protection on Chrome. You can find out more about enabling two-factor authentication here and security keys here.
Be mindful about what you install on your machines.
Research the programs you plan to install on your devices. Tabriz talks about Google helps in this regard with Safe Browsing. They have a system in place that checks sites if they’re clean. It opens sites in a quarantined space where they determine if a site is malicious or not. Malicious sites get put in a blacklist that is available for other developers to use. According to Tabriz, Firefox makes use of the blacklist. You can even check out URLs on your own through Google’s Transparency Report.