Editor's note: This is the latest in a series of articles that explain digital tools to journalists. You can read the others here.
With news organizations getting hacked now on a semi-regular basis, it's more important than ever for journalists to protect their work from would-be cyberattacks.
That's why, after several weeks focusing on video tools, Poynter Interactive Learning Producer Ren LaForme and I are switching this month to talk about digital security tools. Our conversation has been edited for length.
This is one of those topics that I read about and try to figure out before I get lazy and just check Facebook. So, what's the first tool we're going to talk about?
You're not alone in that. I tried to teach folks about digital security three or four years ago and nobody was interested. Now I think there's a compelling case for us to be interested. So the first tool that I'd like to talk about is a password manager.
When it comes to online security, the best way to make sure that you're taking care of yourself, the quickest way, is to make sure that your passwords are secure and you're using different ones everywhere. I've found that the best tool for this is LastPass. Have you heard of this before?
I have not heard of this.
I guess I can simplify it and say this is a password storage and generator tool, but it does so much more than that. Basically, you sign up for a LastPass account, and it installs a plugin in whichever browsers you want it to install in.
From there on out, every time you go to type in a password, it gives you the option to save it. Or if you want it to make a new password, it can generate one between four and 20 characters. And then it will save that password in a really secure vault.
Related Training: Digital Security for Journalists
If you want to use a tool like this, what do you have to do? What's the first step? I know it exists, now what?
You just got to lastpass.com and sign up for a free account. And with LastPass, you only need to remember one password, and that's the password to get into LastPass. That one you want to make really secure. Mine is like 35 characters. Once you do that, you download the plugin or the app or whichever way you like to use it.
It seems like a lot of journalists and newsrooms are getting better and thinking about digital security. This feels more important than ever to me, does it feel that way to you, too?
It definitely feels more important than ever to me. We've seen a lot of cases where not only journalists but also prominent people have gotten taken advantage of because they weren't necessarily thinking about keeping safe online in the right way.
We've seen foreign and domestic governments getting into people's accounts. We've seen hackers taking photos, stealing credit card information. There are just attacks coming from all sides, and if we're not putting in a minimum effort keeping ourselves safe, I think there's a great cause to be concerned.
Yeah, and this matters for our sources' safety, too.
If you're just a person on the internet, you could lose your credit card information, someone could steal your identity. That's bad. But if you're a journalist working on sensitive subjects and your sources are outed, you could ruin someone's life. It's not just you at that point. Also your organization. We saw this with the DNC. They got into the entire thing through a pretty small window.
So if you're the weakest link at your news organization, you're also opening this up to all of your colleagues.
Is there anything else about this that you like? It sounds like it's super easy to use.
It's really easy to use. I'm sure one of the things that puts people off is the encryption names these things have. This has AES-256 bit encryption, which I know the U.S. government uses.
I was poking around with my account today and I found you can install this app on your phone called the LastPass Authenticator, so every time you log on to the website, you also have to open the app, and the app generates a new code every 10 seconds. Essentially no one could get into my password vault unless they have my phone and my password.
It sounds like it has a two-factor authentication function.
Yeah, there are like 10 different options for that, too, so if you don't like one, you can choose something else. If you're the most paranoid person on the planet, I think LastPass can help you feel safe.
It also has password sharing. I know a lot of news organizations log into the same Twitter account or something like that. This is a secure way to share those passwords. It has vault storage, so if you want to share some files back and forth and make sure they're really locked down, you can do that. And it's got notes, so you can take notes in here.
Also, most of these features are completely free. I have the premium account, which is one dollar a month, and I honestly don't think I'm using all the things I pay for because all the free stuff is pretty much everything you need.
We're going to keep up with this theme and talk more about digital security next week, right?
Next week we're going to explore some tools that you can use to dig around and find out what's publicly available about you on line, and we're going to talk about how you can lock that down.