AntennaSys, Inc.

1. Create strong passwords that are at least eight characters long.  The password shall contain at least one upper case letter, one lower case letter, one digit and one symbol.  Do not use any dictionary word as part of a password.  Do not use any complete, public phone number as part of a password.  This shall be known as a “strong password” (e.g. “I like to wash my car” becomes “1LtWmC&r”).
   
   
2. Create a unique password for each account or website. Use of a password management system such as LastPass will remove any barrier to generating unique, random, strong passwords for each and every account or site.  The creation of a memorized, strong master password is critical; this password may be written down as long as its significance hidden.  Change it periodically.
   
   
3. Never store passwords as clear-text (unencrypted) on any computer.  A written list of your passwords in your pocket is much more secure than a file on a computer.  A written single password to LastPass is better, because the energy required to use it is lower.
   
   
4. Never type a password on any computer that you do not own. Assume every public computer has a key-logger program installed and information you enter is being sent to a hacker in East Hackistan, because it likely is.
   
   
5. Never transmit a password via email or SMS (texting).  Always assume that your unencrypted email and texts are being read prior to delivery to its destination. Because they are.
   
   
6. Always use a secure connection when accessing email or any web site requiring a login (SSL, “https://...”).  (Gmail does this automatically by default. It is an option on Facebook and Twitter.)
   
   
7. Never use a wireless connection that is unencrypted or “open”.  This includes “free” Wi-Fi hotspots such as those at your favorite caffeine delivery emporium.  WEP encryption is better than nothing, but not by much.  WPA encryption is acceptable.
   
   
8. Use two-factor authentication whenever possible.  This includes dongles which generate pseudo-random codes and systems that send a code to your cell phone during log-in. (This is available in Gmail.)  Some systems let you use one-time-use passwords which is an excellent option when travelling.  (Gmail and LastPass have this feature.)
   
   
9. Never click any link in an email unless the authenticity of the link is verified by independent means.  Emails can easily be very easily disguised as to their point of origin.  Aunt Shirley will get over the emotional pain of your not clicking on the link to your birthday “e-card”.  Don’t do it.
   
   
10. Always update the software on your computer, preferably automatically.  This includes Windows, Mac OS, Adobe and Java.  This does not include pop-up windows warning of viruses on your computer, which is generally a fraud. 
    
    
11. Use security software on your computer.  Use Microsoft Security Essentials on Windows systems, and ESET Cybersecurity on Mac OS.

(*If a non-magical person is a Muggle, then I propose that henceforth a non-nerd is a Nuggle.)