Our digital accounts on social networks, email, chat apps, and other platforms act as the gateway to our lives. We use them to have private conversations, store documents, collect our personal photos, and more. If someone has access to your digital accounts, they have access to your life,  which can have real world consequences in the wrong hands. These risks mean it’s essential to take steps to safeguard our digital selves.

But how do you know if your digital accounts are safe? And what are easy steps you can take to improve your security?

Citizen Lab, along with partners Open Effect, the University of New Mexico, and comic book artist and designer Jason Li, have launched Secure Accounts to answer these questions in a fun and accessible way.

Secure Accounts offers a visually rich experience, driven by the illustrations of Jason Li, who was involved at every stage of the project.

“With Secure Accounts, we’re using visuals to catch people’s attention, humor to make the journey a bit more fun and memorable, and, above all, everything must always be accessible so that our work is as inclusive as possible,” says Li.

The project was motivated by Citizen Lab research that has shown that account phishing is a common threat that civil society groups face. Phishing is a tactic to steal personal information, by tricking you into entering passwords into websites that look legitimate but are really fake. Like the rest of us, journalists, activists, and humanitarians store their lives online. Through their online accounts, they communicate, mobilize, and organize political activities. Phishing is a relatively inexpensive way for spies and criminals to break into accounts and collect sensitive information.

“The risks that civil society groups face online reflect the general risks that everyone needs to be aware of. Making our accounts more secure through features like two-factor authentication is a first step we can all take towards being safer online,” explains Masashi Crete-Nishihata, a member of the project team from Citizen Lab.

The project team consulted with security trainers working alongside at-risk communities in Arabic-speaking countries as well as the Tibetan Exile community. These consultations revealed important information about encouraging online security, such as the need to make security practices seem like an everyday activity, performed by normal people — as opposed to specialized techniques performed only by profesionals.

No longer just for specialists

“Security measures are no longer a matter of exceptional steps that certain professions or specific kind of people need; it is becoming a minimum basic need in many contexts to help a little bit in controlling your private content and way of working,” says Ramy Raoof, a Citizen Lab research fellow and security trainer who provided consultations for the Secure Accounts project.

Likewise, protecting yourself online means protecting the ones you care about.

“In this connected century, it is never just about you,” says Lobsang Gyatso Sither, who works with groups within the Tibetan Exile Community to improve their digital security practices.

“For me, if someone is online, then it doesn’t really matter whether they have a technical background or not: staying safe online is not just about you, but about staying safe for your family, your friends, your community, and more.”

How does it work?

Secure Accounts is comprised of five different modules, each designed to function as a standalone resource on a specific aspect of account security, or as a series, with each module building on one another.

The five modules include:

    • Secure Your Accounts: A comic that explains why people should take their account security seriously
    • Account Phishing and Civil Society: A brief explanation of what phishing is and two examples of phishing attacks against civil society groups based on recent Citizen Lab research
    • 2-step verification in 2-minutes: A comic that explains what 2-step verification is and why it’s important
    • Set up 2-step verification now: A collection of links to instructions on how to set up 2-step verification on popular online platforms
    • Who could get access?A app that users humour to highlight how adopting better security habits will mean hackers need more time and skill to break into your accounts

Reflecting the diversity of our network and goal to make Net Alert accessible, Secure Accounts is available in the following languages: English, Traditional Chinese, Simplified Chinese, Tibetan, Arabic, French, and Spanish.

Acknowledgements

Bahr Abdulrazzak, Simon Humbert, Ramy Raoof, Lotus Ruan, Lobsang Gyatso Sither, and Leandro Ucciferri provided translations.

Ramy Raoof and Lobsang Gyatso Sither participated in our security trainer consultations.

Net Alert is funded by the Open Technology Fund’s Internet Freedom Fund.