Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using Bitwarden to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.

Why it’s a good idea to use unique passwords

I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. …


The encrypted messaging app, Signal, is quickly becoming a newsroom staple for communicating with sources, accepting tips, talking to colleagues, and for regular old voice calls and messages. While it’s a practical tool for anyone concerned with the security and privacy of their conversations, people working in newsrooms are particularly interesting targets, and should benefit from locking down Signal.

(If you’re not yet using it, learn how to get started here.)

Signal makes it easy to have a secure conversation without thinking about it. On its face, it looks and feels identical to your default text messaging app, but security…


“A title card reading “two-factor authentication,” with an image of a login form, two-factor authentication codes on a phone, and a “sign in” button.

Passwords are the brittle wall that keep unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.

Two-factor authentication (or 2FA, for short) strengthens login security by requiring a second piece of information — a second factor beyond your password. The second piece of information is usually a temporary code delivered by a device in your possession, such as your phone. It may also be something on your body, such as a fingerprint.

You might hear it referred to by a variety of names (e.g., …


Opera’s private browsing mode

Most popular web browsers support two types of windows: ordinary windows and “private browsing” mode. Sometimes private browsing goes by a different name, such as InPrivate mode in Microsoft Edge, or Incognito mode in Google Chrome, but we’ll just call it private browsing. I research how people understand the web for a living. Trust me when I say, if you’re not sure what private browsing does, you’re in good company. Researchers have found widespread misconceptions about what information is visible through private browsing. So let’s talk about what it does and doesn’t do.

These windows and tabs all have one…


GIFs, putting in work.

We love animated GIFs because they let us communicate so much with so little. They’re visual, cyclical, and easy to share — powerful features for communicating unfamiliar concepts to an unfamiliar audience. This is why we think it’s important to learn how GIFs can be used strategically in education. We are all involved in online safety education and, following a session we co-organized on this topic at RightsCon, wanted to share what we’ve learned along the way in three posts:

  1. GIF JIF ZHAIF: Teaching an educational GIF workshop at RightsCon
  2. If you’re not using GIFs to reach & teach your…


In the crowded world of encrypted messaging apps, few tools stand out.

Wire gives you encrypted voice calls, video calls, and messaging. It uses wireless data (through a mobile plan or wi-fi), which can help save money on phone calls and SMS charges. This is great for those of us who want to call or text our friends without eating up an expensive phone plan. It also supports most major operating systems.

On Wire, conversations are end-to-end encrypted, meaning that no one except the conversational participants can read the messages. It’s open source, meaning that its code is publicly viewable


Paul Townsend (CC BY-ND 2.0)

We’re witnessing the growth of attacks on supply chains — trusted distribution channels for delivering software and hardware. I want to tell you a bit about these attacks, because you’re going to hear more reporting about them in the future.

Supply chain attacks typically turn trusted websites into hosts for malicious installer downloads, and infected servers into hosts for “evil software updates.”

And we have now been officially warned: “Security experts agree that it’s a growing trend.”

It’s technically true that software-based supply chain attacks are growing, and that they have real potential for damage. It’s not because these attacks…


Nelson Sosa (CC BY-NC-ND 2.0)

Encrypted messaging apps like Signal, as well as WhatsApp and Viber, use your phone number as your main username. This means that if I want to chat with someone on these apps, I have to give them my phone number.

But we may have many reasons — both practical and principled — not to share our number with someone. These digits are personal.

Ideally, apps like Signal would allow us to use something besides our phone number as the main identifier we share with others. …


Todd Barrow [CC BY-NC-ND 2.0]

Computers are fragile things. You have to take care of them. When you don’t, their powers can be borrowed or stolen.

Malware lets an unauthorized third party access or take control of your device. In practice, it’s become a catch-all term for a huge variety of malicious software. That could include software that hijacks computing resources, lets an attacker monitor your screen, keystrokes, and microphone, or effectively turns your device into an expensive brick.

Many types of malware are designed to evade detection, while others make their presence quite clear. Just as you wash your hands to minimize health risks…


Simply untangle. (Esfema)

A few years ago I began sending hundreds of emails to strangers — many, encrypted.

I was launching into my graduate research on the security habits of investigative reporters, and I wanted to hear from journalists with a variety of backgrounds.

If I wanted to meet technologically savvy reporters, I learned that I could more reliably catch their interest by sending a PGP-encrypted email. I also learned that this is a great way to annoy, frustrate, or otherwise upset journalists.

To understand why, let’s talk about PGP, and why it’s often at odds with journalistic work.

What is PGP?

PGP stands for Pretty…

Martin Shelton

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store