DEV Community: Beck Mateo

How to Create Strong Passwords, Privacy and Security for Dummies

Beck Mateo — Fri, 18 Apr 2025 20:41:52 +0000

Intro

Passwords is a very complicated topic, they serve as a barrier for protecting sensitive information from bad actors, in today's age, more and more people are using the internet, and you're probably not surprised to know that most of them still use dangerously simple passwords which can put them in a lot of harm , luckily, for an average user, there are only a few steps to take to drastically improve your account security and to create passwords that are near impossible to crack, so let me show you some of them.

What does a Strong Password Look Like?

If you want to create a strong password, then there are simple rules that you can follow to do so, the most important ones to keep in mind:

It should consist of a minimum of 16 characters
It should contain all types of characters including upper and lowercase letters, numbers and special characters
Don't use obvious things that can be deduced by hackers using social engineering (like putting your birthday, your pet's name or your son's birth year)

These rules are simple, and that's the point of it, creating a good password is easy, yet a lot of people ignore, it's 2025 and there are still people who use "password" as their password

If you want to check how strong the password you created is, you can visit useapassphrase to see how long it'll take to crack your password

The Most Important Rule : Never Reuse Passwords

This point is still being underestimated by a lot of people

I can't stress enough how important this point this, because no matter how strong you're password is, a big part of this strength is gone when you use the same password everywhere, this means that you're putting all of your eggs in one basket, because the moment that one of the sites you used that password gets compromised (and that happens a lot more than you think), all of your other accounts will become instantly compromised, and to fix this problem, you'll have to go account by account resetting your password, that's a lot of effort, not the mention the damage that would've been already done by the time you get around to fixing it.

The takeaway here, there's no point of knowing how to create a strong password if you'll use everywhere.

Better Alternatives : Passphrases

This is make managing your accounts much easier

So we've talked briefly about the topic of passwords and how you can go about creating strong passwords and the rules to follow to maintain a good level of security, yet, passwords still have some downsides, the biggest one being that they are hard to remember, if you create a password that are 16 characters of random gibberish, firstly, it'll take a lot of effort to memorize this password, the first option are to store it physically by writing it down (but if you lose it, then it's game over), the other option is to store digitally using a password manager (please don't put your passwords in your notes app), the second option is probably the better one and we'll discuss later, secondly, 16-character password are strong but not as strong as the alternative, that alternative being passphrase

To put it simply, passphrases are a group of regular words (mostly 4 words but the more the better) that we use in life separated by a space, now you might think that passphrases are weak because a hacker can easily guess the words you typed and then you're toast, but that's not the case actually, in a passphrase , you should use a combination of words that aren't common in everyday use (not in the top 1000 most frequent used words in your language), and the words shouldn't be related to you or to each in any way, that make cracking such passphrases incredibly difficult, even more difficult than a regular password!

You also use useapassphrase to generate strong passphrases to use, if you prefer to use an offline method, you can try out passphraseme

Another upside of passphrases is that they're easy to remember, they maybe hard at first but after typing them for few times, you'll develop the muscle memory that'll make you type instantly in the future, this isn't the case for passwords as they're very difficult to memorize, this is perfectly encapsulated by the xkcd comic

To cap it off, a strong passphrase should have the following:

A minimum of four words (more is better but harder to remember)
The words should be uncommon in daily use
They shouldn't be related to your life and activities in any way
Easy to memorize after a few times of typing it

If you're interested in taking your account security, you should definitely look into password managers but that's a topic for a different day

Be good people!

3 Interesting Firefox Alternatives for People who are fed up with Mozilla’s Shenanigans

Beck Mateo — Fri, 28 Mar 2025 03:11:53 +0000

“Feed the Firefoxes” by Glutnix is licensed under CC BY 2.0.

It has been clear by now that Mozilla isn't the company that it used to be, they have made some very bad mistakes over the past few years , the latest one was the changes they made to the their Privacy Policy and Terms of Use, that stated that Mozilla had "nonexclusive, royalty-free, worldwide license" to any data inside of Firefox, they later tried to rectify this but the damage had already been done, for me, I was long done with Mozilla before this even happened, but for other people, this was the straw that broke the camel's back and they're looking for alternatives, so I'm here to present with 3 unique browsers to replace Firefox as your daily browser.

Mullvad Browser

This one really changes the game when it comes to privacy and security

Mullvad Browser is the combination we didn't know we wanted so bad, it's a browser made by two giant entities in the privacy and security space, the first one is Mullvad, a Swedish company known for its privacy-respecting VPN, and the second one is the Tor Project that develops the Tor Browser, their efforts culminated with the release of Mullvad Browser, A Firefox fork with privacy and security enhancements pulled from the Tor Browser itself, the difference here is that you don't have the Tor network to connect to (although it's recommended to use a VPN of your choice), this means that this browser has very strong privacy and security settings out of the box and can really benefit people with higher threat models

The downside here is that aesthetically, the browser doesn't look very appealing, it looks just like Firefox with no additions (which will become more obvious when you see the other two browsers), it can also break certain websites if you tighten it even more, but that's not something unusual, as more privacy and security means less convenience (it's a sliding scale)

All in all, I think Mullvad Browser is the choice for people who want a great privacy and security out of the box while also wanting a more minimal and decluttered browser with no added features

Vivaldi

This one is really powerful

When it comes to customizability and features, there's pretty much no browser that can ever beat Vivaldi, almost every thing you can think about is baked into the browser including features like Tab tiling (this one is my favorite), stacking, there are also quick commands for those you love more keyboard in their browsing, and probably one of the most interesting things about this browser is that it integrates a Mail Client, an RSS reader, and a Calender , this makes not just a browser but rather an entire ecosystem for whose you love to live inside their browser, and the features don't stop there, there are also notes, screenshots and recently they added Proton VPN integration which is a great addition for privacy enthusiasts

Privacy-wise, Vivaldi only collects anonymized data on its users to count the number of active users , its business model is to make money through deals with Search Engines and so far the team behind it hasn't made any privacy transgressions, another thing to note is that it comes with its own tracker blocker out of the box, however, I find that this blocker isn't enabled by default and you have to enable it in the settings, also, it's still not there when it comes to tracking protection so I recommend you install uBlock origin with it (Although it's a Manifest v2 extension).

One downside to Vivaldi is that the fact that its UI isn't Open Source but rather Source-Available, this means that you can still view the source but you can't modify any of it, but unless you're a die hard FOSS supporter, this shouldn't affect you that much

Zen Browser

This is the new kid on the block

Zen Browser is another fork of Firefox, but what I really liked about it is the beautiful aesthetics as well as the sheer customizability of it, it's like the Vivaldi version of Firefox you can change the accent colors(I'm a big fan of this one too), you also have tab splitting, workspace management, the ability to preview tabs without clicking them, there are also Zen mods which make the browser even more customizable.

Privacy-wise, the team clearly states in its Privacy Policy that they don't collect any personal data nor is there any 3rd party tracking

The biggest downsides I found with Zen is that the project is still in beta (although it feels pretty much like a finished product), something else to note, the privacy and security settings out of the box aren't the best and need something tweaking, but the process isn't really that hard and installing uBlock origin will do a lot of you.

Overall, I think Zen Browser has the potential to be an amazing browser if they keep developing it with the same core principles and I definitely see myself daily driving it in the future.

At the end of the day, I want to say that the choice of the browser is something that you have to pay close attention because it's your gateway to the vast internet and you want to make sure you're as safe and private when browsing online.

4 Essential Things to Do for Everyday People to improve privacy online.

Beck Mateo — Fri, 07 Mar 2025 11:29:55 +0000

The Cover Photo : "Privacy" by g4ll4is is licensed under CC BY 2.0.

Introduction

Most people believe privacy is dead, and it's easy to see why ,almost every single service or product we use collects huge amounts of data on us, from our interests, our relationships and even our mental status, and it's seems impossible to escape , but it's not, while 100% privacy isn't possible unless you of course unplug everything, there are few things anyone can make to you more private online at almost no cost (both money and convenience-wise) so let me share a few of them with you.

Stop Using Chrome, Use a more private Browser Instead

This is by far the simplest and easiest one

It's no secret that Google Chrome has become nothing but a giant data mine, it collects insane amounts of data even when you're not signed in.
What's interesting is that you don't have to use it to get the same experience, You can use Chromium, the open source browser it's based on, but What I recommend is using Brave Browser, it has the same features (plus some other things by the developing team), it's open source and has sensible defaults optimized for privacy.

There are also Firefox-based browsers like Librewolf and Mullvad Browser but Browser Wars is a topic for another time

In short, Just Stop using the data-hungry Chrome and Switch to Brave to get a decent privacy boost.

Stop using Google for Search

This is the second most important thing to do

When it comes to search engines, it's obvious that Google will be one of the worst when it comes to privacy, it does all sorts of horrible things like logging your searches, tracking which links you click on, displaying some ads that somehow seem to know what you're thinking of (creepy, I know) and most people just accept it because they think there's no other option really but what they don't know is that there are other alternatives that respect your privacy while still providing you with some level of privacy, the first one I want to mention is Brave Search, it's a search engine created by the same company that made the Brave Browser, what's unique about it is that it has an independent index, meaning it doesn't pull search results from other search providers like Google and bing, it also has a paid option which is worth exploring

There are other options like DuckDuckGo (I found its search results on languages other than English to be hit or miss) and also Startpage (pulls search results from Google but is owned by an Ad company) but really what it comes down to is trying every search engine yourself and see which one gives you the best results

To summarize, stop using Google for search and really spend some time trying a different search engine that respects your privacy and gives you the good results that you need

Start using a more privacy-respecting E-mail Provider

This is another one about Google.

You might think that I'm biased towards Google but really, the company has made some very bad decisions when it comes to privacy of its users (like most other Big Tech companies), and Gmail is no exception, it's a very poor choice for those seeking privacy , it collects right about every single byte of data it can get and really the only upside it has is the 15GB of free storage which isn't worth the compromise (remember when something is free, you're the product), instead of using Gmail, there are several alternatives that provide just the same functionality without the privacy trade-off, the best one I found out there is ProtonMail, it's an e-mail provider based in Switzerland so it abides by the Swiss Privacy Laws, it has a beautiful interface that's not too different from Gmail (my favorite color is purple btw) , it has a free plan but only with 500MB of free storage and the Proton team are building a full suite of apps to complement it like a Calender and a Drive storage
There are other options worth considering like Tuta (Based in germany) and Mailbox (also based in Germany but is a paid option)

Overall, switching your email provider can have a drastic effect in boosting your privacy and reducing the amount of info data brokers can have about you and it has very minimal effects on convenience

Use an E-mail aliasing service to sign into Invasive services

This is another one that a lot of people don't know about

Most people subscribe to a services and then forget about only to have their inbox filled with spam and countless promotion e-mails that they don't want because they hand over their e-mail address to these services which will more than likely sell it data brokers that will then sell it to advertising agencies and it seems like the only option to get out of this hole to change your e-mail, thankfully, there's a much simpler solution , using an e-mail aliasing service, what it does simply is that it creates a fake e-mail like alias@whatever.com which you can use to sign in to services that you don't want to give you real e-mail address, then the e-mails sent to this fake e-mail address will be rerouted into you real e-mail, this accomplishes two things, the first is that it keeps your real e-mail address hidden from data brokers , the second is that the moment you ditch that service, you don't have to worry about spam mail because you can simply delete the fake e-mail and you won't hear from it again

The best two providers for e-mail aliases are:

In the end, I want to say that privacy isn't really that hard to improve and these simple steps are just the beginning of your journey towards a more private life online

5 Very Common Mistakes a beginner should avoid when trying NixOS for the first time to truly start daily driving it.

Beck Mateo — Thu, 27 Feb 2025 10:38:30 +0000

Introduction

There are many ways to use NixOS, the one most people start with is probably why they quit when they use it for first time (myself included), so if you're a beginner looking to daily drive NixOS on your personal or work device then here are 5 mistakes you should avoid to make sure to have a smooth sailing

Completely ignoring garbage collection

This is by far the most common mistake.

Garbage collection means getting rid of the package versions that are no longer used, it's important because leaving the fifty something versions of a package will quickly cram up your disk space
Garbage collection is very easy on NixOS, it can be done using the following command
nix-collect-garbage
You can even add the -d argument to delete older generations
Or you can add the following lines to your /etc/nixos/configuration.nix to make garbage collection automated

nix.gc = {
  automatic = true;
  dates = "weekly";
  options = "--delete-older-than 30d";
};

This is something that I didn't know how to do when I first installed NixOS and it frustrated me because my disk space never seemed to free up when trying to clear my cache!, that's why you should regularly clean up your garbage if you want to have space for the actual important stuff especially if you're using a small storage drive

Using nix-env to install packages

This is an abnormally common mistake
If the whole point of using NixOS is to have a declarative system , then going in and using nix-env to install packages feels like the most counter-intuitive thing to do, this is because :

You lose track of what packages you installed (just like on a regular Linux Distro)
You can't really change the configuration options of this package declaratively either

This can easily be avoided my simply adding the package name to the packages section of your /etc/nixos/configuration.nix

  users.groups.media = {};
  users.users.username = {
    isNormalUser = true;
    description = "username";
    extraGroups = [ "networkmanager" "wheel" "libvirtd" "media" ];
    packages = with pkgs; [
      package_name ];

If you just want a package temporarily, then what I recommend this using the nix-env which creates a temporary shell for the installed package which then gets deleted once you close the terminal
nix-shell -p package_name

The takeaway here is that there are better ways to install packages on your NixOS than just using the classic package manager install approach , this helps your system to be more organized and less prone to just randomly breaking

Not reading the available documentation

This is a mistake that most people in make in general.

Reading the documentation is crucial to understanding how a certain piece of software work , it's not just some random gibberish , it contains the instructions on how to efficiently use and configure it and even if you're a complete beginner, there's always a Getting Started section at the start of every online to help you along the way, for NixOS, the best way to start is the
NixOS Manual

There's also the NixOS unofficial wiki which contains useful information on certain topics like configuring the NVIDIA drivers, and using different desktop environments like GNOME or KDE Plasma.
NixOS Wiki

I know that NixOS isn't the best when it comes to documentation but having something to work with is much better than trying to just randomly press buttons and hope things work out

Not searching for configuration options

This is another one that'll save you a lot of time and hassle

Instead of trying to do thing the classic way like like configuring you firewall or keyd manually, you can instead use NixOS options to do so in your configuration files, if you want to know what options you can put in your /etc/nixos/configuration.nix just search on NixOS options to get a list of available options with their default values, combine that with some information from the wiki and you won't have to edit multiple config files just to optimize your system, you can just do all of it from you config file.

This is a much better and efficient way to manage your NixOS than just doing things manually and then forgetting what you did or not remembering where the configuration file (this happened a lot to me too)

Trying to jump on the Flakes ship way too soon

Flakes can an amazing tool to manage your NixOS.

However, they can be very frustrating to deal with if you don't exactly know what you're doing, they're also still considered to be an experimental option and the documentation still needs some work. For this reason, I recommend that you completely avoid using Flakes if you're a beginner and just stick to editing you /etc/nixos/configuration.nix to do must things and then after you become fluent in the Nix language should you start looking into Flakes and experimenting with them.

Conclusion

NixOS is an amazing system and getting to know it can be a very rewarding but the pitfalls are plenty , much more than the ones mentioned here , and this can leave a beginner totally frustrated , in this article, I tried to clarify some of the most common ones to help future users avoid them.