Q&A with Jon Gaines, Cybersecurity Expert

Written By Rylee Montelione

Professional Hacker and Founder of GainSec

Legado interviewed Jon Gaines, cybersecurity specialist and founder of GainSec, to pick more of his brain on internet safety strategies and digital legacies. Throughout, there might be unfamiliar terms and technology mentioned, but anything that went over our heads, we made sure to break down further.

There are gems of recommendations in here from password managers to movies. The advice, summarized, is:

  • Use some form of 2-Factor Authentication (2FA)

  • Adopt a password manager (ideally one separate from your 2FA method)

  • When selecting a digital executor, consider choosing someone technically literate, trustworthy, and likely to outlive you.

  • If you have to use public WIFI, a VPN will add a layer of protection. However, it’s best to avoid public WIFI, especially when accessing sensitive data.

Q: What’s one thing people can do to keep themselves more secure?

A: Two Factor Authentication! This is the number one protection you can use to increase your security posture. Ideally, use a hardware option (like a yubikey), more realistically, use a software option (Google Authenticator), and if no other option, use the SMS/text option.

2FA/ 2-Factor Authentication - A security system that requires two layers of identification verification before accessing information/data

  • May involve codes that are sent to email/SMS, generated by an authenticator app, or input by an external authenticator (like YubiKey)

YubiKey - An external tool, resembling a USB drive, that gets plugged into your device and has a button that you push to verify your identity when logging in. (This blog explains more)

Google Authenticator - a software-based authenticator by Google, generates a one-time password that is time-sensitive

Q: How should one address their digital legal within their estate plan? Listing all accounts and logins is a logical starting point, but what should be considered when choosing a digital executor (someone to log into these accounts)?

A: I would pick someone who is more likely to outlive me and likely more technically literate, such as a child, cousin, or similar. However, I'd definitely leave the USB stick with all the information on it with my attorney.

Q: On that same note of physical tools for storing information and securing your legacy, like a USB, are there any other specific digital tools you might recommend, like VPNs or password managers?

A: I'd really only recommend VPNs to switch where Netflix thinks you are, or if you have no other choice than to use public WIFI.

When traveling, it's better to access sensitive things such as your bank over your cell phone connection (assuming you have activated some data plan).

That said, sometimes you need to be able to use a computer to access sensitive things while on insecure WiFi... The VPN I use and recommend is ProtonVPN. They also have a password manager option, which is fine, however, in my opinion, it's better to separate what you use rather than put everything in one basket. 

Therefore, my top recommendation for a password manager is BitWarden.

If you're a technical person, setting up your own VPN/Proxy using a DigitalOcean Droplet or Amazon EC2 is a viable option, and using KeePassXC while syncing your password database (using OwnCloud, ProtonDrive, or similar) is a good option as well.

VPN stands for Virtual Private Network, which establishes a secure connection between your device and the VPN provider’s server.

  • This encrypts your personal data, masks your IP address, and lets you get around other website blocks

    To encrypt is to convert - and thus, conceal - (information or data) into a cipher or code, especially to prevent unauthorized access by anyone other than the intended receiver 

A password manager is a tool that helps people store, manage, and create strong passwords; your browser might have one built in already.

  • Jon recommends BitWarden, a particular password management service that securely stores and encrypts your sensitive information. Other options on the market include LastPass, 1Password, Keeper, etc.. 

The rest, well… if you’re a technical person, like Jon says, may be relevant to you. Otherwise, you’re plenty okay just going with a run-of-the-mill password manager, and you’ll be leagues more secure and organized because of it.

Q: Could you recommend any books/movies/podcasts that blend themes of death and technology that our readers might enjoy or possibly learn something from? 

And - as a side question - have you seen Upload? It was recommended to me because it explores the idea of uploading one’s consciousness somewhere so they may ‘live’ on after death…

A: A lot of shows/movies that contain hackers also have some themes of death.

Classics like Ghost in the Shell (The anime more than the live-action movie) come to mind as they explore the concept of technology, death, and consciousness in depth. If you can't stomach anime itself, I'd strongly suggest watching a video on YouTube that goes over the concepts explored. 

Transcendence, In Time, Replicas, and Total Recall (the original and the remake) come to mind as well. There are a lot out there!

As for Upload, my wife and I watch that together. It's light and cheesy, but a fine watch to just hang out on the couch. We haven't finished the second season, yet, though.

I'd be down to upload my consciousness to a digital retirement home like in that show,
my wife would not.

So many thanks to Jon for sharing his knowledge with us!

To learn more about his career or to hire him for projects, check out GainSec or follow Jon on Twitter/X.

To get more tips on digital legacy, see Jon’s section in the Review of our first Legacy Party.

Rylee Montelione
Previous

Nevada-Based Trusts: Trusted by Billionaires
Next

A Legacy of Compassion: Reflections from a Hospice Nurse on End-of-Life Care