security
Securing Your Digital Life
February 16, 2019
Recently, I was tasked with helping a family member deal with having their email hacked. The worst part about this was that getting into their email allowed this individual to then gain access to their Amazon account and completely take it over. This could have easily escalated out of control, but I was thankfully able to stop it from going further than that. For a more widescale example, with the recent release of hundreds of millions of leaked usernames and passwords, there’s a good chance you could have been affected by some sort of data breach that contains your emails and passwords. With that said, I’d like to share some ways to help you secure your digital lives, so you can prevent this from happening to you and better prevent your passwords from being leaked in these data breaches.
Some of what I’ll be talking about will require some setup and commitment, but it’s well worth it considering the alternative.
Password Managers
This is the most important one. If you were to adopt any of the things I write about in this article, this should be it. Considering the number of websites that require a username and password, it’s almost impossible to create unique passwords and remember them for each and every website. This is why a lot of people reuse the same password, which is never a good thing to do. If you’re currently reusing passwords, stop. To make this all easier, a password manager such as KeePass, LastPass, or 1Password should be used. These password managers secure all of your login information behind a master password. The security of password managers completely depends on the quality of this master password, so make sure it’s fairly long and consists of multiple words, numbers, and symbols. This is the one password that you should be able to memorize, but keep in mind that a memorable master password doesn’t mean a short password. Again, it should be fairly long. Being able to memorize the master password is vital, as without it, you lose access to your passwords. If you’re worried about forgetting it, I recommend writing down hints on paper as to what it is. Or you could write the master password on a piece of paper, but I’d recommend against this.
If you are reusing the same password, you should change the password for all of the accounts using it to something unique. A majority of password managers will generate a random, secure password for you, allowing you to not have to worry about coming up with your own. You should not be able to remember your passwords because if you do, there’s a good chance it’s not a good password. Don’t worry about not remembering your passwords though, as this is the wonderful thing about password managers, they remember them for you.
If you’re curious as to if your emails or passwords have shown up in data breaches, check out this tool: https://haveibeenpwned.com/. If you find out your password has shown up in a breach, change the password immediately for any accounts that use it.
Two-Factor Authentication
Check your accounts, or at the very minimum important accounts, to see if they have support for two-factor authentication (2FA). If they do support it, enable it. This makes your accounts require a second form of authentication, along with the typical username and password, in order to log in. 2FA usually involves inputting a short code that is sent to your phone through text message or through an authenticator app.
When enabled, if someone were to get a hold of your password, they wouldn’t be able to access your account. In order to actually access your account, they’d have to know your 2FA code as well as your password. This is a super simple thing to do that’ll add an extra layer of security to your accounts.
Keep in mind that 2FA codes can still be retrieved through phishing, which I talk about in the next section.
Phishing
Phishing is a very common way people get their login credentials or other sensitive information stolen. The most common medium for phishing attacks is through emails, which are usually disguised as coming from legitimate sources. There are a few things you can do to lower the chances of getting phished or preventing it all together:
- Never click on links or download attachments within emails unless you are 100% sure they are coming from a legitimate source. Emails from family, friends, and coworkers can still be phishing emails if they themselves have had their emails compromised. If you’re still unsure, and it’s possible, talk to the person who sent you the email in order to confirm the link/attachment is safe.
- If it’s too good to be true, it probably is. Just delete or ignore these emails.
- Always check the email address. Never base the legitimacy of an email off the name of the sender, as these are easily spoofed.
If you’re always aware of what you’re sent and who sent it, your chances of falling victim to phishing attacks are slim.
Antivirus
It’s almost a guarantee you’ll stumble across a virus sooner or later. So before that happens, it’s best to set yourself up with something that’ll catch and block a majority of viruses from ever doing any harm. An antivirus is one of those things you can set up and forget about as it works in the background. Though you should occasionally run a full system scan just to see if anything slipped its way through. I recommend using Avast as it’s free and does an amazing job.
Wifi
If you’ve got wifi setup at your home or business, ensure it’s password protected. The last thing you want is some malicious individual using your wireless network for nefarious purposes. There’s a small chance of this actually happening, but regardless, it’s better to have a password protected network than not.
In terms of public wifi, never use unsecured public wifi unless absolutely necessary. It’s incredibly simple for someone to see, in plaintext, the information you submit to websites. This includes your login credentials and other sensitive information, such as credit card numbers. This goes for unsecured home networks as well.
Simply put, always password protect your wifi networks and only use password protected wifi.
On a final note, there is no way to completely prevent your accounts and information from being compromised, as anything can happen. But using what’s talked about in this article, you’ll be better protected and greatly reduce the likelihood of it ever happening.