Easy Ways to Secure Your Online Accounts and Devices20/05/2013
So, let’s say the scary stuff first. There is no system, software or hardware that is un-hackable. There is no 100% infallible way to keep your accounts from being compromised. Even if there was such a thing, there’s no way to keep all of the sensitive data you have on the internet inside of it. Work, social media sites and even your own personal devices are all points of entry for a malicious user to wreak havok on your life should they target you.
Therein lies the trick; make sure you’re not a target, or at the very least, not a tempting one. Make the wall so high that even though it is scalable, it’s just too much work or not worth the payoff/risk. There are a few simple things I do to reach these ends, and I’m going to enumerate them below in the hopes that it will help someone secure themselves a little better.
Point of Note: This is not an all-encompassing list of everything that can be done. It does not hit every single base or to show you how to use every available tool to its maximum potential. I’ve focused specifically on the systems that will yield the greatest improvement in personal security for time invested. There are much more thorough listings and how-to’s out there on how to really lock your stuff down. These below are some simple, quick things you can do to make yourself a little safer in the digital realm.
Every good article on internet security starts here, and for good reason. People are very bad at choosing good passwords and good password habits. If it’s been said once, it’s been said a thousand times: Your accounts are only as secure as the passwords that guard them.
First of all, choosing a good password is a must as they are the keys to all of your data. They need to be LUC-keys: Long, Unique and Complex.
- LONG – At the very minimum 8 characters, and the best are even longer (some of my more important accounts are up to 16 characters). The longer the password is, even weak ones, the harder they are to guess or crack.
- UNIQUE – Each account should have its own password that is unique to that account. If you use the same password on multiple important accounts, then a malicious hacker would only need to break one and they’d have access to all of your accounts. Suddenly, a minor email breach could open up your bank or Facebook accounts if the same password is shared.
- COMPLEX – Choose complex passwords that contain numbers, letters and symbols if allowed. Try to avoid common words, names or dates, especially if they could be easily guessed. You, kin or a significant other’s birthdays and names are all information that is easily obtainable through public records.
Passwords that follow these rules are very difficult to crack, and even if they are, you’ve only lost control of a single account. You’re creating the most amount of work for the malicious party with the least amount of payoff.
A password is always better when it’s coupled with good account security. You can’t control everything, though. If a site gets hacked and your password gets spilled, then there’s not a lot you as a lowly account holder can do about it. However, most sites offer a plethora privacy and security options that can lock down your account even further.
Every site has privacy controls of some kind, even if it’s a super-simple site like a bulletin board or forum. These can be used to mask information about your account that could be used maliciously, or in some cases even hide yourself entirely from people that you don’t know. Sometimes this can be daunting, like in the case of Facebook’s privacy system, but the payoff in security can be huge. It’s worth your time to check them out at the very least and see if there’s anything useful in there.
Not all sites offer this, but the big ones like Google, Twitter and hopefully your bank do. Two-Factor (or Step) authentication is just exactly what it sounds like. It requires, upon logging in (and sometimes only under certain conditions) for the account holder to verify that the login is legit by going through a second authentication step. Usually this is something like entering a code that is texted to a phone number previously set on the account. Even if your account is already compromised, you be notified that someone accessed it.
A lot of information can be gathered from the electronics that you use to access your accounts. Mobile devices can be stolen, remotely accessed or even “borrowed” and used for malicious purposes. Your home computer can be infected or stolen as well. It’s important to know the features of your operating system and what you can do to lock it down further.
First, let your browser store your passwords. I know it sounds counter-intuitive, but modern browsers have sophisticated mechanisms for hashing (hiding) passwords and keeping them safe. Also, they’re generally impervious to keyloggers (programs that record keystrokes) meaning that even if you have malicious code on your system, it’s much less likely to pick up your passwords if they’re being dished out by say, Chrome.
Also, there are utilities that build LUC-key passwords for web sites for you (see The Passwords, above) and remember them as well. You can have 26-character long passwords with a crazy amount of random letters, numbers and symbols in them that you don’t have to remember yourself. Just look for extensions/add-ons for your browser that talk about password hashing*.
Also, don’t let just anyone use your devices, or at the very least your profiles. Not that your grandmother is a black-hat hacker but if you’re storing your passwords in your browser, then they are easily accessible if they’re on your profile. If they compromise your security, then you’re the one that’s going to pay. Make a guest account if possible and always have a password on your own. On my mobile devices I actually have two browsers. One that I use myself that stores all of my passwords, and another that I load up for others to use.
An Endless Battle
There’s a hundred more things you can do to make yourself even more secure, from building Truecrypt volumes or encrypting your whole drive/home directory. However, these ones listed above are all very easy to get going and offer an incredible boost in security. The passwords section in particular is widely considered a must-do list that everyone should be following. Keep these things in mind, do them and you’ll be on your way to making yourself a very undesirable target.
*”Password Hasher” for Firefox is an example. See figure to right for an example.