I’m going to list out as many tips as I can think of that will help your private information remain as secure as possible. As you may or may not have heard, ensuring 100% security is impossible. But this is somewhat normal – after all, chances are your home has windows which can be broken too – this doesn’t mean we remove all windows and replace them with concrete slabs, right?
The idea is to reduce the risk as much as you possibly can. Put another way, the idea is to secure your data as much as possible, know the risks, and work with them, rather than hide in denial.
Logins, passwords, and accounts
- Use different passwords for each service. I know many people are guilty of this one because with so many services available, it has become more and more difficult to even remember which services we’ve signed up for, let alone remember each different password. There are services such as LastPass and Symantec that offer somewhat secure services for this, but personally, I stay away even from services like that. The less “convenience” features you can deal with, the better. I have to stress the importance of this point: It doesn’t matter how good your password is. It could be 1,000 random characters long, if a data leak happens on one of the 50 sites you’re using and account information is compromised, your password will be entered into a dictionary and will be instantly crackable. This combined with your email address makes quick work for a criminal to find you on the other sites that you use.
- Leverage strengths. If you cannot memorize your passwords and don’t want to use a service like LastPass, but for example, you have a very secure physical situation where you can store handwritten information, then take advantage of that! This is a case-by-case thing and I would advise that most people do not write their passwords down at all, but I’ll tell you one thing – keeping that password is a safe lockup that nobody has access to is a whole lot safer than storing it in a text file on your computer which is networked to the internet!
- Use 2-factor or multi-factor authentication. This is one of the best, if not the best, emerging security technologies. Even if your password gets compromised, your account may still be protected if you have 2-factor authentication enabled. If you are not sure if your email service, financial institution, or other service offers this, either ask or do a search with the organization’s name followed by “2 factor authentication.”
- Be wary of password generators. There are quite a few “password generators” surfacing on the web. While these often produce secure passwords, especially moreso than the typical “Sarah85” type of passwords, you also have to be wary of them. You don’t know who created these generators and not only if they can be trusted, but if they even knew what they were doing. In order to produce a proper password, the algorithm must use a cryptographically secure pseudo random number generator or a true random number generator which gets its entropy from a natural source. On top of this, there are many side-channel attacks that even if the algorithms are in fact secure, could still compromise your “secure” password. The bottom line is if you are going to use one of the “random password generators” only use one from a reputable InfoSec source. I’m not going to recommend any particular one but several big-name identity protection and anti-virus/security suite companies provide these.
- Be cautious with “security questions”. These should have never been used. They’re weak in the first place; come on, “favorite color?” “first car,” “first grade teacher” etc… Chances are, your best friend could get access to your account this way. But besides all of that, some websites don’t protect these answers like they do regular passwords and therefore if there is a data breach, and assume there will be, someone could get your email address and your answers and then go and use them on another site. With AI coming in fact, this could be automated and used to build a security question profile on you. If you can disable these and use 2-factor auth/strong password instead, do it.
- If the website does not use SSL/HTTPS do not use it. If you are already on the site, then leave immediately and do not come back. Look for “https://” AND a green padlock in your browser’s URL/web address bar. If you aren’t sure, put your cursor up there and double-click the icon in front of the website name. You must be aware that if you login to a website that is not using https, you are literally giving your password and details away to anyone. Even if you are not doing a financial transaction, do not submit any data to any website that doesn’t use HTTPS and doesn’t have a valid SSL certificate. You can view the SSL certificate of this website by clicking on the padlock. 🙂
- If you ever get an email, message, or any form of communication which asks for your login information or provides a seemingly legit link to another page which does so,be very skeptical. For example, if you get an email from “Facebook” or “Wells Fargo” or “Microsoft” DO NOT EVER ENTER YOUR LOGIN CREDENTIALS. What you can do instead is to go and visit the actual website as you usually would manually, such as go to https://microsoft.com or https://paypal.com for example. What will happen is you will be logging into the legitimate website and if there are any needs to handle any business, you can do so from there, but 99% of the time, there won’t be because it was a scam. Do not underestimate this. This happens all the time and sometimes the fake websites can look completely identical to the real site. This is bad because it doesn’t matter how strong your password is, or even if you’re using an encrypted HTTPS transmission if you are giving your password directly to criminals!
Stay tuned for my next volume of tips on malware prevention, which in my opinion, is a lot more difficult these days.