Another day, another hack unfolds on the Internet. No Internet service, big or small, seems impervious to attacks. Just ask the folks at Adobe, Dropbox, Apple iCloud, Sony PlayStation, Gmail, and Snapchat—each service has seen password leaks and security breaches that have left millions of users scrambling to change passwords, not to mention the very real possibility of their personal and financial information floating around on the web. Sounds grim right? What does one do? Let’s face it, there is no 100 per cent protection plan from malicious data theft, but you can at least ensure that the lock on your door is better than the one your neighbour has.
Advertisement
1. Do a password audit
Do you choose convenience over security when it comes to passwords? Here’s a sobering thought—the top three passwords in the Adobe security breach that affected nearly 40 million customer accounts were “123456”, “123456789” and “password”. Hardly impenetrable right? What you need to do is perform a password audit—list out all the services and passwords you use and immediately fix the ones that are too short (less than 8 characters), those that contain words and names, or, predictable stuff, like numbers added to the end of your name. Even more crucial, don’t use the same password across different sites and Internet services so that a hacker, who gains access to your Facebook or Twitter account, won’t all of a sudden have ready access to your Gmail or banking account as well. And while you are at it, do check your password recovery questions. It’s a bad idea to put any publicly available information such as your birthday or your mother’s maiden name in your password recovery questions.
Advertisement
2. Get a password manager
Recommending complex and unique passwords for each online service you use is easy, but following this advice is a nightmare, given the proliferation of Internet services each of us use. What you need is a password manager, such as Last Pass (free, $12 per year for premium all-device access), or, 1Password ($35 one-time). All you have to remember is one master password, and the password manager will remember the rest for you, auto filling your password into web forms no matter which device—computer, mobile or tablet—you’re on. In fact, these two can even help you perform a password audit and generate long, strong passwords that follow the best security practices.
3. Use two-factor authentication
It may sound complex and scary, but two-factor authentication (2FA) is really very simple. All it ensures is that when someone tries to log into an account from a new location, say a different computer or phone, they also have to enter a code that’s sent via SMS to a trusted device, like your cellphone. It’s much like the one-time password banks need to complete any online transaction. This way, even if your password does leak out onto the Internet, the crooks will be unable to actually use the account affected. The great thing about two factor authentication is that once you have it set up, you’ll rarely have to actually use it on a day-to-day basis. Check twofactorauth.org for a comprehensive list of the services that offer 2FA, including Gmail, Facebook, Dropbox, Twitter and Yahoo Mail.
Advertisement
4. Dial the experts
It may seem like wasteful expenditure and a drag on your computer’s resources, but an antivirus or Internet security program is highly recommended—Kaspersky, McAfee, and Trend Micro are great options. At the very least, ensure that you have the free Microsoft Security Essentials (Windows 7 and Vista) or Windows Defender (Windows 8) software installed and running on your PC. What’s equally important is that you keep your antivirus program, web browser and operating system, along with other third party applications, updated to the latest versions not just for the new features, but also to fix newly identified vulnerabilities with your device’s software.
Advertisement
4. Use common sense
A free airline ticket or a £100,000 lottery prize may sound enticing, but steer clear of links in such suspicious email messages. Avoid links in emails, even if they’re from your bank. Instead, type the URL directly into your browser. It may take you that extra couple of seconds, but it can keep you from being phished. And unless you subscribe to a virtual private network service, do not use public Wi-Fi for anything that involves logging in an account such, as Gmail, Facebook, or online banking
Just one email a week