We all have so many online accounts, each storing huge amounts of data about our lives. And typically, in my consulting experience, that information is only a simple password away. Unfortunately, I seldom come across a client who follows my security recommendations to keep themselves and their information safe.
The biggest complaint I hear is that the extra security steps are such a hassle, an inconvenience.
Really? What is more inconvenient, a few extra steps to verify that only you have access to your accounts, OR, being locked out of your Facebook (or any other “important” account) by an online criminal? Or worse, online criminals gaining access to your bank, investment account, or health insurance portal?
For example, a quick scan of your Facebook page can tell an online criminal what date you were born, or married, what schools you’ve attended, where you work, what you do on the weekends, if you are on vacation, or even where you live.
Online Criminal vs. Hacker
When most people hear the word “hacker” they will envision a dodgy internet criminal who breaks into governments or steals people’s identities and credit card information.
But that is an incorrect assumption. The term “hacker” is not just limited to people who use their ability for criminal activities.
Hackers can be divided into three categories, depending on their intentions:
• White Hat — an ethical computer hacker, or a computer security expert, who specializes in penetration testing and other testing methodologies that ensure the security of an organization’s information systems.
• Black Hat — are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.
• Grey Hat — is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
Think Before You Click
It’s effortless for online criminals to trick you into giving up the information they need to steal your identity, money or to collect a ton of information about you to be used or sold.
Every day, most people are confronted with many forms of scams that attempt to collect any information that will benefit them. Thinking carefully before you click can mean the difference between a funny video or losing access to your financial accounts.
When it comes to links in emails or texts, the safest thing to do is not click/tap. When I see an email from a company I do business with — no matter what company it is — I never click any links within the email. Instead, I open my browser and use my saved bookmark to go to my account.
Tips to Keep Your Online Accounts Secure
I am sharing the same tips I recommend to every client I help, or that I mention at my tech talks. They are all easy to do — you just have to do them. Everyone should add these steps to their online routine if they care at all about keeping their information safe and secure.
For any online account you have, be sure to look through the settings and security sections so you know what is available to help further secure your account.
Close Accounts You No Longer Use
Do you know what happens to accounts that you no longer use? They are hacked, which can then help online criminals access your other accounts — because most people use the same (or very similar) passwords on all of their accounts (more on this below).
To the best of your ability, keep track of accounts that you create and use. And when you notice you are no longer using a particular account, close (or delete) it.
Usually, that means you have to log into the account in question, then search the settings for an option to close or delete the account. Sometimes, you have to contact the people or company behind the website to close the account. Once the account has been closed or deleted, you can erase that information from your password manager or notes.
The added benefit here is that you can reduce the amount of account information and passwords that you have to keep track of! 🙂
How to Create a Strong Password
The primary tip I give to clients is this, make sure you choose a strong password and don’t reuse it on any other account — ever.
It can be the difference between keeping your identity safe and online criminals easily stealing your information (to sell or use to access your other accounts).
Unfortunately, most people tend to pick passwords that are easy to remember and then reuse that same password on other online accounts.
Think about that. If a password is easy for you to remember, it’s easy for an online criminal to guess it.
I suggest to my clients to use at least 10-12 characters. The longer the password, the better. Having a random jumbled mixture of UPPERCASE and lowercase letters, numbers, and special characters greatly increases the security of the password.
My two recommended methods to creating strong passwords are:
- Use a password manager and their password generator tools
- Use https://passwordsgenerator.net
I’ll cover #1 below, so let’s focus on #2. As a matter of fact, you can follow this link that uses my suggested settings for secure password generation.
The preset has the following settings already defined, you just need to click the “generate password” button.
Pro tip: Don’t pick the first choice, click the “generate password” button several times and then choose a password. I usually click 5-7 times before I pick one.
Password managers basically do two things: they autofill your username and password for you, and they can generate a long, complex, random code for you and store it as well.
Web browsers like Google Chrome and Apple’s Safari can do that already (Apple, for example, saves those passwords in your iCloud Keychain). Services like that are a good option if you only use one system, such as an iPhone, a Mac, and Safari.
But if you have, for example, a Windows and a Mac computer, an Android phone, an iPad, or if you use different web browsers, etc. then a third-party password manager is very useful.
When you start using a password manager, you’ll first need to “teach” them your current username and password for each particular website which you can then save. The next time you visit that website the password manager can make logging in a lot easier. It’s really not difficult, the hardest part is actually doing it.
I personally use Bitwarden, but there are others like LastPass or KeePass. Most password managers will require you to create a password to access your “vault” — this should also be a good, strong, password that you don’t already use elsewhere (nor should you use that password on any other account).
Bitwarden, along with most, have very handy tools in addition to making it easy to manage your plethora of accounts. Below is a screenshot of the Bitwarden website tools section, you can see there is a password generator, along with reports checking your passwords against known exposed passwords. You can also check how many of your passwords are reused or are weak. Plus you can check your account information (saved in your vault) against known data breaches.
Also known as two-factor verification. Whenever possible, you should add two-step verification to all of your accounts.
It’s an extra layer of protection, which means if someone gets ahold of your username and password, they won’t be able to log into your account without an extra code delivered over SMS/text message or through an app like Google Authenticator. Which means they’ll need physical access to your devices.
Google Authenticator is a software-based authenticator by Google that implements two-step verification services using the Time-based One-time Password Algorithm and HMAC-based One-time Password algorithm, for authenticating users of software applications.Available for iOS and Android devices.
Check Your Account Activity
Many online accounts let you check up on recent activity — for example, you can head to this page for Facebook and this page for Google. It’s worth doing this on a regular basis to ensure that all is OK. You can usually log out of all sessions but the current one, and revoke account authorizations for any devices you don’t recognize.
Pro Tip: Use a Secret Email for Some Accounts
If someone knows your email address, they’re halfway to knowing how to log into your accounts — and frankly, it’s not that difficult to find out someone’s email address.
Setting up a private email address — something that doesn’t relate to your name or that you use anywhere else — solely for logging into your social media accounts is another way of keeping them more secure.
I do this for my social media and other various accounts. It’s easy to create a new email account via Gmail, Yahoo, or AOL, for example.
Try a Secure Email Provider
Or, you can try a secure email account. Secure email providers will keep your emails private and are great alternatives to Gmail, Outlook, and other services that sell your data to the highest bidder. The best secure email is ProtonMail.
Free accounts get 500MB storage | Email activity is not logged | Available on Web, iOS, and Android
ProtonMail is based in Switzerland, which means all user data is protected by strict Swiss privacy laws. They use end-to-end encryption and zero access encryption to secure emails. This means even ProtonMail cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.
No personal information is required to create your secure email account. By default, we do not keep any IP logs that can be linked to your anonymous email account. Your privacy comes first.
Read more about their security details here: https://protonmail.com/security-details