Talking about digital/online security is an afterthought for most people, to some, it even seems annoying. “Why would anyone hack me?”, “I don’t have anything important on my computer.”, “I have a super safe password; nobody will ever guess that.”, “I don’t open suspicious attachments, and I am careful, what could happen?” and many other thoughts, make us put security on the backburner until it is too late. Once data is stolen, and accounts are compromised, the average user starts to take security a bit more serious, but you shouldn’t let it come to this.
Being compromised or getting hacked can have serious long-term consequences, that can affect your life in all regards – especially if your livelihood depends on it. If you are planning to generate any income on the internet or rely heavily on the web, you should not shrug your shoulders and take these tips seriously. Breached security can end your career, and all it takes is a crack in your security.
Implementing tools and getting into certain habits might seem inconvenient at first, but some of these tools will make many tasks easier! Having to pay for health insurance might be inconvenient, but once you get sick or into an accident, your new smartphone (or whatever it is you would do with your extra money) won’t cure you of your ailments and pay off your neck-braking hospital bills.
Having a strong, secure password that can’t guess or brute force is the first step to better security. One of my favorite tips is to think of a long sentence you can easily remember and then take only the first letters of that sentence to string it together to a password. Ideally, throw in some numbers and special characters in there, if you can. Example: “I was born in 1986 and I am staying safe on the internet!” would give you Iwbi1986aIassoti!. Maybe you can come up with a better sentence, but I am sure, you can guess, why this password is already safer than “Secret123”.
Let’s say you are using a secure password and everything seems dandy. Now one of the websites you frequent gets compromised, and your password is available to the public / on the dark market for sale. Now your secure password will open up ALL your accounts that use the same email address and username. Having multiple passwords prevents this from happening, but we are using so many services, that having individual passwords and keeping track of them in our head seems like an impossible task. You should consider using a password manager to ease the burden of having to remember all of these different passwords! Password managers are your friends and will make your digital life more secure. They will also save you a lot of time since you don’t have reset your forgotten password again and again.
There are many services available, but I will be talking about LastPass since I have been using this service for the last year and are very content with it. LastPass will save your logins and passwords in its encrypted vault, which you can access with your (hopefully very secure) master password. With the available plugins, it will automatically fill the login fields on websites, so you don’t have to remember all these different passwords. It also offers mobile apps, which give you the same functionality on your phone.
LastPass can also generate secure passwords individually for each site, so you don’t have to come up with them. It will also detect new accounts and password changes and prompt you automatically, making maintenance very easy. Now you only have to remember one secure password, and in the case of a security breach, other accounts won’t be affected, since you use different passwords for each service. LastPass can also store notes, credit card information, and other sensitive data if you wish to do so.
Now the thought of having all your confidential information in one place might seem (understandably) scary to you, but you can implement several safeguards to make sure your data stays safe.
Two Step Verification
Use two-step verification everywhere you can; it’s great! Two-step verification will use an authenticator on your phone or a security key or send you a text message with a code when you log in or want to perform certain actions (like paying with PayPal). Two-step verification will protect your account, even if an attacker gets a hold of your login information. Every major online service should offer two-step verification to your customers, not doing so seems reckless (I am looking at your Skype / Microsoft). Two-step verification will add an extra step to your login, but it’s worth the extra click or two.
Getting a security key is a fantastic way to make two-step verification more convenient, without sacrificing security. For example, you can connect LastPass to your security key, and every time you log in, you only press a button, logging you in safely into your account. You can take the key with you, by putting it on your keychain for example.
If you are prone to losing your stuff, I recommend getting two keys and storing one in a safe location, like a security deposit box in a bank. Having a backup like this will save you some hassle, if you lose them, especially if you use them to log into your PC with the. I use a YubiKey NEO and a YubiKey 4 Nano, but there might be better and cheaper alternatives out on the market.
Encrypt your data!
As mentioned above, hardware can be stolen. You could lose your phone. Maybe it slides out of your pocket without you noticing, or you leave your laptop for a short moment unobserved, and someone snatches it; whatever the case, you need to secure your hardware. Circumventing passwords on local machines is relatively easy, and hard drives can be easily accessed on another device if they are not encrypted. Accessing the data on your phone is done by plugging in a USB cable and browsing through your files if there are not safeguards in place for this. What stops someone else from doing that? Encryption!
Newer operating systems like Windows 10 Pro, Mac OSX offer hard drive encryption right out of the box, and I would recommend using these features. The performance impact is negligible and its surely beats some stranger having access to all your documents, photos and other private data you might store on your system.
Protect your phone
Smartphones are just as capable as many computers these days, and they store sensitive data to a similar degree. (Sent a hot pic to your significant other recently?) If you are using it for two-step verification, it is also a way to access your accounts. For convenience, you have probably logged into most of your accounts on your phone, giving someone full access in the case of theft or you losing your device.
If you have fingerprint technology on your phone, set that up to log in! Try to use passwords instead of 4 digit PINs, avoid swipe logins (you can leave the path visible with smears) and enable features like locking out users or resetting the device after too many failed login attempts. Also, don’t display previews of text messages or other apps on your lock screen – this can expose sensitive data, without having to unlock your phone!
Some phones offer the same level of protection by encrypting the device, requiring a password every time it starts up after being shut down. You should also make sure, that your phones’ data can only be accessed via USB if your phone is unlocked.
If your phone doesn’t offer proper security measures, consider getting a more secure phone. Your safety is worth it.
Always have an anti-virus suite running on your Windows machine! Not having them is like walking through life with gasoline poured over you and visiting an Elton John concert, during a sad love song or some situation involving open flames near you. Just get one of the many free ones, they will protect you just as well. I recommend Avira, using it myself happily for many years at this point. And if virus software interferes with your pirated software and games…
Stop getting pirated software!
Seriously, stop it. Telling you to stop pirating games and tools is not about the damages you cause by pirating something or even the moral implications that come with stealing software, it is just about security. Practicing safety on your computer, but then downloading pirated software, is like being on a healthy diet while supplementing it with mercury smoothies. “That file is probably just triggering a false-positive, I am sure it will be all right.”, said no security-conscious person ever.
Don’t use your work accounts for leisure
If you use online accounts for your job and maybe even generate your income through them, consider getting a separate account if you intend to use it privately. Having a separate account isn’t necessary if you take the precautions as mentioned above, but it will reduce the risk of getting exposed.
For example, I use YouTube extensively for leisure. I watch a lot of stuff, and I use it on a lot of different devices. Being logged in into all of these devices with my main account, that my livelihood depends on, poses a security risk. Maybe someone steals my old, unencrypted tablet or I log in a friend’s infected computer to pull up my history. You get the idea.
Note: I would not recommend logging in at a system you don’t know, with any of your accounts unless you absolutely must.
Consider a VPN
VPNs are not only used to watch region locked content or pirate software; it has a lot of practical applications too. If you are using a public hotspot (a cafe for example), your traffic can be intercepted, and you don’t know if anyone is listening in. You might be exposing sensitive data. Using a VPN encrypts your data through a secure channel, giving your piece of mind in these situations.
There are free solutions, which can sometimes be a little sluggish and inconvenient to use, but if you are willing to spend a few dollars a month, you can use a service like ibVPN with plenty of servers and support. (I use it myself, there might be better alternatives available.)
Don’t send your passwords!
I know this seems like an odd one, but I bring it up because of personal experiences. Let’s say, you need someone (you trust), to log in to your account for you since you don’t have a computer near you or they need access to it. If you are not in proximity to the person and can hand them a note that can be destroyed afterward or you can’t log in on their machine yourself, you will have to send it somehow. IF you have to do this, make sure to split it up into different communication channels – maybe send one-half of the password via mail (ideally encrypted) and the other via text message. You can get creative here, but don’t send login data directly. Imagine you send your login and password via mail (Please don’t!) and someone else accesses your account. Now you just lost another account.
Check if you got pwned
haveibeenpwned.com offers a fantastic service, allowing you to check if accounts associated with a user name or mail address were compromised in a data breach. It is worth adding your mail address to their notification service!
I hope this article will help you be more secure and maybe even excited you about the possibilities of being more secure. Please leave your tips and suggestions in the comments, I would love to hear them.
Some further reading: