A couple of years ago an unknown person hacked my GMail account. I had been lazy, I had used a low-quality, low-security password, and I paid the price. Within seconds the person had changed my password, locked me out, and deleted all my archived email. I tried everything I could to attract the attention of Google’s support team, but to no avail. It was only when I asked for help from my Twitter followers that I regained access to the account. In other words, if I didn’t have so many Twitter followers, I would have permanently lost my account.
This event and a hundred headlines convinced me of the need for better security. Recent news stories have once again shown the importance of properly securing accounts, apps and services behind best practices. Here are 5 steps you need to take to protect yourself online.
#1. Use Good Passwords
Surely you know by now that a bad password is, well, bad. You make a criminal’s life exponentially more difficult if you determine you will use stronger and better passwords. Of course it’s not always quite so simple, as there is endless debate over what constitutes a good password. But whatever camp you represent, a good password is one that protects your account and one that you can actually remember.
I think xkcd gets it roughly correct here, though. Find a password that is long but also easy to remember. Four random words strung together will protect your account better than a much shorter string of random numbers, letters and other characters; a mnemonic device of some description should help you remember those words. As he suggests in his comic, consider putting together a silly little story or scenario to help you retain it. You can use this random word generator to get you started. If you want to kick it to the next level, consider Jesse’s advice. (Also, make the first or last letter a capital since some sites require at least one upper-case character.)
So go ahead and make yourself a password and, for now, write it down on a piece of paper. We will get back to it in a minute.
#2. Use Unique Passwords
Creating one good password is a good start, but if you want to be ultra-secure should consider creating unique passwords for each of your important accounts. We can consider this an optional step if (and only if!) you are going to be sure to follow step #3 below.
If you want to be ultra-secure, here’s how to proceed. I’m sure you have a number of low-security accounts—they don’t have much personal information, they don’t have access to your credit card, and so on. For these accounts you can maintain a single password that spans all of them. But for each of your accounts that would really hurt to lose, you should consider a unique password. Otherwise, a criminal who gets that one password will have access to all of your accounts and, trust me, he’ll try. You probably have a lot of these accounts that really matter: email, Evernote, iCloud, Facebook, Twitter, Dropbox, banking, Paypal, and so on.
So go ahead—figure out the sites that need strong, unique passwords, and get to it. Create those passwords, write them on your piece of paper, and visit each site to change your account accordingly.
#3. Use Two-Factor Authentication
By now you have (hopefully) created unique and high-quality passwords for each of your important sites. Or, at the very least, you’ve got one great password that is protecting all of your accounts. Already you’ve gone a long way to protecting yourself online, but there is still some work to do. The next thing you’ll want to do is find which of your sites and applications support two-factor authentication. Two-factor authentication is a login system that requires a password plus another piece of information before you can access an account or change any of its information (hence the “two factors.”) The second piece of information is usually a code that will be generated by your mobile phone or sent to your mobile phone. You’ll find two-factor authentication supported by Google, Apple, Evernote, Dropbox, Facebook, Twitter, and most other major services. It will take a minute or two to set up each of them, but it is time well-invested. Once you have done this, a criminal not only needs your login name and password, but he also needs access to your cell phone (at least in theory).