A couple of years ago an unknown person hacked my GMail account. I had been lazy, I had used a low-quality, low-security password, and I paid the price. Within seconds the person had changed my password, locked me out, and deleted all my archived email. I tried everything I could to attract the attention of Google’s support team, but to no avail. It was only when I asked for help from my Twitter followers that I regained access to the account. In other words, if I didn’t have so many Twitter followers, I would have permanently lost my account.
This event and a hundred headlines convinced me of the need for better security. Recent news stories have once again shown the importance of properly securing accounts, apps and services behind best practices. Here are 5 steps you need to take to protect yourself online.
#1. Use Good Passwords
Surely you know by now that a bad password is, well, bad. You make a criminal’s life exponentially more difficult if you determine you will use stronger and better passwords. Of course it’s not always quite so simple, as there is endless debate over what constitutes a good password. But whatever camp you represent, a good password is one that protects your account and one that you can actually remember.
I think xkcd gets it roughly correct here, though. Find a password that is long but also easy to remember. Four random words strung together will protect your account better than a much shorter string of random numbers, letters and other characters; a mnemonic device of some description should help you remember those words. As he suggests in his comic, consider putting together a silly little story or scenario to help you retain it. You can use this random word generator to get you started. If you want to kick it to the next level, consider Jesse’s advice. (Also, make the first or last letter a capital since some sites require at least one upper-case character.)
So go ahead and make yourself a password and, for now, write it down on a piece of paper. We will get back to it in a minute.
#2. Use Unique Passwords
Creating one good password is a good start, but if you want to be ultra-secure should consider creating unique passwords for each of your important accounts. We can consider this an optional step if (and only if!) you are going to be sure to follow step #3 below.
If you want to be ultra-secure, here’s how to proceed. I’m sure you have a number of low-security accounts—they don’t have much personal information, they don’t have access to your credit card, and so on. For these accounts you can maintain a single password that spans all of them. But for each of your accounts that would really hurt to lose, you should consider a unique password. Otherwise, a criminal who gets that one password will have access to all of your accounts and, trust me, he’ll try. You probably have a lot of these accounts that really matter: email, Evernote, iCloud, Facebook, Twitter, Dropbox, banking, Paypal, and so on.
So go ahead—figure out the sites that need strong, unique passwords, and get to it. Create those passwords, write them on your piece of paper, and visit each site to change your account accordingly.
#3. Use Two-Factor Authentication
By now you have (hopefully) created unique and high-quality passwords for each of your important sites. Or, at the very least, you’ve got one great password that is protecting all of your accounts. Already you’ve gone a long way to protecting yourself online, but there is still some work to do. The next thing you’ll want to do is find which of your sites and applications support two-factor authentication. Two-factor authentication is a login system that requires a password plus another piece of information before you can access an account or change any of its information (hence the “two factors.”) The second piece of information is usually a code that will be generated by your mobile phone or sent to your mobile phone. You’ll find two-factor authentication supported by Google, Apple, Evernote, Dropbox, Facebook, Twitter, and most other major services. It will take a minute or two to set up each of them, but it is time well-invested. Once you have done this, a criminal not only needs your login name and password, but he also needs access to your cell phone (at least in theory).
#4. Use a Password Manager
OK, so now you’re all protected. But you’re still weak in one area—your passwords are complex and unprotected, just sitting there on that piece of paper. So let’s put those passwords in a vault. You can always put that paper in a safe place and return to it if and when you forget a password, but there is a better option: a password manager. There are many of them available. I recommend 1Password and have relied on it for many years, but you are free to check out others like Lastpass and Keepass. They all offer similar features, and what they do at heart is secure all of your passwords behind one master password. So go ahead and create one more password. Once you’ve done that, install your password management software and lock it with that password. Then take a few minutes to transfer all the passwords from your paper to your password manager. I will leave it to you to figure out what else these programs can do for you—like automate your logins and fill out forms. You may want to write down that master password and stick it somewhere you will remember but no one else will ever think to look (which does not include a Post-It note on your monitor).
So let’s see where we’ve come: You’ve created good passwords and updated all of your accounts with them. You’ve added two-factor authentication to all your most important accounts. You’ve stored all those passwords in a very safe place. Now just one thing remains, and you don’t even need to worry about it for a bit.
#5. Schedule An Audit
The last step is to occasionally do a password audit—to look for passwords that are known by other people, that are very old, or that are still very weak. If you use a password manager, it may have an auditing function that will do this for you. If you create good, unique passwords and treat them carefully, you should not need to change them more than every couple of years.
And that’s that. With so much of your life recorded and stored online, you will not regret taking a bit of extra time, and expending a bit of extra effort, in securing your accounts.
(One final note: Do not rely on security questions and answers to protect your account. If someone wants to know your mother’s maiden name, ten seconds at Facebook or Ancestry should find that information and more. When you encounter those questions, consider adding false answers and then recording those false answers in your password vault. Whatever you do, do not rely on them for your protection; they have proven themselves untrustworthy.)
Internet security image courtesy of Shutterstock.