In a previous blog post, I created a list of a dozen or so things anyone could do to increase their online/digital security.
It’s time to revisit this topic, but this time with a bit more focus. A dozen security tasks seems like a lot, doesn’t it? Well, don’t worry, you can massively increase your own digital security/safety by doing just a few things, so I figured I would just concentrate on five items.
Here are the five that top my list:
- Create and use strong passwords for all online accounts and identities. Stop using your birthday, anniversary, dog’s name, and favorite teacher’s last name in your passwords. And stop reusing the same password (or slight variations on the same theme) on all your online accounts (Facebook, online banks, commerce, etc). Instead, use a password manager like 1Password or LastPass – these apps can create and store random, impossible-to-guess passwords. If you want to login somewhere, just have the software feed the username and password to the site, and you’re in. My goal is to never know another password – except for the one that opens up my password manager. That one I keep memorized!
- Enable two-factor authentication (2FA) or two-step verification (2SV) everywhere. When you log in to your bank or other important online accounts, you can opt to receive an alphanumeric code via text message. This simple expedient increases your security a lot – think about it: even if hackers do guess or steal your password, they won’t be able to get in without that second code. Getting a text confirmation is an example of 2SV, which is not the same as 2FA. 2FA is when you use your thumbprint, or a code from a secure token in your physical possession as the “second factor” in your login attempt (the “first factor” is your password). Either way, 2SV and 2FA makes it much harder for unauthorized people to get into your most important accounts.
- Protect all devices with passcodes, PINs, and passwords. Make sure that all smartphones, laptops, and other computing devices are protected by strong passwords, passcodes, and long PINs (at least 6 digits – and if your devices support alphanumeric PINs then by all means do that too!). That way, if your devices are lost, stolen, or subpoenaed, they won’t automatically be wide open to a stranger’s prying eyes/fingers.
- Keep your software and systems up to date. Hollywood movies would have us believe that hackers break into computers using really sophisticated software packages that bypass encryption and defeat firewalls. Not really. The majority of breaches occur because the bad guys detect a completely out-of-date version of an OS or software running on your phone or laptop. The out-of-date version has a well-known security problem, which they use to get into the system – and from there they start to take over that machine or device and then move on to other systems. Keeping your systems updated and patched can be a giant pain, but it’s an essential part of security hygiene.
- Be cautious about what you publish on social media. We’ve all gotten pretty used to sharing a lot about our lives: favorite books and movies, photos of family and friends, news about vacations and promotions, photos of social gatherings at favorite haunts. Unfortunately, every post of Facebook, Twitter, Instagram and other services helps to paint a portrait of your interests, routines, and social circle. Any and all of that can be used against you by someone who wants to gain your trust, or exploit your absence (think about all the homes broken into because people post vacation photos while they’re on vacation!). If you can’t lock your accounts or make them private, just be very aware that everything you post on social media is something you are telling the entire world.