With high-profile breaches like Equifax and Yahoo! fresh in the public’s mind, here are a few quick tips you should follow to make sure your online security is top-notch to avoid the headache of dealing with identity theft in the future.
Protect Your Devices
No matter which device you use to connect to the internet, you should make sure the latest updates and security patches are installed. Google, Microsoft, and Apple work continuously with white hat hackers to identify security issues and patch them in Android devices, iOS devices, and PCs.
Google and Microsoft both release security updates for Android and Windows each month to stay on top of the latest vulnerabilities that have been discovered in these platforms.
You should also make sure your favorites browsers are up-to-date as well. Most modern browsers like Chrome, Firefox, Opera, and Safari will tell you when an update is waiting to be installed. Don’t delay these, as these updates often patch vulnerability issues that were discovered in testing. It’s okay to wait a few days to make sure there are no significant bugs for the new release, but you should update your browsers and devices as frequently as possible.
Use Strong Passwords
When securing your phone or your online accounts, you should make sure you use a secure password that is unique and has not been used on another site. One of the primary ways attackers gain access to accounts is through re-used passwords. When a major breach like Equifax happens, the data is dumped into a text file and uploaded to a site like pastebin for the world to see.
Hackers used Pastebin to expose a random assortment of Twitter users as ‘proof’ of a massive 32 million person hack. The hacker then posted an advertisement alongside this dumped info, offering to sell the full 32 million account file for only 0.5 bitcoins. He mentions being able to hack anyone who re-used their Twitter password on their email accounts, iCloud, Google Drive, and more. This is the number one reason you should not reuse a password.
Tips For Generating Passwords
Most password managers have a password generation tool included, but if you would rather not use a password manager, here are some basic tips to follow to avoid setting yourself up to brute force attacks.
* Use a password that is more than 16 characters long and contains a mixture of uppercase, lowercase, numerals, and symbols.
* Never re-use a password from one site, even once.
* Set up a schedule to change your passwords rather than continuing to use the same password for years.
* Use a password manager to keep track of all the new and lengthy passwords you’re generating.
Use Two-Factor Authentication
Most major account providers like Google, Microsoft, and Apple all support two-factor authentication (2FA). This means in addition to the password, users must provide physical proof that they are in possession of their account by providing another authentication token upon logging in.
Some sites make this process less painful by allowing you to remember specific devices and networks, but you should enable 2FA for all of your accounts that support it. Google Authenticator is an offline option that works on Android and iOS, while Authy allows you to sync stored accounts across multiple devices.
Use A Password Manager
While you may think that saving your newly generated secure password in Chrome or Firefox’s autofill feature is just fine, the truth is, these password storage tools can be exploited. Some third-party tools are designed to harvest emails that are stored in the browser’s autofill feature. This is why you need a secure password manager.
Researchers discovered that marketing firms like AdThink and OnAudience are collecting email addresses of autofill on browsers to build an advertising profile. They claim that email addresses are hashed using standard encryption, but email hashes can still be used as unique identifiers to make advertising profiles linked by pseudonymous data. In other words, you can be connected to the data if enough connections are made between your location and your unique hashed identifier.
Password managers come in both online and offline varieties. LastPass is an excellent place to start for an online password manager that syncs across multiple devices, but there are security concerns about storing your passwords with a third-party company. Other services like 1Password and Dashlane exist to make password management a breeze across platforms without requiring access to an online service like LastPass.
Use VPN and Proxy Services
To truly anonymize your browsing habits and prevent advertisers from building a complete profile of your browsing activity, you should consider using a VPN or a proxy service.
VPNs and proxy services mask your IP address with one of their own IP addresses in the country that you specify. This has several benefits including hiding your IP address from website advertising trackers, access geo-blocked or restricted content, and malicious websites can be filtered out.
Some proxy services maintain a list of sites that are known to be malicious and promote malware or phishing, thereby preventing their users from accidentally accessing the malicious site. While your IP address isn’t being exposed directly to the website you visit, it’s important to remember that the proxy owner can see who you are through your IP address. Therefore, you should only use a VPN or proxy service that you trust with good reviews and an anonymous data policy in place.