Getting hacked is an unfortunate part of being on the Internet today. The cold hard truth is that if you want to stay 100% digitally secure, then stay off the Internet. But it’s not all doom and gloom — by using some simple, yet effective security measures, you can make any hackers dream of getting into your accounts, an absolute nightmare.
Always Use Strong Passwords
The sheer amount of people that still use extremely basic passwords is astonishing. For example, I recently had a client whose password for PayPal was something along the lines of “doggybag” and this was for a dog treat company! Even the most inexperienced of hackers could break that password in a matter of minutes.
The least you can do is to create a strong and easy to remember password, which is a lot simpler than you think. For example changing an “S” for an “$”, or using a zero instead of an “o” will immediately make your passwords a lot more difficult to crack. By applying this method, we can easily change my client’s password to “D0ggyB@g”, which is still easy to remember, yet much more difficult to crack.
If you’re stuck for password ideas, then you could always use a pronounceable password generator to help you create a strong password that is easy to remember.
Make Your Passwords Unique
What’s the point in having an incredibly difficult password if you’re using the same password across all online accounts? Say for example, that you were unlucky enough to be one of the 250,000 Twitter accounts that got hacked recently.
If this hacker got hold of your password and it was the same for everything else, they could get into all of your online accounts very easily, and once they’re in, it’s very difficult for you to gain control again. If you don’t believe me, take a look at this article by journalist Mat Honan who was the victim of a very large, and malicious attack on his personal accounts.
So by now you may be thinking “how am I supposed to manage hundreds of unique passwords in my head”. Well, the good news is that you don’t have too. You can use an online password manager like LastPass that will remember all of your passwords for you. What’s more, it will also log you in to your online accounts automatically. This means that your passwords can be a long string of letters, numbers, and symbols that don’t make any sense. For example: 1RXgY7QXcNzM1#Ua.
I am a heavy user of LastPass myself and I actually don’t have a clue what any of my passwords are as LastPass manages them all for me. Since it’s Web based, I can use it on all of my machines and mobile devices.
If you’re worried about the security of having your passwords synced across the Internet (even though they are encrypted before they leave your machine), then you could use a local password manager like KeePass which does the same job as LastPass, only locally.
Setup Two-Factor Authentication
So by now you should have completely unique and incredibly strong passwords for all of your online accounts. That’s great, but you can still make things more secure — I told you it would be hard for these hackers!
Password managers do have a weakness, and that’s the master password; the password that is used to unlock your secure password database. With a local password manager like KeePass, this isn’t as much of an issue as hackers wouldn’t normally have access to your machine. But with LastPass you can use two-factor authentication to bolster your master password with a second line of defence.
LastPass supports Google Authenticator, an app that displays a code which changes every 30 seconds. After you log in with your normal password, you will be prompted to enter the current code on your phone. So not only would a hacker need to get hold of your password, but they would also need your phone as well.
There are a number of websites that support Google Authenticator, not just LastPass. Gmail, Dropbox, and even WordPress can be setup to use it. Google does actually recommend that all users use Google Authenticator with their account.
Use A Separate Email Address For Password Recovery
Most websites have a forgot password link on their login page, so that you can reset your password in the event of losing it. They usually do this by emailing you a unique link that you can use to reset your password.
But what if hackers somehow get into your main email account, then try to send themselves password recovery emails, so that they can get into all of your other accounts? Your strong, unique passwords are pretty useless now.
But all is not lost, you can set up a second email account and use that for password recovery. So even if a hacker does get into your main email account, they won’t be able to access anything else. The recovery email address can usually be specified from within your account settings.
This email address doesn’t even need to make sense, as you won’t be using it for sending mail. firstname.lastname@example.org would be absolutely fine, just remember to set up two-factor authentication on it, and put the details in your password manager.
You have to use this on a case-by-case basis. Many services usually send reset details to the same email address you’ve used to create your account, which could be your primary email address or one of its aliases.
As you can see from the Google Authenticator screenshot above, I abide by these guidelines for my own online protection, and I’m yet to be hacked (that’s not an invitation to try by the way). Remember, nothing is hacker proof, but employing good security practices will certainly make the job a lot more difficult for any would be hacker.
Do you have a different way of securing your online accounts? If so, please feel free to share in the comments section below.