Online Security Best Practices
With the news full of journalist, politicians, celebrities and other people having their email and phone accounts hacked, it is a constant reminder that we should be vigilant about protecting ourselves online.
While no one can ensure you are 100% safe from online hacking, we have a bunch of steps for you to keep yourself secure in an increasingly hostile digital world.
Different Passwords - First and foremost, use a different password for sites you visit. When 116 million LinkedIn was hacked in 2012, those users’ email address and passwords eventually ended up online in 2016. Users who use the same password on LinkedIn as their Gmail account quickly found themselves vulnerable.
Password Pattern - I try and use a pattern for all the sites I visit that makes each sites password, pretty unique. What does this mean? I will use a base password that has both numbers and special characters, for example, Justin20!^Bieber. I will then append a set of characters for the website I am visiting. For example, the first two letters of the domain or the first two vowels of the site. So my password for Google, taking the first two vowels from google.com of oo, would be Justin20!^Bieberoo. You can develop your own password pattern, and then use it where applicable. Don’t be like me though and tell people your pattern!
Change Your Password - If a site gets hacked and no one tells you until three years later, that is bad. You can decrease the chances of hackers changing. Every year as you kick off your New Year’s resolutions, include changing your password for sites that are important; such as mail, phone accounts and banking.
Password Manager - There is a lot mental energy expended remembering all of these passwords, even with a pattern. A password manager is a highly recommended approach to dealing with the deluge of passwords we are confronted with.
In general, password managers have plugins that can be used in browser that automatically fill in username and passwords at websites. On mobile platforms, you are prompted via the app to provide a username and password.
Password managers will also generate unique passwords for sites that are highly randomized such as, [email protected]^(+56KsYu8. This level of complexity is hard for hackers to try and crack.
Update software - It doesn’t matter how complex or strong your passwords are if you are running software that has security flaws that hackers can readily take advantage of. PCs running a 5 year old version of Adobe Flash are going to be open to hackers looking for information.
To alleviate this run modern versions of software. This includes latest versions of Windows 10 (upgrade from Windows XP people!) and MacOs. Make sure you are using an evergreen browser, such as Chrome, Opera, FireFox or Microsoft’s Edge browser. If you are using outdated software, be sure to upgrade.
Is this a real issue? In 2016 hackers used zero day vulnerabilities in Flash, Windows, MySQL, iOS (your Apple iPhone’s operating system) and more. Quickly upgrading your software once vendors have resolved the issue is paramount to protecting yourself.
Two Factor Authentication - An excellent way to improve your online security is use Two Factor Authentication. Two Factor authentication essentially involves two things; a thing you know (such as a password) and a thing you have (such as a phone). Software vendors like Google, MIcrosoft and Apple support two factor authentication, which essentially requires you to provide a password when you log on, and then a number generated by an authentication application on your mobile phone (or another device like a RSA token generator). You can also setup applications to say that a device is trusted (like a home PC), which requires a token to be entered once a month or so.
In these scenarios, even if a hacker has a password to your email, they are required to enter in a token that is running on your mobile phone. In this scenario, if a hacker knows your password and has your phone, you are already in a bit of trouble :)
How serious is this? During the 2016 US Thanksgiving weekend, Google was warning prominent journalists that their accounts were under phishing attacks. Their recommendation, two factor authentication. At a minimum, keep email addresses associated with banking accounts, health and brokerage accounts secure with this approach!
Be Wary of Public WiFi - Public WiFi can be problematic for security conscientious folks. If you are sitting at a coffee shop and doing online banking, it is possible that others on the network could be reading packets on the network and reading confidential information. To bypass this, you can use VPNs when connecting to encrypt traffic or use SSL as identified below.
HTTPS Everywhere - In examples where you are concenred about Public WiFi, or even your work or home network, you can do your best to ensure you are running HTTPS, which is the encrypted version of web page traffic. If you click on an article at http://www.nytimes.com, people can read the content of the page. If you read an article at https://www.nytimes.com, it becomes much more difficult for people to read the content of the page.
Why is this important, especially for public pages that everyone can read? Two reasons, first, if you are reading information at sites that can provide information about you, for example, WebMd articles, you may not want people to know the contents of what you are reading (obviously, in most cases, the not encrypted URL will provide an idea of the content).
Second, for public pages that are not encrypted, the pages can be changed and updated to try and get information about you. For example, if someone intercepts an HTML page from google.com, they could inject a snippet of HTML that asks you to enter your email address and password to google. At that point, game over.
So, if you think clicking around the Internet and changing the link to HTTP sounds like a huge pain, you are 100% correct. Thankfully, most major browser vendors have plugins that will do this automatically. I recommend people use HTTPS Everywhere from the Free Software Foundation. They have plugins for Chrome, FireFox, Opera, etc.
If you want to read more about why encrypting the Internet is important, read this. It is becoming more and more important, so much so that Google is giving higher rankings to secure pages over non encrypted pages.
Protecting yourself on the Internet is becoming more and more important to our connected digital lives. Hopefully the above tips provided you some ideas you can use to increase your security in the online world.
This post originally appeared at Skyline Technologies