Lately in the news we’ve heard of some high profile companies being hacked. The details of which in some cases have been scarce or hidden from the public. That however had got me thinking about my own online security. The truth is, that today’s wars are fought in cyberspace. Stealing information and compromising companies assets. With the increase of attacks, companies are now deploying tools to help users protect themselves even further, most notably, two-step authentication. This of course is just one of the ways you and I can protect ourselves while online, there are plenty of other ways as well.
Lets review a typical individuals online presence. You most likely have a Twitter account, Facebook, Google+, a Google email and perhaps a few others, a blog or two, maybe two different persona’s, one professional and one personal one. With multiple accounts it becomes difficult to remember all of those different passwords, inevitably some of us get lazy and we begin to reuse passwords. We’ll use our Facebook password to setup a new Pinterest account, we’ll use our Twitter password with Google and so on and so forth. The risk here is obvious I hope.
So what can we do to alleviate the risk of our personal accounts being hacked? There are a few of course;
- Create unique passwords every time
- Invoke a “password reset” cycle
- Review periodically applications connected to your social accounts
- Don’t sign up for something you don’t fully understand
Creating Unique Passwords
For some of us this is a no brainer and yet when I’ve asked a few friends what they consider a unique password, I was very surprised by their responses. It has come to my attention that in reality, not a lot of people (from what I’ve gathered) outside of the tech realm really know what a unique password consists of. Worst yet, when I spoke to the same people as to what they use as a guideline, they couldn’t really answer the question. So what does a unique password really consist of? A very simple guide is as follows;
- use a mix of upper and lower case letters
- mix it up by adding a minimum two or three unique symbols (such as !@#$%^&*)
- add a couple of numbers
- make sure that the password is more then 10 characters long
Using this outline you can create fairly strong passwords which are virtually uncrackable. (I say virtually uncrackable because in today’s cyber world, it is less and less likely that anything is 100% secure.) Remember that the longer the password and the more unique combination of characters you use, the harder it will be for a hacker to gain access to your account.
The Password Reset Cycle
For those of us who work within a large organization, this should be fairly familiar. Every 90 days our computers prompt us to reset our log in onto our corporately owned devices. This reset is the industry standard for continuous IT security.
Although no one does it today, it would be wise to implement this same type of policy with your own personal accounts. It does become tedious and sometimes difficult even to remember or come up with new passwords, but this system of resetting all of your most frequently accessed sites and systems does decrease the likelyhood of someone intruding your privacy.
To remind myself of this, I’ve setup a reoccurring reminder in my calender for every three months. This keeps me on top of ensuring my own online security is in check. At the same time I make sure my privacy settings are up-to-date. Which leads me into my next segway …
Periodically Review Your Security Settings
Setup a reminder, or simply add it to the one to reset your passwords and review all your most frequently and public facing social sites. While you’re doing that, also take a look at the connected apps. This will give you a picture of which services are connected to your social accounts. In a lot of cases you may find that you are no longer using some of the services you’ve connected to or some which you no longer want to have permission made available to. Reviewing these on a similar cycle as your passwords will help to ensure that nothing that you don’t want connected is trying to use your social sites.
Be Careful What You Say “Yes” Too
I wasn’t sure whether or not to include this, I know that by doing so I may inevitably be implying something here, but I am not trying to. I’d like to just state for the masses that “if you are not sure exactly what you are signing up for, just don’t.” Easier said then done some would say, but lets take a look at the risks.
If you are signing up for a new service because you are trying to get ahead of the masses, make sure to read all the fine print. It may take you an hour or two depending upon how fast you read, but it is critical that you do. Signing up blindly can expose you to vulnerabilities you may not want to be exposed to. Reading the TOS (Terms of Service) and Privacy Statements are critical to not only understanding what information the product or company is using, but more importantly, what they intend to do with it. We all remember the fiasco that occurred when Instagram changed its TOS which included the variably interpreted line which potentially aloud them to use your photo’s to sell to brands and such. Unless you want to find yourself in such hot water, its best to invest that hour or two, its saved me once or twice before.
Personal security should be important to each and every one of us. If we aren’t careful, our online presence can have destructive results on our lives.
Now, you’ve gone ahead and implemented at least some of my suggestions (hopefully), however now you’re frustrated. With every turn of the quarter you reset your passwords but need to keep a log of what you’ve used in the past and what your new passwords are. How would you go about doing this? My solution, 1Password.
Agilebits 1Password application securely stores all of your passwords and login information in a digital vault. Available for both OSX and Windows, a single license will set you back $50. (At the time of writing there was a Mac + Windows bundle available for $70.) You can store all of your login information (usernames and passwords), secure notes for times when you don’t want information floating around in a unsecured note app and software keys, just to name a few options.
To make things even better, 1Password provides a extension for all popular web browsers which allows you to easily log into a page without having to dig up the login using the app. When you create a new login item, you have the option to also add a URL. When you do, each time you return to a login page for a website, 1Password identifies the corresponding login item by matching the URL on file and pulls up the proper login for you to use. Using single click sign-on, you’re into your site with ease.
All this is great when you’re at your home computer but not so much if your out and using someone else’s PC or trying to login into a new app. Agilbits has a solution! 1Password is also available for the iPhone/iPad as well as Android. The Android version is free however it limits you to only viewing your passwords, where as both the iPhone and iPad apps let you view, create and fully manage your 1Password files all for $18 CDN.
1Password syncs your information between mobile and desktop through either its sync servers, Dropbox or iCloud allowing you to keep the same information on your mobile device and your desktop client. This way when you are away, you can still access services which you may not recall the exact password to. All these as well as double security, timeouts and a whole bunch of other features are available to you in this neat little application, one which I highly recommend.
Security is a critical part of our online behaviour, yet very little do we think about what we share, who we share information with and what companies can do with that information. Hopefully these few tips I’ve outlined will get you thinking a little more about the importance of keeping yourself safe online. Just like you wouldn’t give someone you don’t know and trust your credit card, your online security and reputation, should get the same attention.
Until next time …