Assume that your service provider will be hacked and your password taken at the source, so what can you do to minimise your risk and exposure?
Step 1: Own your security.
You can’t rely on your service providers to guarantee your protection. So you have to take responsibility for reducing your risks.
Step 2: Passwords are Just the Start
A strong password is just the beginning of online security. There are many recommendations for what constitutes a strong password. You’ve been told your password should be more the 8 characters long, a phrases, a mixture of languages I’m sure you’ve heard of a couple I’ve missed.
But as I get on in years my memory isn’t what is once was and I’ve had to succumb to using a password manager. The password manager can randomly generate strong passwords and record them for each website or Internal Computer resource for a Home or Office environment. So a password manager can remember the password for your router, or other networked device.
You then only have to set and remember one strong password for the password manager.
A couple of months ago there was the revelation that Facebook founder Mark Zuckerberg’s accounts were hacked, but that was not quite accurate. A service he used was hacked and his password captured at that source, the hackers or perhaps the persons who bought the password used the password – booboo – to access some of Zukerberg’s other accounts.
That’s why it’s important not to use the same password on multiple sites or services. So save the Re-Use and Re-Cycling to plastics and waste.
Step 4: Use Multi-Factor Authentication
Multi-Factor or Two-Factor Authentication as it is more commonly known, is where you are asked for an additional code usually a PIN which may be sent via SMS, or e-mail. Or you can use an application to generate a code for you on your mobile device.
Beware however when having codes sent by SMS, however. Yes that’s right, there’s a vulnerability in the SMS system that allows SMS traffic to be intercepted therefore allowing someone to capture your codes. I suggest using an App or having the code sent via e-mail.
Step 5: Change Passwords Regularly
Change your passwords regularly, some people suggest that passwords should be changed every 3 months, which can be a bit excessive. However, one might consider changing passwords for high risk accounts frequently.
Step 6: Do NOT Use a Social Media Account to Sign In
Quite often you will be presented with the option to use your Google+, FaceBook or Twitter account to authenticate – or sign in to regular folk – on some services. You should not do that, create separate account using your e-mail address etc. If it’s too much trouble, then use that as means of determining whether you really need the sign into the service!
I’ll elaborate on this in subsequent posts, but there are untold privacy risks as well security risks associated with using your social media account to log into a news media or some other service, just don’t do it.
Step 7: Lie – Or as Politicians would say “Be Economical with the Truth”
Why do social media sites or e-mail services need to know your real date of birth? I suggest that you are also “opaque” or not much mislead, but perhaps “fail to make clear” which High School you attended or the Schools Mascot. This would mean that you would have to remember that you attended the “Return of the Jedi Comprehensive” or that Peekachu was your school mascot. Granted this would not help in a situation where that data was stolen as is the case with the Yahoo breach. However it does prevent someone else changing your credentials using some readily available information. Let’s face it your high school is more than likely on FaceBook or LinkedIn, anyone can then get the mascot if there was one!
Step 8: Know Your Status
I’m not talking about your medical history, but check to see whether your account have been compromised. There are online services such as xyz where you can enter your e-mail address to establish if the account has been “Pwned” (pronounced Powned) or hacked or otherwise owned by someone else. Use the website haveibeenpwned.com
I will offer more tips and suggestions as to how you can implement some of these steps in subsequent posts, but if you have any suggestions or question don’t hesitate to comment or give feedback.
Images courtesy: freedigitalphotos.net