It’s a scary, digital world out there. The need to protect ourselves online has never been so big. There are hundreds of thousands of cyber-attacks launched every day, but most of them, thankfully, result in very little. But that doesn’t mean you can relax. Not to sound alarmist, but if you’re not taking the necessary steps to protect your privacy, then you’re juggling a chainsaw, machete, lit torch, and kicking toddler. It’s just a matter of time before someone gets hurt…
What to do? Plenty, but these represent the minimum for any savvy web surfer in 2014.
You need to use strong, secure passwords. We all know that. But (and it’s a big but), you absolutely must use a unique password for each website or service. Too many of us have one or two that we use many times over many different applications. Big mistake. In that scenario, if someone unsavoury gets or cracks that password, they essentially have access to your entire digital life. Problem. Isn’t it much better to potentially lose and be locked out of one account rather than all of them? Use a different, unique password for every website, service, and app in your virtual rolodex.
Easier said than done. What exactly constitutes a strong and secure password? The advice is always changing, but a recent research paper (The Effect of Grammar on Security of Long Passwords) by Ashwini Rao, a Ph.D. student at Carnegie Mellon University, has several suggestions for living in a digital world. His research suggests that you avoid verbs and pronouns and stick to nouns and adjectives in your long passwords. Additionally, he recommends that you utilize bad grammar, upper and lower case, alpha and numeric, and special symbols. But how, exactly, does one keep track of all those unique passwords?
There are many management programs out there. Most are free or affordable (and absolutely worth the investment), and you can easily find one to fit your budget. But definitely find one if you’re not using one yet.
These programs keep all of your passwords in an encrypted and password-protected database. You only need to remember the master password. Once opened, during a browsing session for example, it will automatically sign you in whenever you access a website or program requiring your unique password. Easy. Just remember to adjust your settings to lock the “safe” once you close the browser or shut down (after all, what good is a safe that you always leave open?!). Most of them also have a built-in password generator - providing you with a random string of letters, numbers, and symbols at the touch of a button - and auto complete for fillable forms online.
Three of the best include:
LastPass - Perhaps the best of the best, LastPass is free for your computer (Windows, Mac, and Linux), and it works with all five major browsers. If you want to add mobile support (Android, iOS, Windows Mobile, and Blackberry), that upgrade will cost you $12/year.
Dashlane is available for Windows, Mac, iPhone and Android. Price: $4.99/month or $39.99/year. Gaining in popularity and features.
KeePass is open-source and available for Windows, Mac, Windows Phone 7, iOS, Android, BlackBerry, and Palm OS. It’s free, but donations are gratefully accepted.
Many online services are now offering and suggesting everyone use 2-factor authorization. This is a relatively new security protocol that requires anyone trying to login to have TWO pieces of information - the password and a randomly generated code. This prevents someone from gaining access to your account if they somehow manage to crack or obtain your password.
The code is either sent as a text message to the mobile phone number on file, or by a second-party code generator, the most famous of which is the Google Authenticator (Android, iOS, and Blackberry). This app is installed on your phone, and provides a new random code every 60 seconds. Many online services, including Gmail, Facebook, Twitter, Dropbox, and LastPass, now have Authenticator functionality, and setting it up is a breeze.
Once setup, you will have to enter your password and code every time you login. Your security is essentially doubled. If that sounds like too much hassle (it’s really not), you can also create “safe sources”. This is a list of safe login platforms - your computer, your phone, your tablet - that don’t require the code after the initial session. Anyone attempting to login from another source must provide the code.
A Word On Facebook Privacy
We’ve all been warned to be careful about what we paste on Facebook. From cyberstalkers to potential employers, we need to be mindful and responsible about what we chose to share. Most people wisely change their Facebook privacy settings so that everything is only visible to their approved friends [Gear icon in the top right - Settings - Privacy - Who Can See My Stuff? - Friends].
Here’s the thing, though. You need to remember that you are not the only one posting about you. Your friends may mention or tag you, and unless they also adjust their privacy settings, you’re visible to anyone that goes looking for you via their posts. Speak to your friends to make sure you are protected.
It’s also worthwhile to look at your ACTIVITY LOG. This is a little-known feature in Facebook that can have huge privacy and security ramifications. [Gear icon in the top right - Activity Log]. Every time you post, comment, like, or share anything on Facebook, there is a record of that action. Every single time. Check it out by scrolling down the list, and make note of the privacy icon on the far right of each entry (either Public, Friends, Friends Of [name], or Custom). You can quickly see what is visible by whom. You’ll be surprised.
See also: How to Become a Cyber Security Expert
Remember the motto that nothing is ever truly private on the internet. There are always loopholes, cracks in the armour, and omissions, but by paying attention and taking the proper precautions, you should limit your exposure. Be safe out there.