It is a common misconception that to be secure online, expensive software and systems are required or people ask “why would I be a target, I have nothing to hide.”
It is not expensive to vastly increase your online security whether for yourself, your family or your organization. It is basically a matter of policy.
And even if you have nothing to hide and no need to worry about security, try talking to some folks that have had their identity stolen. Learn what is like to spend years rebuilding a life that has been compromised, flagged and blocked from getting credit, loans or even a flight abroad.
What is involved in creating a policy to stay safe online and implementing it?
2. Two-Factor Authentication
3. Virtual Private Network
4. Paid Anti-Virus
5. Email Aliases
After spending a few minutes to read through this list, it can take anywhere from a full day for an individual or weeks for an organization to break bad habits and implement a policy that focuses on security and privacy. I think everyone that uses the internet should do this, as well as increasing your online security and privacy, it will also save you time. By implementing a policy like this it will save you time, you will have more time so I am essentially saving you life. Now read my tips and then you can start to think about how to add it to you life, improve your online security and save yourself time.
If you are doubting how much time this will save you think about how long you spend tapping a password into a login box, may be you need to do it several times. After several attempts perhaps you give in an go through the account recovery process. This is because you are doing passwords wrong.
Even though we are almost into 2020, many people are still not doing passwords right. And that is with a password manager, which is software that is used to remember all your passwords. The fact is, human brains cannot remember strong passwords, random characters and numbers that are long and unique. Writing them down is not a secure option, also time consuming, having the same password is too risky, just check Troy Hunts tool
to find your overused password publicly available on a dark web paste or breach.
Your passwords you use should follow these rules:
- They should contain a mix of uppercase, lowercase, special characters and numbers
- They should be long ideally over 30 characters if allowed*
- They should be unique
- They should not contain any words
- You should not be able remember it
*many services like the banks here in Canada still only allow short 6 or 8 digit passwords.”
The only way you are going to get by using a password like without going crazy, is by using a password manager. Some object saying, what good is it putting all my private passwords in one place, I understand the objection although these passwords managers are designed to do one thing, and that is keep your passwords safe.
Using a unique password for every service may seem crazy to some. It’s not and soon it will be almost be a requirement. Thanks to the excellent work by leading cyber security expert, Troy Hunt. There is now an API available that allows websites to inform users if a password has previously been exposed on a data breach. This then forces the user to use a unique password. But what about a unique email address? Most people cannot keep track of their unique passwords. This they cannot be blamed for this as very few human beings are capable of remember both secure and unique passwords. Our brains are simply not designed to do this. The solution here is simple, a Password Manager. While the idea of a using a Password Manager may not instill confidence in people that already have a hard time remembering passwords. This is a common misconception. The password manager will allow you to only have remember one password. No more remembering multiple weak passwords of past pets or street names. Your old phone number that has existed for the last 6 years on the dark Web, no longer has to be your password. With a Password Manager at your service, no longer do you have be scared of those 16 digits passwords, or longer.
Another thing I see which is a terrible security practice is saving passwords to browsers. This is far more insecure, especially when using a browser like Chrome, run by a company that openly shares sensitive information with various third parties
Setting up a password manager may take you a full day (if you have a lot of passwords), resetting passwords and automatically saving them to the manager. But the time to be gained is far greater, for example, now that I use a password manager, I never have to spend my time waiting for a password reset email to arrive or tapping every password I may have used into a login box. I now the password manager to automatically log me in. Dan Arel from Think Privacy has put together a transparent and trusted list of recommended password managers
. Here at Thexyz I often recommend Dashlane
and offer a 6 of free service through our special offers page
2. Two-Factor Authentication
Although many services support Two-Factor Authentication
it is used by less than 28% of people who use the Internet. In early 2020 we are starting to see many services require 2FA. Those left unsure about what 2FA is, may soon find themselves locked out of using many services on the internet, or forced to enable 2FA.
What is 2FA and how to enable it? Authy have also written a great intro into 2FA here
I am not going to go into too much detail about what two-factor authentication is or why should you enable it, you can read that here
. The short answer is this should be enabled and if you are not already using 2FA, you really should. It often increases the security of a login by around a 1000%. To enable 2FA you will need a 2FA app, I recommend Authy although Google and Microsoft both have secondary factor authentication apps.
I like Authy because it can be installed on both your desktop and mobile device. Using Authy over a service like Google also prevents sharing of your private data with a company that has a poor track record when it comes to protecting people’s privacy.
Two factor authentication has been available for several years, it is rarely however required and instead offered as an optional feature. This policy has lead to a low adoption rate of 2FA. I believe many services see less than 10% adoption rate unless 2FA is made mandatory.
In the coming years, we expect to see more services adopt a stricter 2FA policy and as services begin to roll-out mandatory second factor authentication, people risk being locked out of online services if they fail to embrace a 2FA solution.
To get started with 2FA, download Authy on your Android, iPhone, Mac or Windows device.
You can then start enabling 2FA on your logins, it is a great time to do this when you are already setting up your password manager.
3. Virtual Private Network
As many as one quarter of internet users around the world use VPNs, according to a survey from Global Web Index
. With content becoming restricted based on your location, extensive data tracking from service providers and other privacy concerns. It is becoming increasingly important to use a Virtual Private Network (VPN) when connecting to the internet.
This is also worth enabling when using internet a shared location, like a coffee shop or airport.
With a VPN
, it’s true your ISP may no longer have access to your browsing data, but the VPN provider now does. Some VPNs even sell that data
to third parties, just like your ISP may or may not do, so in that way you could be right back where you started. That’s why you should be especially cautious of “free” VPNs. Those services still have to make money, and chances are your data is the primary revenue source.
4. Paid Anti-Virus
Many people rely on free Anti-Virus or protection that comes pre-installed on a computer or device. This is simply not enough for the current, ever growing threat landscape that in 2020 we can expect to get even weirder and more sophisticated. People that pay for anti-virus get a better list of virus definitions that is updated sometimes weeks faster than on free anti-virus.
Often thought of like email, why pay for something that you can get for free? Just like free email services, free anti-virus may include adware that allows the vendor to distribute the software without cost. This software can re-write configuration files on a device and leave a user vulnerable to viruses. It was also recently discovered that many anti-virus apps in Google Play
, actually do not provide any protection. When it comes to selecting an Anti-Virus vendor, you have to be able to trust the service. On servers, and computers and mobile devices I setup for people, I always recommend ESET. I don’t just recommend because of a partner relationship, they are actually really quick and the first vendor to discover and patch some serious security vulnerabilities.
5. Email Aliases
Your main email address is often used to login to various services. When a breach happens, hackers can attempt to login to the email account first to lock the user out and gain access to other online services. If your username or email ID is not an actual email account, then this solves this problem as a hacker cannot guess what the real email is if they only know the alias.
Using aliases also helps with spam and bacn, no, not that bacon, all those unwanted newsletters filling your inbox. Also, if for example your alias email ID is involved in a breach or suddenly starts getting a lot of spam, then you can simply shut the email alias down and change it to something else.
Another way aliases can be useful, is when you need to receive an email from someone or somewhere but are hesitant to give your email address. If you give out a more disposable email alias instead, you get the email and can then later easily terminated.
Email aliases are easy to setup
and a great way to protect your real email address. With almost 10 billion pwned accounts in the Have I been Pwned database at the time of writing this, it is easy to see why using an alias is a good idea.
Spread the word
People are often overwhelmed when it comes to protecting themselves online. Online security doesn’t have to be hard. A common objection I often hear is the “I have nothing the hide” stance. This is when I introduce Troy Hunts: Have I been Pwned tool
, which lists every email address and password exposed in a data breach. If you haven’t already, check it out. You can feel safe entering your email and password into the tool as it doesn’t save them. It might also provide the needed motivation to complete steps 1 through 5 and take control of your online security.