3 Tips For Better Online Security & Privacy
Online security & privacy is more important than ever. Here are 3 tips for increasing your online security and to help you form good online privacy habits for the future.
Tip #1 – Use A Password Manager
Using a password manager will enable you to create significantly stronger passwords than you can possibly remember (thus increasing online security for the websites you frequent). Instead of your Facebook password being “MyCats88” it can be “aSd89fu43&480245fa4ncudXN84f2…”. This really is important if the website you use ever gets hacked!
What Is Password Hashing?
Most (hopefully all) websites store usernames and passwords using what’s called a “One Way Hash”. This means that they take your username and/or password and run it through an algorithm so that it can never be reversed or decrypted.
Whenever you log into a website (aka, “authenticate”), it takes your username and/or password, runs it through this “One Way Hash” algorithm and compares the resulting hashes together to see if you’ve entered the correct information.
Generate Complex Passwords
If your password hash is ever stolen from a website, it’s only a matter of time until someone “cracks” (finds the original, plain-text version) your password. The longer and more complex your password, the longer it will take an attacker to crack your password hash. Unfortunately, we’re not robots and cannot remember 64+ character passwords easily, especially a unique complex password for each website or service we have. Fortunately, this is exactly what password managers do.
Which Password Manager To Use
Ultimately, you can just Google around for “password managers” and test out a few, but we personally recommend either KeePass or LastPass. Keep in mind, all of your passwords will now be within the software you choose as your password manager. This means that you really need to guard your list of passwords.
Both of those recommended applications allow for various ways of doing this and most people choose the basic “master password” scheme (defining a password to protect your passwords). This is adequate for most people assuming you store your password database/list on a device that has some security already in place (anti-virus, firewall, and a computer password/fingerprint scanner). If you end up needing hardcore security, go with Two-Factor Authentication (this means that you will use “something you know”, such as a password, and combine it with “something you have”, such as a secure USB device or your smartphone). I recently wrote an article on doing this called Using KeePass With Two-Factor Authentication.
Tip #2 – Encrypt Your Personal Data
That file on your desktop with your bank account details? Up for grabs. All those naughty selfies in the folder on your computer marked “Private”? Probably not. Everything you have saved to “the cloud” (Dropbox, OneDrive, Google Drive, iCloud)? Already copied.
Sensitive information should be encrypted; End of discussion. With advanced viruses and spyware running a muck, it’s purely reckless to leave important data without any protection from prying eyes. If you’re not familiar with the recent string of Apple iCloud hacks, educate yourself here.
Which Encryption Software To Use
We recommend BoxCryptor and Axantum (Windows only). BoxCryptor protects all of your data stored in the cloud and on your computer using advanced, modern encryption techniques. There are several major advantages to storing your data in the cloud and to say that security only applies to files not in the cloud is simply wrong. Axantum will protect individual files on your desktop and is open-source and trusted.
My personal philosophy on data security is to assume your data will be stolen and that it is absolutely necessary to encrypt all data to prevent the real data from being exposed after theft.
Tip #3 – Remove Personally Identifiable Information
Not sure you need this one? Enter your name at Spokeo or Pipl and see what it finds. HaveIBeenPwned is another site but this one is dedicated to checking if your online accounts are known to have already been hacked.
Everything you put online about yourself should be considered public knowledge the second you submit that information. Fortunately, a lot of sites are often required to delete information that you remove from their service after a certain time period. Good practice going forward is to simply not put your full birth date, home address, or any other identifiable information online unless you deem it strictly necessary.
Remove Unused Accounts
Chances are, you have some accounts that are just collecting dust (but still publicizing your information) and can be removed. The sites Account Killer and Just Delete Me have collected how to remove yourself from popular services in an easy-to-use website. The services listed above can also help jog your memory of sites you signed up for long ago but have forgotten about. I’d also urge you to search your email inbox for strings such as “activation” or “confirmation” to look for sites that sent you a welcoming email when you joined so you can figure out what you’ve signed up for.
Limit Information On Your Accounts
Ok, so now that you’ve narrowed your online account list, it’s time to update your accounts and minimize what you expose there. Unfortunately, there’s no all-in-one guide to doing this (at least, not that i’m aware of), so you’ll need to go to each service and update your profile and account details. Remove everything that is not strictly required by the service! If you need help with a specific service, please comment and I’ll do my best to help you out.