6 Ways to Be More Secure Online in 2015
The new year is a great time to reconsider our behaviors. And what better behavior to reflect upon than your online security practices?
Major internet security breaches made headlines in 2014 and the bad-news story looks to continue (and worsen) in 2015.
Consider the following 6 ways to improve your online security:
1. Get a password vault
Who here has more passwords than they can feasibly remember? I see so many raised hands.
Unclutter your mind and forget all of those things (like passwords) that modern necessity forces you to remember. If you can free your mind from the need to constantly recall easily stored and accessed datum like a password, your mind will be free to think about other things – potentially more important things.
Password vaults range in price from free to cheap. If you’re not using one, you definitely should. Here’s a decent review of the top password vaults available.
With a password vault, you only have to remember one password – the key to unlocking the vault. Inside, you can save all of your passwords. Most vaults come with complex password generators. Use this feature as often as you can, especially for accounts you absolutely must protect (e.g. online banking, email, anywhere you store your credit card info). Store your password vault’s encrypted database in the cloud for easy access from anywhere. Make sure you choose a vault that has an associated app for your smartphone so that you can access and manage your passwords on the go.
Separate your work and personal passwords. Most employers require that your work passwords stay safe at work anyway. So, acquire one vault for home and one for the office.
Think you don’t have too many passwords to remember? You’re wrong. You will be surprised at how fast your password vault grows.
2. Stop recycling old passwords
We’re all guilty of recycling old passwords. We do this for convenience, out of laziness, or perhaps we just don’t know any better. It’s pretty clear why recycling passwords is a bad habit: If the bad guys have an old password, it’s easier for them to guess your current password(s).
Consider this scenario:
- You re-use a password for several accounts (e.g. Amazon, Air Canada, Twitter etc.)
- One of those online services is hacked and your password is compromised
- If you had unique passwords everywhere, you would only be compromised in one place (the hacked site)
It’s tempting to re-use passwords if you must remember them all on your own. You know it’s not a good idea, but chances are you are doing it anyway. Stop this practice at once! As security breaches on the web proliferate, you are leaving yourself open to a world of hurt if you don’t change this insecure practice today.
3. Keep your passwords strong
Passw0rd is not a strong password, by the way. Don’t use words, full stop. And, you’re not being sneaky or tricky substituting numbers for letters or vice versa.
4. Change all of your passwords on a schedule
How often should you change your passwords? That’s up to you. While some services require that you change your password every 90 or 120 days the vast majority do not require this. They just can’t be bothered to send you reminders. Do it yourself. Schedule password changes in your calendar to update 20% of your passwords every month, for instance.
Don’t wait until you hear about a breach to change your passwords. Although, you should change all of your passwords whenever any of your subscribed online services are hacked.
5. Use multifactor authentication
Do you use multifactor authentication (MFA) when it’s available? Passwords only demonstrate something you know. MFA enhances your security by requiring that you provide a token (something you possess) and/or a feature of your body (e.g. face, retina, fingerprints). Smartphones are a great enabler to MFA usage. The phone in your hand is an example of something you possess and it’s capable of producing randomly generated and time-limited keys. You can provide this key along with your password when logging in to a site for enhanced security.
I know, MFA is not an option in nearly enough places online just yet, but it’s growing. Services like Google offer it and while MFA is optional right now I’m guessing that we will see MFA become mandatory soon enough (this year?). You might as well start using it now and work it into your routine.
6. Tune up your Security Questions
Frankly, the bad guys (& the good guys) all know your Mom’s maiden name. Don’t use it and don’t use the name of your high school, for that matter. In general, security questions are a weak second line of defense. Mainly because people tend to use the same question/answer pairs everywhere. Also, security questions represent something you know, just like your password. If passwords are guessable, then answers to security questions are too.
What can you do to harden your security questions?
- Create your own questions/answers and add them to your vault. Usually, the questions are canned, but sometimes you will see “create your own” questions.
- Enter gibberish answers when you can’t create your own questions and add them to your vault.
Passwords aren’t going anywhere anytime soon. Here’s a great story that explains why (spoiler: it all comes down to $$$).
So take the time to tune up your security practices this year. The time spent will be minimal and well worth your effort.
Plus, tightening your online security will help you rest better at night. If you’re anything like me, you can’t afford to lose any sleep.