What’s your identity worth to you?
Just a few months ago, Yahoo! stated that over 500 million of their user accounts had been hacked and that in an earlier instance, over 1 billion accounts had been stolen. Verizon had account information stolen from over 1.5 million customers. LinkedIn had email and passwords to over 117 million of their users stolen, then posted online. Dropbox had over 68 million logins and passwords compromised. The adult dating website, AdultFriendFinder.com had 412 million of their user’s personal information stolen.
Hacking is in the news nearly every day and people constantly reach out to ask me if their information is safe. Are they at risk? What can they do to be more protected? Should they get a VPN or use Tor?
The best thing to do is to start simply. Begin with your passwords. Do you have good passwords on your accounts?
Now, I’ve been doing this for over 25 years. You’d think that there’d be very little that could surprise me after all this time. You’d think that with people being online since the 90’s that they’d know what a good password is and how to keep their passwords private and safe.
So when someone comes to me to ask for professional advice on how to keep their accounts safe, you’d think they’d know at least the most basic rule of account safety; don’t share your passwords with anyone.
However, when I ask them that first question; “Do you have good passwords on your accounts?” and they tell me ‘Yes, I use Fluffy123! for all of my accounts with my email address as my login!’ My head nearly explodes from the screaming of my inner voice urging me to smack the stupid out of them. Oh how I want to listen to my inner voice.
But, instead of listening to my inner voice goading me to cause physical harm, getting me into trouble, I’m going to draw a line in the sand, first with a declaration: There is no such thing as a completely secure account or computer. Period. And even if there was, you wouldn’t be willing to do it.
You know how I know this? Because people complain that their passwords are too complex as it is. They don’t want to use as many as eight characters in their passwords, nor use numbers, nor to have to use a special character. They don’t want to change their passwords every 30, 60, or 90 days, and they want to reuse old passwords. They don’t want to be bothered with having to put in a number they get texted with when they login with 2FA (two factor authentication).
You’re right. It sucks and it’s annoying. You know what else? Too bad.
Your data is only as secure as the level of effort you’re willing to put into it.
I get it. It’s a pain in the ass to remember all your passwords. I have to go through it too, just the same as you do. But it’s really not that big of a deal. So in an effort to help you get past the stress of trying to figure out how to secure your information, here are the things I do to help protect myself against hacking. Just remember, if you think it’s stressful to remember your four, six, or dozen accounts, keep in mind that in my job, I’ve needed to keep thousands of accounts secure.
Here’s some tips I use to help me with securing my accounts, creating good passwords, remembering them, and how to make sure my data is protected.
Tips for passwords.
- Use an acronym from a memorable and personal statement: ‘I will be Vice President when I’m 35!’ Translates to: IwbVPwI35!
- Use a Password Manager. I use 1Password from agilebits.com. Use their password generator for even more complex passwords, that you won’t have to remember yourself.
- Use different passwords for each account. This is where a password manager is helpful. If your Yahoo account gets hacked and people get the password, then they potentially can get your Visa and other banking passwords.
- Never write your passwords down.
- Never tell anyone your passwords.
Tips for access control.
- Always have a password on all your devices: your phone, smart watch, computer, EVERYTHING.
- Make sure that all your devices (computer, phone, smart watch, everything) locks automatically when turned off, removed from your wrist, or when the screen saver turns on (which should happen automatically within 10 minutes or less).
- When possible, use biometrics (fingerprint reader) on your computer or phone. This just makes things easier when you have complex passwords.
- Never use your work email address for personal accounts like LinkedIn or Facebook. Read why here.
- Use 2FA (two factor authentication) — ALWAYS! Here are just a few sites/apps that already provide 2FA: Google/Gmail, LinkedIn, Dropbox, WordPress, Apple, Microsoft, Facebook, TeamViewer, MailChimp, Amazon, etc. And more and more every day.
- Backup your data, always, and with multiple methods. (e.g. cloud storage [e.g. Google Drive, Dropbox], cloud backup [e.g. Crashplan.com], and off-line backup (e.g. removable hard drive), etc.)
- See my post with more tips on how this can help you recover from a ransom-ware attack.
Do you have some tips or a story to share? Did you or a friend have this experience? Would love to hear your thoughts in the comments.