Whether you use your laptop for checking up on Facebook, or your phone for internet banking, all of your data and personal information is only as secure as your weakest password.
Identity theft is huge these days – and the amount of data needed to, say, open a credit card in your name is minimal. In fact, someone could probably get most of it from your Facebook account. If all you have protecting your personal data online is a simple password that you haven’t changed in a few months, then it won’t take some people long to get online and steal your identity – or completely trash your name.
Let’s take a quick look at how you can quickly and easily bolster your personal data security online, and at home. Why not make it your new year’s resolution?
1. Enable two-factor authentication
Two-factor authentication basically makes it harder to access your accounts online. Rather than just needing a password (“something you know”), two-factor requires “something you have”, as well. This can be a code SMS’d to your phone, or a random code that changes every 60 seconds (in an app such as the free Google Authenticator).
This makes things far more secure – because while a password can be guessed or stolen, it’s much harder for someone to steal something physical (such as a phone) from you as well. Websites with two-factor authentication require both; a password and a single-use code that expires not longer after it’s generated – which is, of course, sent to you.
The number of websites that support two-factor authentication is growing every day. Here are a few popular ones;
- Skype / Facebook / Google+ / LinkedIn / Snapchat / Twitter / WhatsApp
- Intuit / Quickbooks Online / Mint / Xero
- Apple iCloud
- Dropbox / Google Drive / OneDrive / QNAP / Synology
- Gmail / Outlook.com / Yahoo
- Google Play
- Origin / PSN / Steam / Xbox Live
- Office 365
If you use any of these sites, then I’d recommend enabling two-factor authentication now. If sites you use request a lot of personal details but don’t employ two-factor, email them and ask for it.
2. Change your passwords & get a password manager
How many of these do you adhere to?
- No two passwords should be the same
- No two passwords should be similar
- All passwords should contain numbers, UPPER- and lower-case letter, and symbols
- All passwords should be longer than 15 characters
- You should change your passwords every few months
Now I bet you’re thinking that it’s going to be ridiculously hard to remember all those passwords …right? Nope! Just download a free tool like LastPass. All you need to do is secure your LastPass account with one really complex password (you could even make it a sentence, like “In 1996 my dog Fido was 50% smaller than he is now!“), and that’s the last password you’ll ever need to remember. Note how my long
password passsentence has numbers, capitals & symbols? Easy!
Once you’ve got LastPass installed on your computer and / or phone, it’s a simple matter of adding your passwords as you use them, and it’ll remember them for you. A few other reason why I love using LastPass:
- You can secure it with two-factor authentication (see item #1, above)
- You can automatically set it to log you out after X minutes, or when you close your browser windows
- It warns you if you’re using weak passwords
- It can change passwords for you automatically (only some websites are supported; others can be done manually)
- It tells you if passwords haven’t been changed in a while (you should change them every few months!)
- It means you can use passwords like 1u5wqgGL!LJ!R4Qghp0$p68WVjegfX without having to remember it …as long as you remember your ONE, really secure passsentence to get in, it remembers the rest for you.
- It generates random passwords (like the one above) for you, with a single click.
- You can securely store credit cards, insurance details & passport information in it, too.
- You can force log-out all of your LastPass instances remotely. A great feature if you think you’ve left it logged in somewhere.
- If you’re travelling overseas and need to use an internet cafe or public wireless network, use it to generate a bunch of one-time (single use) passwords. That way, if someone’s ‘sniffing’ your hotel or cafe’s free WiFi network, they won’t be able to log into your LastPass account with the password they sniffed… because the password expires as soon as it’s used!
- It can fill-in login forms for you.
- You can see when / where it’s been used.
…need I go on? Install LastPass everywhere and secure your passwords today. You can read more about passwords in my other post.
3. Those ‘other’ passwords
When was the last time you changed your phone’s PIN? …or your WiFi password? …or your credit / bank card PIN? When changing passwords, don’t forget about these, too.
The number of times I’ve seen someone’s phone PIN in the reflection of a bus / train window astonishes me. Shield your password, or use a pattern-password (supported on Android & Windows devices).
4. Buy a shredder
If a piece of paper has something identifiable on it – such as your name, address or phone number, don’t bin it – shred it! This is a must – not just for business, but for anyone at home, too. With light-use shredders starting from $just 25 AUD, there’s really no excuse not to buy one.
5. Device timeout / auto-lock
Every device you use – be it a phone, tablet, laptop or desktop – should be locked with a password, PIN or pattern. Ensure the device locks itself after X minutes of non-use or when you walk away. Some smart watches, such as those running Android Wear, can automatically lock your phone when you walk away from it).
6. Secure & audit your social networks
Log out of your social networks, then visit them in another browser to see how much information about you is “public”. If you really need to allowed “friends” (that you don’t know!) to see your profile, ensure they’re in a group that reveals very little, if any, personal information.
Remember: People can do a LOT of harm with just your name & date of birth. Most people publish this information on their social profiles – or, it can be very easy to find – particularly if a bunch of your real friends are wishing you a happy birthday on a certain date… need I say more?
Audit the amount of information you display publically, and ensure those friends that you let see it, are actually people that you know and trust.
7. Have a backup
External hard drives, like shredders, are cheap these days. If your phone, laptop or desktop computer died tomorrow, how much information would you lose? What about phone numbers, photos, messages and other memorable moments? What about copies of resumes, tax records, assignments and anything else you might have stored?
Get an external hard drive and backup your computer or phone now… then put a reminder in your calendar to backup again every few weeks / months …or however long you can handle having to “re-do” any work that was lost between backups.
You can read more about backups in my other post.
8. Pull up others on their lack of security
I once rang my electricity supplier for something-or-other… and, scarily, all they needed to allow me to access my account was my name and phone number. The lady on the phone then proceeded to tell me where I lived (as in, “..and do you still live at 123 XYZ Road, in Sometown?”).
This is a massive privacy issue and I immediately asked to speak to her manager to ask them why the staff member read out my address. Shouldn’t she be asking me for it? Needless to say, I don’t get my electricity from this supplier anymore. If you get the same experience somewhere, pull them up on it!
I could go on for days, but the above is a short list of a few quick things you can do to become more secure. Of course, I’m no expect – but the above are just a few examples that have worked for me & my clients. Remember: Your data is ONLY as good as your weakest password… so get to it! 🙂