If you have one New Year’s resolution this year, let it be to get on top of your online security.
We all have so much information about us stored online these days – whether it’s financial information, private messages, or family photos stored in online albums. And we all have a part to play to try and ensure that all this data remains as secure as it can be.
So I thought I’d share the my top 4 things that everyone should do – and best of all, it doesn’t take that much effort or time to set up.
1. Don’t reuse the same password for everything
It’s not uncommon to have hundreds of different user accounts – and it’s tempting to use the same password for them all. After all, who can possibly remember a different password for each online service?
Well if you use the same username and password for everything, then it only takes one online service to be compromised and then the hackers will be able to use the same login details to access all your accounts!
That’s where password managers come in. They can help generate strong – and crucially, different – passwords for each online account you have, and then store them securely.
I use a service called bitwarden, which has the benefit of being open source, and also free to use for personal use.
2. Enable two-factor authentication
The idea behind two-factor authentication is that someone needs two things to be able to login – the two things often being something that someone knows, and something someone has. The something they know is their password, and the something they have is a device that can give them a one-time use code.
One of the most simple implementations of the second factor is a code that sent via SMS to your mobile. The concept being that someone trying to login to your account would have to know both your password and have access to your phone. This approach does improve security, but it’s not without it’s flaws. There have been documented cases of hackers bypassing this security by convincing mobile providers to divert SMS messages to a different SIM card – referred to as SIM-swap attack.
To improve security, instead use an authenticator app on your phone that can be used to generate second factor codes that typically change every 60 seconds. There are few of these apps – good ones are Google Authenticator or Authy – and they all have the advantage that they work even when there’s no mobile signal.
But for the best level of security it’s recommended that people use a USB security key. One of the most well-known manufacturers is Yubico, which sell a range of USB keys that need to be plugged into a computer or mobile phone before someone can login to an account.
3. Install software updates
Computers and mobile phones get frequent software updates that deliver new features, and crucially bug fixes for security flaws. So it’s important that you frequently check for these updates and install them.
You might be tempted to ignore the frequent prompts to update your software, because it can be time consuming and inconvenient. But it’s best practise to keep all your software, from your computer/phone operating system, web browser, or other programs and apps up to date – and help protect against security vulnerabilities.
4. Lock your mobile
We all have dozens of apps installed on our mobiles that give access to our personal information, and many of them don’t require someone to log in to access that information.
So if someone gets access to your phone if you lose it, or it gets stolen, then they can get straight into your email, your photos, your documents, and maybe even things like your medical information.
So it’s important to lock your phone. Yes, I know it’s a pain to have to enter a PIN or use the fingerprint unlock every time you want to check Instagram, but it’s worth it to protect your personal data.