 |
| FreeDigitalPhotos.net |
There have been a number of high profile online security issues over the last few months with the most significant being the so called 'Heart-bleed bug' (www.en.m.wikipedia.org/wiki/Heartbleed) which struck at the heart of internet security.
Chances are however that unless you're into this kind of thing you've probably never heard of it. Put simply, the security of a lot of internet sites wasn't watertight and information about you and your log-in were 'leaking' and if someone chose to take advantage, with the correct knowledge and skill, they could steal usernames, passwords and other information you'd rather they didn't have.
So with this and other high profile hacks of late, what can you do to protect yourself better? Well here are three simple rules to help get you started:
Rule #1 - Don't use the same password or variations of it as your log-in for multiple sites and accounts. No seriously, don't, stop it!
Rule #2 - If your password is too simple. make it complicated. If it's still PASSWORD or 1234 then you've got a real problem.
Rule #3 - Change your passwords every year or even better every six months.
And now the magic of 2-factor authentication. Most large and popular websites have some kind of option to enable this feature and a quick search using their help button or a look on their forums should point you in the direction of how to set it up. Once it's done - it's done, so please don't panic if it seems complicated or a bit of a faff. If your online account gets compromised you'll be glad you sorted it.
2-factor authentication is an extra layer of security and peace of mind. When enabled it works this way: You log-in to your online account and then, beyond just entering your username and password, you will be asked for (generally) a 6-digit code. This code is unique and will be different every-time it is asked for. (This is pretty much the same way that a lot of bank log-ins work if they have sent you a little device that looks a bit like a calculator and generates a unique number to get you access to your account.)
You won't need a calculator looking device for every site and account you want to enable 2-factor authentication on - the ubiquitous smart phone can now function as this quite happily and if you don't have a smart phone the majority of websites also enable the same thing within a browser window. You also won't be asked for this again if the site recognises the browser and computer it is being used from, this is true of most websites and, unless you ask it to challenge every-time, will stop it being too intrusive.
This helpful website: www.twofactorauth.org, has a useful list of companies that have enabled 2-factor authentication (plus those that don't so you can badger them!) and links on how to set it up for each one.
Going back to those rules I listed above, the most common excuse to break them is simply that we all now have lots and lots of usernames and passwords to remember. Let me encourage you to add to your use of 2-factor authentication the use of a password manager which does all that remembering for you, all you have to do to is remember one password (which isn't 'PASSWORD', right?) to get access to all the others. As you won't use this password anywhere online, or write it down, unless someone can hack your brain it should be pretty safe.
Personally I have started using 1Password from a company called Agilebits (www.agilebits.com/onepassword). It comes strongly recommended from most folks in the tech world and I must say, since using it my online life feels a lot more secure. I've actually not got a clue what my online passwords are now as I rely solely on 1Password.
Please follow the link above for more information, but I'll quickly list some of it's key features:
- Password Generation. 1Password will generate the most complicated random passwords for you to then use with your online accounts and websites. It will generate passwords up to 30 digits long with a mix of letters, numbers and symbols.
- Cross Platform Support. Android, iOS, Windows, Mac and all the major browsers are supported. With helpful plug-ins you'll never be more than a few clicks away from autofilling the correct log-in information.
- Weak / Duplicate Passwords. As you gradually begin to work with 1Password it will let you know whether any passwords you presently use are weak or repeated and it will encourage you to change them.
- Time. It will keep a track on when you last changed your passwords, enabling you to keep on top of any needed changes.
- Warnings. It will warn you whether any websites you use have been subject to any attack where usernames and passwords have been leaked and will encourage you to change them. If you visit the 1Password website you'll also find regularly updated information concerning all the latest news to do with web security and vulnerable sites (for example it warned me which sites I used had the Heartbleed vulnerability and encouraged me to change my password etc).
There are number of other features (beyond just password managing) which make this a fantastic app to install and use. It isn't free and there are different price points depending on platform, but then how much do you value your online security?
I hope this post is helpful. If you have any questions or other recommendations please comment and add to this much needed discussion of how to protect our online lives better!
No comments:
Post a Comment