Tips for Staying Secure Online

Having worked for several years on a Cyber Security YouTube show, and working at companies that have required security awareness training, I’ve picked up some useful information on keeping yourself safe on the internet. These are my own opinions and are by no means a full comprehensive security plan, but they will certainly help you understand where to start.

Don’t Reuse Passwords

Based on the amount of breaches, there’s a chance that a password for at least one of your accounts has already been leaked and is available on a variety of websites that cyber criminals frequent. If you use the same password for every website this makes you vulnerable to a technique known as “credential stuffing” where bad actors can simply try your password on many different websites to easily hack your accounts. You can visit haveibeenpwned.com to see if you have ever been the victim of a data breach.

Most websites now require a password that is many characters in length, with several special characters and numbers required. These passwords, while secure, can be hard to remember especially as the number of accounts you have increases. Don’t let yourself get overwhelmed by this and reuse the same password over and over, instead you can enlist the help of a Password Manager.

Use A Password Manager

A password manager will generally have a user create a master password that is used to unlock access to their list of passwords. For this I recommend creating what’s known as a passphrase. A passphrase is a long password that uses a combination of several common words, along with some symbols if you wish. This article by AVG explains further and recommends a 17 character minimum passphrase:

On top of using a passphrase, I also recommend using some form of two-factor authentication with your password manager. In fact it’s probably best to use two-factor authentication whenever possible with your other accounts as well.

Use Two-factor Authentication

Because it’s possible for bad actors to intercept SMS messages through techniques like SIM Swapping and SMS Routing, I recommend going the route of authentication software or Yubi Key hardware. Authentication software like Google Authenticator works by providing a user with a unique key to enter along with their password. The unique key updates every 60 seconds and is tied to a specific device that ideally only the user has access to, like a mobile phone. Hardware options like Yubi Keys work in a similar way but require users to plug in the Yubi Key to their devices or use things like NFC to communicate with a device.

Keep Your Hardware and Software up to Date

It’s tempting to ignore update messages like this, but try your best to schedule time each week for updates!

But don’t just update the software on your computer, you need to update all of your devices. This includes your phone, your gaming consoles, and probably most importantly, your router. Any device on your network with an unpatched vulnerability could lead to your entire network getting compromised, but it’s important to remember that your home router is where every piece of data goes through.

Unpatched routers are a very common attack vector for bad actors. For example, an unfortunately common router and IoT vulnerability is having port 5555/TCP left open to the internet. Hackers can use botnets and tools like Shodan to scan massive amounts of devices for open ports, and if they find yours is vulnerable it can be trivial for them to exploit it and install malicious software.

So again I can’t stress this enough, always keep your software and hardware up to date!

These tips all just scratch the surface of cyber security and I encourage you to do your own research on how to continue staying safe online. Have any security tips? Let me know in the comments below.

Software Developer and Video/Post Production Professional. Recent graduate of Flatiron School.