Tips for Staying Secure Online
Having worked for several years on a Cyber Security YouTube show, and working at companies that have required security awareness training, I’ve picked up some useful information on keeping yourself safe on the internet. These are my own opinions and are by no means a full comprehensive security plan, but they will certainly help you understand where to start.
Don’t Reuse Passwords
It’s important to never use the same password for multiple accounts. There have been many high-profile data breaches that have made the news in the last few years, and when this happens the affected company will make users reset their passwords. However doing this doesn’t necessarily mean that you’re safe.
Based on the amount of breaches, there’s a chance that a password for at least one of your accounts has already been leaked and is available on a variety of websites that cyber criminals frequent. If you use the same password for every website this makes you vulnerable to a technique known as “credential stuffing” where bad actors can simply try your password on many different websites to easily hack your accounts. You can visit haveibeenpwned.com to see if you have ever been the victim of a data breach.
Most websites now require a password that is many characters in length, with several special characters and numbers required. These passwords, while secure, can be hard to remember especially as the number of accounts you have increases. Don’t let yourself get overwhelmed by this and reuse the same password over and over, instead you can enlist the help of a Password Manager.
Use A Password Manager
A password manager will help you to securely store and access all of your passwords and can also help generate secure passwords for all of your accounts. In this way, they are not only a great solution for keeping yourself secure online but can also help with productivity. There are many solutions for password management like LastPass, 1Password, or Dashlane to name a few.
A password manager will generally have a user create a master password that is used to unlock access to their list of passwords. For this I recommend creating what’s known as a passphrase. A passphrase is a long password that uses a combination of several common words, along with some symbols if you wish. This article by AVG explains further and recommends a 17 character minimum passphrase:
How to Create a Strong Password - That You Won't Forget
So you end up with something like M@5t3Rp@$$w0rd1967. And who can remember that? Well, what if we told you preachy…
On top of using a passphrase, I also recommend using some form of two-factor authentication with your password manager. In fact it’s probably best to use two-factor authentication whenever possible with your other accounts as well.
Use Two-factor Authentication
Two-factor authentication, sometimes referred to as 2FA, adds an extra layer of protection to your account by requiring you to type in a password and then verify your login with an extra step. Common verification techniques include software tools like Google Authenticator, hardware options like a Yubi Key, or simple SMS verification.
Because it’s possible for bad actors to intercept SMS messages through techniques like SIM Swapping and SMS Routing, I recommend going the route of authentication software or Yubi Key hardware. Authentication software like Google Authenticator works by providing a user with a unique key to enter along with their password. The unique key updates every 60 seconds and is tied to a specific device that ideally only the user has access to, like a mobile phone. Hardware options like Yubi Keys work in a similar way but require users to plug in the Yubi Key to their devices or use things like NFC to communicate with a device.
Keep Your Hardware and Software up to Date
While a good password management system is important, it’s also equally important to keep your devices up to date. This doesn’t just include keeping your virus protection software up to date, rather every single piece of software and hardware that you own. These days most devices provide automatic updates, and I recommend leaving these updates turned on so you won’t even have to think about it.
But don’t just update the software on your computer, you need to update all of your devices. This includes your phone, your gaming consoles, and probably most importantly, your router. Any device on your network with an unpatched vulnerability could lead to your entire network getting compromised, but it’s important to remember that your home router is where every piece of data goes through.
Unpatched routers are a very common attack vector for bad actors. For example, an unfortunately common router and IoT vulnerability is having port 5555/TCP left open to the internet. Hackers can use botnets and tools like Shodan to scan massive amounts of devices for open ports, and if they find yours is vulnerable it can be trivial for them to exploit it and install malicious software.
So again I can’t stress this enough, always keep your software and hardware up to date!
These tips all just scratch the surface of cyber security and I encourage you to do your own research on how to continue staying safe online. Have any security tips? Let me know in the comments below.