9 Things You Absolutely Must Do to Keep Your Online Identity Secure
- Posted on August 8, 2012 at 1:08pm by
Guest Post
- Print »
- Email »
This post originally appeared on Gizmodo.
We’ve been reeling a bit ever since Mat Honan was the victim of that ruthless social hack that wiped all his devices. Sure, that was an extreme case. But it’s also one that could happen to anyone, at any time. So we put together a list of the best ways to make sure your internet self—your accounts, your cash, and your information—stays secure.
Fortify Your Passwords
Password strength is vital to your frontline defense. Obviously your password should be a combination of letters and numbers, but don’t stop at the bare minimum. Use uppercase letters in random spots. Substitute numbers for letters. Mash multiple word phrases together. Deliberately misspell those words. Space them out. If you’re feeling particularly hardcore, you can just create a random string of characters. In fact, XKCD’s excellent comic sums this up in a way more eloquent than any words could.
Oh, and for the love Woz, don’t use the same password for everything. Particularly not your most sensitive (read: banking) accounts.
All HTTPS, All The Time
Many of the vital online services (Google, Facebook, Twitter, etc.), allow you to only connect to their servers via an HTTPS connection. This will encrypt any stream of data between you and the service, ensuring that anyone using Firesheep or a packet sniffer on a (usually public) Wi-Fi network can’t glean your login data. Never work at a coffee shop without it.
Secure Those Security Questions
Just the security questions are a backup doesn‘t mean you shouldn’t put the same thought into them as you password. Use numbers instead of letters. Mash entire phrases together into one word. Deliberately misspell things. Or best of all, Kaspersky Labs expert Dmitry Bestuzhev explains, don’t directly answer the security question at all:
The tips are quite simple but effective. Since all social engineering attacks work based on the information of interest for the victim or the information related to the victim, it’s important to provide secret questions with the answers absolutely not related to it.
For example, for the question “What is the name of your first pet?” I would register an answer like sw3SwuTu
When I bought my last car… The vendor provided me with a list of secret questions and I had to provide them with the secret answers they registered in their systems. So, instead of providing real answers I provided a password like the [aforementioned] one. They said I was the first customer to do this and they congratulated me.
…
So, basically the rule is never provide real answers for the secret questions.”
Do a Little 2-Step
Facebook and Google both offer the option of 2-Step authentication when you login, meaning you have to enter a secondary pin number which is generated and/or texted to your phone. It‘s a complete and utter pain in the ass whenever you’re logged out, but it’s also a pretty safe guarantee that no one will be getting into your account without a heavy-duty targeted attack.
Publicly available information is the first way a hacker can get their foot in the door. Few things are tossed around more casually than an email address. Don’t give potential hackers a starting point, especially if you use the same login info across multiple sites (which you shouldn’t be doing in the first place!). Instead, create an email address that as few people know about as possible that you use only for account log-ins.
Also be sure to delete any emails that include passwords whenever you register a new account or change login info on a service.
Unlist that Google Voice Number
In the same vein as employing a low-profile email address, consider having a Google Voice number you only use for online accounts that require a number. When Mat Honan was hacked, his phone number was one of the pieces of info the hackers gave Apple customer support to gain access to his account. Having a low profile phone number associated with your online accounts will keep hackers one step further from your personal info.
Manage Your Passwords
A a password manager, such as 1Password, is your best friend. Not only will it automatically enter your complex passwords for you, but should anything go awry, it will allow you to quickly know what accounts you need to change. Wanna know which managers are the best? We have a list here.
Facebook will allow you to receive a text message anytime an unrecognized IP address logs in to your account. You may not prevent a hack, but if you act quickly enough, you can remotely log them out and re-secure your account before they get their hands too deep into your business. Gmail is also set by default to alert you if it notices anything particularly strange with your login activity.
Tie Up Those Loose Ends
There are also little things which may seem obvious, but are still worth mentioning:
- Keep your card info offline: Amazon may have closed its CC security hole, but the fact remains that having your card in a site’s system can be the difference between a full bank account and an empty one.
- Put passwords on your devices: Even if you’re not prone to losing your phone or laptop, it‘s good to keep a password or PIN on them since you probably use desktop clients and have websites that you’re perpetually logged into from your mobile device. You get drunk and lose things. Things get stolen! Don’t make it easy for whoever ends up with your gear.
- Keep an offline backup: The cloud is great, but just like your personal hard disks are prone to failure, the cloud is prone to a security breach. All the latest operating systems have made it painfully easy to keep a current backup of all your files, so buy a durable, affordable external drive and back everything up at least once a week. That way if cataclysmic bad does happen, you don’t have to start from scratch.
- Don’t link your accounts. Yes, linking your Twitter to your Facebook to your Klout to your Hotmail to you Netflix and back to your Twitter makes things wonderfully convenient. But when one service gets hacked and has a bunch of linked services, you’ve just opened the flood gates. This isn’t preventative, but it’s crucial for damage control.
And while this will get you on the right path, there’s obviously no single way to skin this cat. We’re curious what are your favorite security tricks? What are your favorite features specific services provide? Let us know.
Comments (40)
Sign In To Post Comments! Sign In
Popular Stories
MSNBC Host Snaps in Heated Segment: ‘What in the World Is Riskier Than Being a Poor Person in America?’ 679 Comments
Does Misstated Marathon Claim Prove Paul Ryan Is Dishonest? (POLL) 635 Comments
‘Jumah at the DNC’ Speaker: ‘Muslims Visited America Prior to Columbus’ & ‘It Was a Muslim’ Who Guided Him to the ‘New World’ 523 Comments
Obama: RNC Like Watching ‘Black-and-White TV’ Because Romney ‘Did Not Offer a Single New Idea’ 360 Comments
Have You Seen the Giant ‘Sand Obama’ Sculpture in Charlotte? 311 Comments
Faith
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 134 Comments- Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More
- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 184 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 146 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 300 Comments
Scathing New Ad Capitalizes on Rep. Ryan‘s ’Fading Obama Posters’ Remark 124 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 134 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
anothercomment
Posted on August 14, 2012 at 5:22pmI have so many passwords for each and every separate account (basically word salads with caps and numbers) I need an A-Zed file to look them up. I should have been paranoid long before some a## began stalking my Facebook page, (and yes, I only put the very basic ID info in the profile) and now I find I am ‘less employable’. Then I found my screen saver from my desk top as well as a password from one of my accounts used as a blogger’s ID on GB’s web site. (yea, you dip, you know who you are). Beware, you are not safe online, and I have the creep(s) to show for it. I have worked to stay safe online, and the due-diligence to prove it. I don’t link accounts (even as much as Verizon Wireless, Blackberry, Facebook, Google, etc. really, really want to ‘help’ you to do.) And I realized too late that you never, never answer security questions with real answers. Furthermore, block, block, block. – turn off auto Active-X downloads – except with approval. I change passwords and security question so often, I have to date the changes. But probably worst of all – remember any one that wants info on you can find it – people you casually know are the best source. I’ve even had my HR file sent out with just a photocopy of my signature. AND remember anyone who collects info on you, can and will, send out damaging information about you as well.
Report Post »Arshloch
Posted on August 9, 2012 at 12:43pmJust find the hacker and hack its fingers off. That stops the hacker and, after a few occurances, the other hackers will find another pass time.
Report Post »DRAGONSEED
Posted on August 9, 2012 at 12:44am10. Do NOT use google for anything.
11. Hound TheBlaze until they clean up some of the relentless, ubiquitous scripts and snoops on their own pages…(especially those from google, a/k/a 1e100.net… WHY are they needed???
Report Post »65Plus
Posted on August 9, 2012 at 8:15amixquick provides searches that are private, and through Proxy, secure.
Report Post »Meyvn
Posted on August 8, 2012 at 6:04pmUnplug. Use cash or barter.
Report Post »DRAGONSEED
Posted on August 9, 2012 at 12:46amRight! LOL.
Report Post »Bikkiboo
Posted on August 9, 2012 at 9:32pmDon’t do that much on line. I have e-mail, and I use Google to search for info. I have no idea what the big deal was with “your Google account” problems because as far as I know, I don’t have one. Nor do I use Twitter or Facebook. They seem to be a big waste of time. I guess in this case, computer “ignorance is bliss”, since you don’t use it enough to have these problems!
Report Post »exblackbird
Posted on August 8, 2012 at 2:11pmgood stuff
Report Post »stephenb.net
Posted on August 8, 2012 at 4:04pmSteal my identity and you’ll be begging to give it back in a week.
Report Post »lukerw
Posted on August 8, 2012 at 2:10pmThe desire for Security leads to Paranoia…. and destroys FREEDOM!
Report Post »grimmjsb
Posted on August 9, 2012 at 12:13am@Lukerw technically your right however if you stop to realize that some security is good (i.e. ones that don’t take away rights) like the right to carry a firearm that provides more security. These suggestions are fairly simple and do not hinder your ability to use the internet. And there not paranoid.
Report Post »soysauce
Posted on August 9, 2012 at 3:55pmIs it still paranoia when the bad thing actually happens?
Report Post »HorseCrazy
Posted on August 8, 2012 at 2:06pmneeded that secret email tip, all the other stuff I do. good info
Report Post »abunchofbullshit
Posted on August 8, 2012 at 1:49pmI use ‘glenbeckstheman’ if you want to break in and steal all I don’t have, especially my bills!
Report Post »DimmuBorgir
Posted on August 8, 2012 at 2:17pmI always say that too, let someone steal my ID and see what happens when they try to get a loan with my name. :P
Report Post »Wango
Posted on August 8, 2012 at 6:13pmPride in failure – the root of tea party angst.
Report Post »Rothbardian_in_the_Cleve
Posted on August 8, 2012 at 1:40pmY’all should read Blacklist by Thor. Crazy. There is nothing you can do to protect yourself. Unless you live like Grizzly Adams. (yes, just dated myself…whom i kidding anybody could date me with a keyboard and an internet connection…ha)
Report Post »txdave22
Posted on August 8, 2012 at 5:20pmVITTER FOR VEEP!!!!!!!!!!!!!Are you and rubio and other senators FOR OR AGAINST ADULTERY AND BREAKING THE COMMANDMENTS? You never say a thing about vitter, admitted adulterer, whoremonger. Can we assume adultery so ordinary among pub politicians nothing needs to be said? Sen Ensign’s resignation after aduterous affair last year would seem to suggest adultery rife in the GOP. What do you say?What does romney say, rubio, ryan? Nothing. So, if you don’t speak against gay marriage, you must be for it. If you don’t speak against ADULTERY, WHOREMONGERING, WHICH VITTER ADMITTED, you must be for it. That is not a stretch, logical.
Report Post »hi
Posted on August 8, 2012 at 1:19pmWhat if my password is “password?”
Report Post »DimmuBorgir
Posted on August 8, 2012 at 1:26pmHI, I’m a prince from Kenya and I want to give you 10 bajillion dollars. I just need $1000 us dollars to help with the taxes.
Report Post »Bloody Sam
Posted on August 8, 2012 at 2:01pm“Wow! That’s the same combination I use on my luggage!”
Report Post »JEANNIEMAC
Posted on August 8, 2012 at 2:10pmMillions of people use “password” as their password.
Report Post »CapitalismWorks
Posted on August 9, 2012 at 12:50pmSorry, but millions of FOOLS use “password”. Even something as simple as “drowssap” is better.
Be creative. Never use the same pw twice. Here’s one part of a simple trick I use – I created a simple and easy to remember algorithm that includes a certain characteristic of the web site I am logging into to generate my pw for that site. No need to memorize or record unique passwords – just thinking through the algorithm inserting that characteristic quickly and easily computes the pw I use for only that one particular site.
Report Post »lylejk
Posted on August 8, 2012 at 1:18pmDon’t Facebook and you will be fine. But, they say you are considered a psychopath if you don’t Facebook, so I guess you can call me a psycho. lolol
http://personalliberty.com/2012/08/08/daily-mail-only-psychos-avoid-facebook/?eiid=
Report Post »DimmuBorgir
Posted on August 8, 2012 at 1:25pmNever had a facebook, never will.
I read an article about ways the internet could die off. One of the topics was facebook and the linking of every damn account using facebook to log in with.
Report Post »AvengerK
Posted on August 8, 2012 at 1:34pmAgreed SHAGRATH….
Report Post »Locked
Posted on August 8, 2012 at 1:40pmYou‘re not a psycho if you don’t facebook, but you are considered less attractive to hire by most companies. They figure that you’re either paranoid, don’t understand how to use technology, or have some experience with it in your past that you feel you need to cover up by deleting your old facebook information.
Report Post »DimmuBorgir
Posted on August 8, 2012 at 1:51pmI totally Disagree Lock.
One of the reasons I don’t have one is employers wanting to look you up now.
Report Post »yiska8
Posted on August 8, 2012 at 1:52pmNever Facebook. I never got into it, never signed up and I don’t twatt either.The only psychos here are those Facebookers and twatters that have to post every little detail about their lives for the entire world to see. A lot of people are going to regret how badly their info has been sold,manufactured, or reused when that annoying little lib creator Zuckeburg finally has to fess up and admit that people’s “private setting” doesn’t mean anything at all. Scary.
Report Post »DimmuBorgir
Posted on August 8, 2012 at 1:53pm@ AVENGERK
it‘s so nice to see someone who knows Dimmu Borgir and doesn’t just google them to lable me a satanist who listens to crappy music.
Report Post »Edohiguma
Posted on August 8, 2012 at 1:55pmFacebook itself is not the issue. Stupid users planting their entire life onto it are the problem. I have facebook. None of the info I provided is correct. My friends know the truth, anybody else doesn’t need to know.
Report Post »Locked
Posted on August 8, 2012 at 2:00pm@Dim
Sorry, I can only tell you what every employer in a major corporation has told me. Your run-of-the-mill mom and pop won’t do it. Any publicly traded company? You’re shooting yourself in the foot if you refuse to keep up to date with global trends; and facebook is one of the biggest.
Report Post »DimmuBorgir
Posted on August 8, 2012 at 2:10pm@ locked
I work for an international company that I can pretty much guarantee produces some products in your office or home. I‘m also in IT so maybe they don’t need me to have a facebook to know if i can use a computer.
But shooting myself in the foot if I don’t get a facebook?? That’s a bit much. It‘s not like I’m sticking with cassette tapes to jam out to because i’m afraid of technology.
Report Post »Anonymous T. Irrelevant
Posted on August 8, 2012 at 2:17pmExactly, ED
Report Post »Just because the service asks a personal question doesn’t mean you have to give a correct answer. Any answer will do.
DimmuBorgir
Posted on August 8, 2012 at 2:19pmAlso, facebook is just as much of a global trend as MySpace was when it started.
Report Post »lylejk
Posted on August 8, 2012 at 2:25pmYou are among the savvy if you post at places like the Blaze. All Facebook does is make it simpler to get hijaaked (both virtually and actually). Several idiots have already had house break ins because they stated that they are going on vacation and such. Only true idiots blasts their behavior for others to take advantage of them. I’m literally spieled all over the WWW, but in such a chaotic distribution that it will be a chore to try to figure me out. That’s the way I like it. lol
:)
Report Post »DimmuBorgir
Posted on August 8, 2012 at 2:30pm@LYLEJK
Dont forget about the geniuses that brag about their crimes like it’s their own personal journal and then get all “privacy” crazy when the cops knock on their door.
Report Post »DimmuBorgir
Posted on August 8, 2012 at 2:37pmremember when it was being called the “Information Super Highway?”
Report Post »lylejk
Posted on August 8, 2012 at 2:51pmYou are right about the criminals braggarts too DIMMUBORGIR; actually glad that Facebood’s around for them. lol
Yes, I remember the Information Super Highway. lol
Still the WWW (all kinks of acronyms come to mind with these characters; lol) is the preferred way I thing of the internet. :)
Report Post »Melika
Posted on August 8, 2012 at 6:20pmI think what Locked is saying is, go ahead and open a Facebook account and just fill it with a bunch of PR crap so you can get hired by the morons who think everything on the internet is true and don’t think your work history is all that important. Of course, if you are a tech-savvy intelligent person, you’ll have to ask yourself if you WANT to work for such a moronic company, but that’s neither here nor there. The important thing is that you appear to be a drone like everyone else.
Report Post »