General tips for Internet Security
Click play to LISTEN to the article below
After last week’s mandatory password reset announcement, we thought it would be an opportune time to share some general tips for keeping your online accounts safe from hackers and criminals.
Hackers commonly use two methods to break into online accounts: a.) guessing the password using a list of commonly used passwords, or b.) using information that was obtained from a previous data breach and has since been published on the internet. These methods often involve the use a “bot” or program that scrapes the web for lists of commonly used passwords or email/password combinations from previous data breaches and then attempt to log in using all of the available combinations until they are successful.
In fact, according to the Verizon Data Breach Investigations Report, 81% of hacking-related breaches are due to compromised passwords.
Fortunately, we have several tips below that will protect you from these kinds of attacks!
1. Use a medium or high-strength password
As mentioned above, most hackers target the “low hanging fruit” that are weak passwords. If you’re someone who uses something like “password” or “123456” for your password, then you’re at a high risk of having your account compromised should anyone ever want to.
Nowadays, many websites will display a meter indicating how strong your password is. You may or may not have the choice to bypass their suggestion and use a weak password anyway, but we would certainly not suggest doing so.
Instead, strengthen your password to at least medium-strength by:
- Increasing the length of your password
- Include one or more numbers in your password
- Include one or more symbols in your password
- Include one or more capital letters in your password
- Replace letters with symbols or numbers when possible, for example using a “$” in place of an “S” or using a zero in place of an “O”
A medium-strength password greatly reduces the risk of being hacked, but obviously the higher-strength, the better.
2. Use unique passwords across the web
Most people who regularly use the internet these days have many different accounts on many different platforms: email accounts, Google accounts, YouTube accounts, Facebook accounts, PayPal accounts and much, much more. Understandably, remembering and managing passwords for so many different accounts can be tedious, and many people resort to simply using the same password for all of their online accounts.
According to Security Boulevard‘s article “8 Scary Statistics about the Password Reuse Problem,” 65% of people who responded to a Google survey acknowledged that they use the same password across multiple sites.
Using the same password for all of your accounts is one of the biggest risk factors for having your accounts compromised, because once a criminal has accessed any one of your accounts, they can, and likely will, try the same password to access any other accounts linked with your e-mail address. Fortunately, most of the major services and networks mentioned above have pretty strong security protocols in place, but if you were to sign up for a less-secure website using the same password and that website suffered a data breach, it could open you up to some trouble.
3. Change your password(s) regularly
Regularly changing your password is another great way to protect your account on any online services. In fact, most major banks require their customers to update their online banking password at least once every few months, which is a testament to how important they consider it to be. The idea here is that if someone has obtained your password and is regularly accessing your account without you knowing, a fresh password will stop them from getting in.
If you think Using Unique Passwords or Changing Your Password Regularly will be a pain, you can always use Google Chrome’s built in password-management tool, or try our preferred free password-management solution from LastPass to save and manage all of your password securely. This way you can ensure your password is as strong as it possibly can be without needing to manually type it in every time you login. Your password manager tool will fill it in for you!
4. Use Two Step Verification
One of the most useful tools for preventing account hijacking is Two Step Verification. While every company’s verification procedure varies slightly, they all work pretty similar: if someone logs in from an unfamiliar location or using an unfamiliar device, a password alone won’t be enough for someone to access your account. Instead, a time-sensitive verification code will be e-mailed or texted to your phone. That code must be entered on the new device/location before that person will be able to log in.
Some services may require you enable Two Step Verification from your security settings. We highly recommend using two step verification or similar protection for any services that offer it.
Of course, two-step verification won’t be so effective if a hacker already has access to your e-mail to see the incoming verification codes (so refer to tip #1!)
5. Keep your Anti-Virus and Firewall protection up to date
As a general rule of thumb, it is always a good idea to keep your Anti Virus and/or firewall software up to date to ensure you are protected from all of the latest known threats. This can also help protect you from malware and ransomware, and can help identify potential phishing schemes and other suspicious emails that are opened on your machine.
Following these 5 tips is a good way to eliminate the bulk of the threats facing the everyday internet user.
Let us know if you have any suggestions to add to the list! Just drop us an email at firstname.lastname@example.org with your suggestion!