Ok so you’ve decided Cybersecurity is important to know a little bit about, now what? Well first off, just the understanding of Cybersecurity’s importance puts you in the minority of those who are harder to hack, so congratulations!
But now we start down the path of understanding what you can do to be more secure. This topic is a bit of a rabbit hole, so lets start with just a few of the more critical items and why they are important.
Before we get started, I want to point out something for anyone thinking this journey is going to mean a massive amount of work. It doesn’t have to mean that at all actually. Keeping yourself secure online is really about having a little knowledge and implementing a few simple practices to rely on. Any good security professional knows when security is too complicated, people will find a way to avoid using it.
Start with your email
Your email account is by far the most critical thing to secure. That’s right, I just said email is more important than your bank account in this journey.
Why? Well for a hacker, if they have your email account, they pretty much own all of your accounts. This is because almost every website out there relies on your email for password resets. So if your email account becomes compromised, an attacker can simply reset your other passwords and now they have those also.
Take a minute to reflect on what that means for you. Your bank accounts, credit cards, school (if you are a student), social media, online shopping and more are all gone if your email is compromised. These days, most of us have just about every facet of our lives online in some way.
Ok, so now you understand why it’s so important. How do you secure it then?
Secure your email account
For starters, use a really strong and unique password. The password you use for your email should not be the same one you use for anything else. It should be as random as possible, and as long as possible; preferably by a random password generator, and at least 16 characters long. We’ll get into how you remember that random password in just a little bit.
Ok so now you have a super complex password, that’s it right? Wrong. Next, enable 2-Factor authentication (2FA) on your email account. Enabling 2FA requires your account to have a second extra security layer to login, usually in the form of a randomly generated six digit number.
Right now you might be thinking “hold up, didn’t the author say this didn’t have to be complicated?” Yes, I did.
Enabling 2FA on most modern email systems is a simple process that takes only a few minutes one time. You can also configure it so it will only periodically ask for the second factor such as when you’re logging in from a new computer or once per month. I strongly suggest using these practices as it will make 2FA very minimally intrusive to normal use while also preventing an attacker from accessing your account.
One more thing, do not rely on SMS or text messages for 2FA. Use an app like Google Authenticator or another similar one that works with your provider. Not to get to into the weeds on this, but text messaging is not a secure form of authentication. I’ll save that topic for another day.
Secure your financial accounts
Ok, your email is secure now, what’s next? Your bank, credit cards, 401k, any other type of financial accounts you have are the next thing to think about. What do you do with these?
Unfortunately, most financial institutions are slow when it comes to keeping up with security. This can be seen pretty easily as almost all of them do not have any form of 2FA beyond SMS/text messaging. “Wait didn’t he say text messages were not secure?” Yes, I did. Now you understand my statement.
Believe me this is one of the things I find most annoying about my own bank. This is one of the many reasons why we cannot rely on a company or institution to secure our data (or our money). Take the power into your own hands and use good security practices instead.
In this case, use a very strong, secure password which is unique for each account. Take special notice of unique for each account. If you have five banks, you should have five passwords. And of course, if your financial institution has the option to enable 2FA via an app and not rely on text messages, enable that functionality. This should be the case whether it’s a bank, stock investment account, retirement account, crypto, etc. Anything where finances are involved.
Other accounts
Ok so now we’re getting into the “less critical” accounts. This would include things like shopping, social media, online gaming, and others. I’ve seen many articles discussing using an “important password” for things like your bank, and an “unimportant password” for these other items.
Personally, I think that is a bad idea. You should use the same password security practices you’d use for your bank. If there’s an account, it should have a unique password used only for that account.
When it comes to enabling 2FA for these other accounts, that’s where I think the line should be. For those accounts that aren’t going to have a significant financial impact if they were to be compromised, there’s probably no reason to enable 2FA. Of course, some factors can change that and it’s up to you to decide if each account is important enough to add a little extra security.
Get a secure password vault
I know what you’re thinking: “I must have 100 accounts online. Do I have to remember 100 different passwords?”
I personally have over 600 accounts (662 to be exact). I understand the burden of managing accounts. But no, I do not know 600 different passwords. In fact, I don’t know any of the passwords for any of my accounts, except one: My secure vault password.
Here’s how it works: I created a unique 16 character password and memorized it specifically for my secure password vault. I used my secure vault to generate and store all the passwords for my online accounts. My secure vault is now accessible on all the devices I use regularly. It also auto-fills my passwords for me so it’s easier for me to login as I’m going about my online activities.
You may or may not have heard of this kind of solution before, but they’ve been around for many years. There are many available options out there. In a future article, I will review and breakdown the features of some of my favorites.
Everybody should put a little bit of effort into a password vault that works for you. There is definitely one out there which will work for you and make your online life more secure and easier.
Conclusion
Keeping yourself safe online doesn’t have to be a lot of work. It requires just a little bit of knowledge on the subject and maintaining a few good practices.
Let’s summarize the basic security practices:
- Get yourself a secure password vault.
- Utilize unique, complex, and randomly generated passwords for each account you have online; preferably 16 characters or more.
- Enable 2FA on your email and financial accounts, and any other account you deem as “more important” to you.
- When possible, do not rely on text messaging for 2FA or any other security related activity.
There are many more topics to cover in the #HomeSecurity series. If you want to stay up to date and keep yourself secure, sign up for my email list. I will send you updates anytime a new article is posted. If there is any topic you’d like covered in more detail, please post below.