You can’t even hit 10 a.m. these days before you’ll hear news about another data breach, cyber attack, or phishing scam. There’s online dating fraud, fake PayPal pages… ready to dive back into bed and pull the duvet over your head yet? But we’re in a transitional phase in our society, and companies, governments and individuals are all figuring out this messy, joyous and sometimes scandalous world of online security.
It’s Get Your Tech Together Week on the blog, and after yesterday’s calendar rundown I thought I’d dive into this topic. Online safety is something that many of us aren’t really dealing with, so I’ve compiled a couple things you can do to ratchet down the anxiety a bit. I’m sure in a few years we’ll have better systems and look back on all this and laugh— but for now, I can offer you some ways to defend yourself online, no duvet required.
Create stronger passwords
You know you’re supposed to use strong and unique passwords for each site you visit. I’ve talked about it before and I hate to nag ya, but I read that 73 percent of people are still using the same password for multiple sites, according to password manager company LastPass. They say it only takes three minutes, on average, to crack most passwords, and that most people still only use passwords that are six letters long. So if you haven’t taken the time to beef up your passwords, now’s the time. Try this: Take your current passwords and put them into the password practice function at Passwordday.org— you’ll be surprised how long and complicated your password has to be before you hit the green “best” rating. A strong password has 12 to 14 characters, minimum, true, but 16 is even better. Go for a mix of upper and lower-case letters, numbers and keyboard symbols. Consider using a passphrase, too, rather than a password. Spr1nger$panieL$Rule!! Oops, gave that one away…
Watch this video to learn all about LastPass.
How to remember them all? A password manager like Dashlane (free, multiple platforms), LastPass (free to $12, multiple platforms) or 1Password ($9.99, multiple platforms) will help you generate and store strong passwords, and log you into sites automatically so you don’t have to type those bad boys out each time.
Enable Two-Factor Authentication
Two-factor authentication (also called two-step verification, or 2FA) is a second layer of security that helps keep everyone out of your personal online accounts but you. It’s optional for many web accounts (Dropbox, Gmail, Microsoft, Google, PayPal, Evernote and Twitter all offer it), but many people don’t bother setting it up. It only takes a few minutes and is well worth the peace of mind.
How does this extra layer of protection work? When logging into your account, a resquest for your username and password is followed by a request for an authentication code— one generated especially for you and sent to your smartphone. You need to have both in order to get into the website.
If you don’t have it set up, a thief who knows your Apple ID password could log in and change it on you, freezing you out of your own iTunes or Apple Mail account. With two-factor authentication set up, he’d need access to your smartphone as well, thereby thwarting his plans to buy Def Leopard’s entire discography on your dime.
The set-up process for two-factor authentication is slightly different for each service, but it’s fairly simple and usually found under the “Settings” and “Security” headers. Because the systems trigger only when the account is accessed from a new device, you’ll find having this doesn’t cause much inconvenience. Head to TwoFactorAuth.Org to see if the sites you use offer it, and hit the big blue shaming button if they don’t.
Who has permissions?
While you’re thinking through your online accounts, consider giving them a check-up to see to whom you’ve granted permissions. Head to MyPermissions app (available for some browsers, plus Apple and Android apps) does a cross-platform check on online accounts like Twitter, Facebook, Google, Instagram, Dropbox and more, letting you manage the permissions you’ve given them— waaay back when you signed up, without realizing what rights you’d granted (because that agreement page was, like, 76 screens long).
Find out which services are accessing your in-box, for example, or using your location. Then you can either mark as approved, or revoke the access, based on your actual needs, instead of granting a blanket “yeah, sure, why not!” all around.
Pay to Play
If your kids are old enough to want to find music and movies online— and that happens the minute they those Pull-Ups— show them how to legally download content. Teach your family to stick to well-known entertainment sites, like iTunes, Google Play, or Amazon which high-quality, legitimately available content (because you do get what you pay for). Adding the word “free” to a search for a ringtone, game, music or movie, on the other hand, makes it more likely that the search engines will pull up sites that could harbor viruses, according to a study by security technology company, McAfee. These dicey sites may contain security risks such as pornography, malware, phony pop-up ads, and spyware. Sites that advertise unauthorized “bootleg” content (like a movie that hasn’t been released to DVD or streaming services yet) are also particularly risky, McAfee reports.
Watch out for misspelled URLS, too, which are a red flag that a site isn’t what it’s pretending to be.
If you’ve got kids who aren’t quite ready to be web-savvy on their own, install security software, like Net Nanny (Windows, Mac, iOS, Android), Webroot (PC, Mac, iOS, Android), Safe Eyes (Windows, Mac). You can block against unsafe websites, and set levels of acceptable gaming and social media.
Click With Care
Just as kids, tweens and teens need to be careful, so do grownups. Beware the tainted link my friend, promising tantalizing news about Salma Hayek or a too-good-to-be true free Rolex. They may lead to phony sites that will phish for your personal information. You may even stumble across this type of sneaky links in seemingly innocent Facebook posts, email messages or instant messages from your friends. So how can you tell if a link is legit?
You can test it by putting the URL you see into a link-scanner website. Some of these on-line tools examine the URLs in real time, like Web Inspector, while others, like Trend Micro, look at historical data. Either way, they can help you determine if a website is save—or Sketchyville. Of course, remember that the vast majority of websites are legitimate (yes, even the cat videos). Of the 84,043 sites entered at URLVoid for testing the week I was writing this article, only 3,672 were blacklisted.
If you get an email from your bank, mortgage company or someone else you do business with, don’t click directly on the link. Suss out the information you need first by going directly to the institution’s website and looking at your account there. Remember that any company worth it’s pixels would never ask you to send them personal information over email.
Staying protected online takes knowledge, but it also takes intuition. So if something feels a little “off,” to you, don’t hesitate to back up and get out of there. Stay happy and safe out there!
Thoughts on the “new normal” of security breaches? Leave them in the comments.