Time for an online security checkup.
Over the last two decades we have seen a major shift in the way people purchase items and manage their finances. The availability of always on internet services such as broadband enables us to be connected to the digital world continuously, allowing us to make purchases, check our statements and track our items all online.
Each email address is associated on average to 92 online services. Think back to to those old systems you may have used such as neopets, Bebo, MySpace, Deviantart, msn messenger, etc.
Every year we hear news reports of major data breaches from high profile companies around the world. If you use the same password for multiple services it is definitely time for an online security checkup.
Step 1. Have you been Pwned?
Pwn
verb (used with object)
Slang. to totally defeat or dominate, especially in a video or computer game: You just got pwned!
First step it to get an understanding of how much of your personal information has already been leaked.
The website ‘have i been pwned’ is an excellent resource to identify the services where your account information has been leaked. It will list the services attached to your email address that have had their data breached.
Remember if you have multiple email accounts to check each address you own.
Step 2. Change or close those accounts immediately
If the account information is already public the first step is to close or change the passwords on those accounts listed. This means those services are not directly accessible using the breached information.
Step 3. Get a password manager
There are many great password management systems available. Some paid and some free. I will cover 2 of the free options.
The idea of a password manager is to have a database of different and complex passwords that are used for each service. The password manager database is locked with a single password (this should be a complex passphrase with a length of at least 20 characters) which means the days or remembering many passwords is over.
These password managers work across many devices such as Windows machines, Macs, tablets and phones so you have your database with you wherever you are. They also come with browser plugins to automatically enter your credentials into the sites you visit.
Option 1: LastPass
LastPass recently enabled synchronizing between devices for free. This makes it an extremely good option for a free service. It is easy to setup and provides a random password generator to create complex passwords that are hard to crack. This is the best option for most users.
https://www.lastpass.com/
Option 2: Keepass
Keepass is an opensource option that I use. Being open source it is inherently more sercue as developers can check code freely for holes or exploits. The downside to keepass is that it is much harder to setup. The database file needs to be installed on dropbox to sync between devices and it is more complex to install the browser plugin. That said after a bit of extra initial setup work the experience is the same.
http://keepass.info/
Step 4. Enable 2 step authentication
Once your passwords are sercure it is a good idea to enable 2 step authentication for your essential services such as online banking, primary email, and sites that will have your credit card information stored. The two step authentication process involves using a second device such as your mobile to authenticate you as the account holder. The extra step makes it extremely difficult for a hacker to try to breech your account as they need information from multiple devices.
The advantage of using a password manager is it not only makes you safer online, it also makes authenticating easier with credential auto-fill.
If you are interested in getting a security audit for your home or business, contact UberNerd for an on-site consultations.