Are you taking steps to protect your personal information online? 100% protection is, to be completely honest, impossible. However, there are steps you can take to shift the possibility of your personal information falling into the wrong hands from “likely” to “very unlikely.”
To put online security in simple terms: Let’s suppose a burglar wanted to go through your house and take everything of value. We’ll pretend you have a giant house with sturdy doors you keep locked at all times. Your possessions are still vulnerable to a thief who goes around breaking into houses with a crane and wrecking ball, but it’s unlikely that you’ll encounter such a thief. Your main concern is to keep your stuff safe from regular thieves just trying to make a quick score. In order to do that, you simply need to make it more difficult and time-consuming to break into your house than any comparable house in the neighborhood.
Here are a few tips to help you make life difficult for information thieves online:
1. Use a different password for each account
This one might seem like a no-brainer. Unfortunately, it’s one of the most commonly overlooked ways of improving security online. It’s easy to get caught up in the rush of “new stuff” and use the same password for multiple platforms. However, doing so is dangerous because attackers need only break into one of your accounts to access all of them.
2. Avoid passwords consisting of real words
Be creative and mix things up with passwords that include letters, numbers, symbols, and varied capitalization. Thieves aren’t very good at guessing passwords that don’t make sense. Use this to your advantage and avoid passwords that include words you’d find in a dictionary or combinations of your name and birth date or phone number.
3. Manage your passwords in an offline document
Think of this document as a secret box that contains a key to every room in your house. If you can protect the document with a password, all the better! Reduce the chances of your document being found by naming it something completely un-passwordish. “Stopping by the woods on a snowy evening” is a good name. (Hackers find Robert Frost quite boring.)
If you prefer an added level of security, write your passwords down on paper and keep them separate from your computer. One of my programmer friends keeps a list of all his passwords on a piece of paper in his desk. He’s made daily password changes a part of his morning ritual by changing the password of each program as he signs in for the first time that day. Each new password is written on a piece of paper and locked in his desk at the end of the day. In order to directly access those passwords, a hacker would need to enter the office building where my friend works, break into his office, and pry open the desk drawer. Is his approach on the extreme side? Yes. But so is his need to keep important information secure.
4. Answer security questions with silly answers
Many platforms offer a secondary level of safety in the form of security questions. Most of them ask for your mother’s maiden name, the name of a childhood pet, or the name of a favorite teacher. The real answers to those questions are often only a few guesses away. As such, the key to a security question’s strength lies in your ability to choose what the platform will take as a “correct” answer. If you think a hacker would have trouble guessing that the correct answer to, “What is the name of your favorite teacher?” is “OlarbearP37!” you’d be right.
5. Keep important files on a detachable drive
The logic is simple: if it’s not on a computer with web access, a hacker can’t steal it. This method won’t protect your data from absentminded behavior or physical theft though. Musician Imogen Heap recently ran into issues with her data protection plan when she lost a detachable hard drive containing many of the music files needed for her upcoming album. The hard drive turned up two weeks later when she went to wash a load of laundry and found the drive in the bottom of her laundry basket. =)
The Bonus Round:
- Make a habit of checking the URL before entering your password on a site. (Protect yourself from sites pretending to be a legitimate site just to get your information.)
- Lifestreaming is fun but there’s no need to tell people when you’re leaving your house for a few hours. (There’s such a thing as too much transparency.)
- If you wouldn’t do something in real life, don’t do it online. (Advice about following your heart and throwing caution to the wind rarely serves one well online.)
Remember, if a password is easy for you to recall, it will be easy for a hacker to guess.
I know it might seem really boring and tedious to go about switching passwords and moving documents. But information theft is very real and the little bit of time and energy it takes to secure your data online is well worth your effort.
If you have any thoughts, tips to add, or would like to correct me on something, I’d appreciate your input. Thanks, and stay safe!
Click to share this post on Twitter
Hi, Seth. #4 is a great suggestion! Re the bonus round, I've also noticed some sites now have a instructions on the login page to check the URL before logging in to prevent giving away your login info. Of course, if it was an imposter site you wouldn't get that recommendation, but still. Seeing it every time you log in will alert you when you don't see it.
Thanks for posting this. I think we all get a little too lax with this sometimes.
Hey Seth,
Great article by the way, it's always a good idea to protect yourself online. I thought I would pass this on, for passwords I use https://lastpass.com/ and for helping to identify proper sites I use the Firefox add-on Locationbar² http://su.pr/AhAtoX but Lastpass takes care most of that for me too.
Also answering security questions with silly answers is a great idea, thanks, have a great day!
Jorin.
Can you imagine if the imposter site DID mention that you should check the URL? That'd be an ironic twist. =)
Yes, we all do. I had to go through and tighten some things up just this past week. It's easy to forget security in the rush to get things done on time. Safety first, right?
Thanks Betsy!
Hi Jorin!
That's a slick service…but what happens when they get hacked? You'd lose access to EVERYTHING. I'm not so sure I like the idea of that.
I like the firefox toolbar. I'm a chrome user but will def. hook it up for when I am using FF. Chrome's a great naked browser but FF is where it's at for all the added joys.
Enjoy your day as well. =)
The example of changing passwords daily is not necessarily the best:
1. Entering password too often is good opportunity for snatching them with keyloggers. Changing passwords on infected machine is even more dangerous, as it is easy to automatically detect passwords during password change.
2. You are bound to forget some passwords, reuse them or throw the paper with used passwords away.
3. The most of ID theft is done with social engineering than with automatic tools. And keeping passwords in known place in the office is not the best way to protect them. One might misuse his coworkers to give away passwords.
Encrypted Detachable storage would be much more secure and it is good suggestion. The one about silly answers as well.
Yes, his example is an extreme one. Most need not change their password so often.
That said, a keylogger is going to catch your password whether or not you change it. Time for some robust anti-virus action?
Yes, there's always the chance that something might be thrown away or a coworker could willfully mishandle your credentials. Whether or not you feel such a risk is outweighed by heightened password security is a personal choice. The people at Twitter are wishing they'd followed all 5 keys right now though. =)
Thanks G!
Seth, you're obviously an authority, and your advice should be followed by all.
The proof? Somehow you got the key to my house and took a picture of it in the front door. (I'm armed, you know that, right?)
Nice work, Seth, good advice that seems more than adequate to protect the average person (and is much more than the average person is doing now, for sure)–thanks for the great tips!
-jef
Common sense that is all too often uncommon in practice, Seth. I appreciate the reminder to be a proactive caretaker of my ID online. With all the profiles I manage for myself and for clients, changing passwords regularly was overwhelming, until I put it all down on an offline document – just as you suggested in your post
. Here's the doc, for anyone that would like to use it!
http://www.mymktgpeople.com/ProfileMinder.pdf
Great article! As mentioned, one needs to be careful with passwords. I feel alphanumeric and random passwords work better. Since I find it difficult to remember them, I use this free toolbar called Billeo . There are many password managers out there, take your pick. It saves you the hassle of writing down your passwords.