In 2004, President George W. Bush and the United States Congress officially recognized October as Cybersecurity Awareness Month. It is a month for us all to reflect on the numerous ways that technology has become interlinked with nearly every facet of our lives and, as such, how important it is to ensure we are properly protecting our technology from cyberattacks. In recognition of Cybersecurity Awareness Month, here are suggestions on how to protect your digital life from common attacks.
By far the most common way individuals find their online lives compromised is due to poor password security. Read on for things you can do to greatly reduce your chances of being compromised.
Use unique passwords
If you only take away one tip from this post, let it be this one: Stop Reusing Passwords.
We’ve heard the same tale of woe over and over again… “A hacker got access to my password, and they have been compromising all of my accounts… Email, banking, healthcare, social media, online shopping…” It is a horrible situation that can easily be neutralized by one very simple control: setting unique passwords for your online accounts.
If you use the same password everywhere, then that password and the accounts it protects are only as secure as the weakest site. Hackers often focus on breaching websites that do not handle critical information such as hobbyist online forums and online newsletters.
Hackers are not interested in ruining your reputation on your favorite saltwater aquarium message board… No, they are counting on the fact that numerous members of that message board will be using the same logon credentials at much more sensitive and lucrative websites.
Using unique passwords when you sign up for services makes you SIGNIFICANTLY less likely to fall victim of these sorts of attacks.
Use good passwords
By far the most common way that attackers destroy the online lives of individuals is by discovering a password that is being reused across multiple sites, but it isn’t the only way.
Hackers also target people who use weak passwords. A common attack is for hackers to choose a common password and then “spray” it across thousands of possible usernames on a website to see if they can find a successful logon.
This is easily defeated by making sure that you set an uncommon password. In recent years, best practice guidance for setting a password has changed from short passwords with a blend of lowercase, uppercase, numbers, and symbols to longer “passphrases” of simple easy to remember sentences or individual words.
These passphrases are very unlikely to be brute forced through password spraying and, in the event of password database being breached, they are unlikely to be cracked. Setting a unique passphrase for every site you use will go a long way towards keeping you secure on the Internet.
By now you are likely asking how difficult it is to manage this guidance in practice. Who can remember all those passwords?!
This is where personal password managers come in. These are products and services where you can securely store your unique passwords in an encrypted vault that you then access via a master password and/or biometric controls such as your fingerprint or facial detection on your smartphone.
These vaults allow you to remember just one single password in order to access all your unique passwords. Most of them are quite sophisticated and capable of automatically logging in to sites for you, meaning that you can set incredibly long and complex randomly generated passwords for websites that you never have to type in yourself.
There are numerous password managers available including 1Password, LastPass, Bitwarden, Dashlane, and Keeper. Password Managers both dramatically increase your security while also increasing your convenience!
Careful where you type your passwords
A common attack is for hackers to try to trick you into entering in your password on a website that they control.
This typically starts with the hacker sending you a malicious email (referred to as Phishing) where you are tricked into clicking a link to a website login that looks legitimate but is actually owned by the hacker. Be very careful with unexpected emails asking you to take action such as visiting a website, downloading an attachment, or responding with sensitive information.
Before typing in your password in any website, take a second to look at the address bar to make sure the address makes sense. Look for minor typos in the address or strange characters such as hyphens. Hackers will often purchase website domains that look very similar to the site they are mimicking in hopes that victims will not notice.
[Related: How to Protect Your Devices from Cyberattacks]
No good conversation about password security is complete without talking about MultiFactor Authentication (often referred to as MfA or 2FA). The way we authenticate ourselves is typically based on one or more of the following items:
- Something we know: Passwords
- Something we have: Usually this will be access to an application or text message on our smartphones.
- Something we are: Biometric checks such as fingerprints, retina scans, or facial identification
MultiFactor authentication simply means requiring at least two of these items to authenticate someone to a system. Probably the most familiar type of MultiFactor Authentication is withdrawing money from an ATM with a debit card. You need to have something (your debit card) and know something (your PIN).
MultiFactor authentication for websites is becoming an ever-increasingly available option, particularly for online banking, healthcare, email, and social media. We STRONGLY recommend taking advantage of these features whenever they are available. MultiFactor authentication often adds very little effort to logging into a site, while adding huge levels of defense against hackers.