Internet has provided us with some amazing ways to do our day-to-day tasks better; sharing content and even getting in touch with friends have never been so awesome. As easy as it sounds, it is equally vulnerable to attacks. Most hackers either take control of your account for malicious activity or are just mere stalkers. I did hear about a couple of stalking cases from my friends recently and that’s when I thought of writing this piece. I even had a discussion with my friends online and they shared few commonly used methods in this regard.
Here are some of the best practices. The first tip is a very obvious one; using a strong password.
1. How to Keep Passwords Safe:
- A strong password is generally referred to a key which has over 14 characters with at least 1 special character and numbers. There are online tools which can help you with suggesting some passwords. Random and Secure Passwords to name a few.
- Do not use consecutive letters or numbers. For eg: abcd, 9876 etc.
- Do not reuse old passwords; change your password regularly, at-least once in three months.
- Do not use your family members name, the place you work, Anniversary and Birthday dates as passwords which is commonly known to others.
- Do substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. Passphrase as some would refer. Again, partial substitution is a good idea. For example, One Step Closer can be One$tepCl0sEr.
- Do not use long words, quotations or phrases in your password; anyone around your desk or the key logging tools can always track the possibilities.
- Do not use the same password for all your email accounts.
- Do not write down your passwords on a paper near your desk; or even as a saved note on your Phone.
- Do not sharing password information on Emails and Instant Messengers etc.
2. Social Accounts:
- If you use your Gmail address to sign-in to your Facebook Account, use unique passwords for the same. Your Gmail account and Facebook’s password doesn’t need to be the same.
- Similar to emails, do not have the same password for all your social accounts.
- Having a base password mixed with a prefix or suffix created using the name of each website can be a good idea too. So, for example, Facebook, the password is H!Th3r3Face. For Google, H!Th3r3Goog.
- If you have synced your email / Facebook accounts with your Phone, try enabling a passcode/pattern/finger print for your device.
- It is very easy to impersonate your profile these days. A hacker, generally takes the relevant details from your profile and your display pictures and create a new profile with your exact name. These fake profiles further send out friend requests to all your contacts claiming that, your old account was hacked and this would be your new profile. In such a scenario, it would be great idea to talk to your friend over phone, before you confirm the friend request.
- If you abandon an old email address associated with any of your social accounts like Facebook, Apple ID, Dropbox etc. Be sure to update them with your current email address.
3. Two-Factor Authentications and OTPs
Two-Step Verification adds an extra layer of security to your online Account, drastically reducing the chances of having the personal information in your account getting stolen. To break into an account with 2-Step Verification, a hacker would not only have to know your username and password, they’d also have to get a hold of your phone.This can be a turn off to many people considering that, some of the providers send you a code via SMS, and you will need to wait for the SMS code before you log-in.
Google also introduced an USB Security Key; one does not need to look or wait for codes on the phone and then re-type it; rather he/she can simply insert the Security Key into computer’s USB port when asked.
However, Google’s 2 Factor authentication doesn’t need a SMS too; you can use their mobile app for the secondary token. It is quite similar to those RSA token generators. Do find the detailed steps for Google Accounts.
Apple has introduced this option for the iCloud users as well. In order to set up the two-factor authentication on Apple’s cloud storage service, users must login to the Apple ID account, click on “Password and Security” and find “Two-step verification.” Once activated, a unique four-digit verification code is sent to the registered mobile number via SMS or Find My iPhone. The unique code will be asked every time there is suspicious account activity, like login from an unfamiliar device. This way, unauthorized access to the accounts can be blocked.
Facebook calls it code generator; Once you login, you can then get to the security settings and enable this feature. As a review, you can also check on the logic notifications, and trusted browsers to verify if those are the machines/connections you used in the past.
Read these official notes from LinkedIn and Twitter for detailed steps. Enabling an OTP before making a fund-transfer or payment is considered safe in online banking; Most of the banks do this by default now.
4. Email Attacks:
- Phishing scams – Do not click on links in suspicious email messages, and never provide personal information on any websites. Think before you click or download anything. Some deals may be too good to be true; for eg: A free Airline ticket or a 100,000,000 GBP lottery price.
- Manage your subscriptions; clicking on the ‘Unsubscribe” option in the spam mail is usually a bad idea. As most email providers these days do not send back “read-receipts”, hackers/spammers send you email from mailing list and wait for you to unsubscribe to confirm that its an email id “in use”. It’s best to just mark them as spam and leave it. You can also create some smart filters which moves emails like these straight to archives or deleted items.
- Always have a secondary email configured for password-reset instructions. Preferably, a secret email address which you haven’t shared in public forums.
- For a password reset request, choose security questions and answers that cannot be easily guessed by someone else. For eg: Do not choose a question like, what is your favorite color? and even if you end up choosing this question, Answer does not need to be black or blue always. You can even answer as weird as a cow or an elephant. But yea, do remember what you enter.
5. Keep your browser and other apps up-to-date.
- Generally companies like Adobe, Microsoft, Google, Apple and few others release software updates and hotfixes and make it available to the end-users for download. These may not be just for new features but also to fix newly identified vulnerabilities with the software. Always make a point to run an up-to-date browser. Ensure your Java and Flash Player are updated to the latest available versions. Likewise, do not ignore OTA (On the Air) software updates on your smart-phone as well. Do update them.
- As much as possible, do not auto-save your passwords on your browsers.
- I personally do not recommend a password saving programs as well. However, if you still want to try these softwares, 1password can be a good option.
- If you are installing any 3rd party applications to access Facebook or Emails, understand the level of access these applications have on your phones. Well, Mobile and Cloud Security are totally new areas, let us look at them later.
- When using a public computer, always sign out when your session is complete to prevent other people from accessing your account.
- Use incognito / Private Browser window while accessing your bank accounts.
Your online experience totally depends on how secure your accounts are. For many of us, businesses run on Internet and compromising them will result in a huge impact. Hopefully, this article has helped you with some inputs. Always remember to report when your account is hacked; not just to your friends but most importantly to your service providers like Google, Facebook, Banks etc. They can further block your account before it can be accessed by anyone else. Of Course, the most obvious thing remains, Do not share your password with anyone..!