Andrew works in information security and he helped me make sure my blog and all parts of my life in general were more safe. I really wanted to share it with all of you guys so he helped me put this post together with his knowledge of internet security and some of our experiences.
Over the past year, there have been a lot of online security incidents involving stolen passwords, credit card information, as well as leaked private pictures. Being that October is National Security Awareness Month, I figured I would share some tips I use to keep my online accounts as secure as possible.
5 Important Tips for Improving your Online Security
1. Never use the same password on multiple websites
If you’re like me, you have probably over 100 accounts online. It can be extremely difficult to memorize all those different passwords. The problem here is people may use the same password across multiple websites. I was beyond guilty of this. When Andrew found out, after laughing for a solid 5 minutes he insisted I changed everything. If one of those websites have a security breach, a hacker can have your password to all your websites.
There are Password Managers available for free that let you safely store all your passwords. This way you can create unique passwords for each website you have an account on. If one website is compromised, your other accounts are still safe. I personally use LastPass for storing all my passwords. IT IS AMAZING! It allows you to generate random passwords so they are strong and you don’t have to worry about coming up with a new password each time. LastPass also has browser plug-ins and mobile apps so I can access my passwords anywhere I go. The app on my phone is great! Password managers have a master password that securely encrypt all your account passwords. You only have to remember one password from here on out! You can also store credit card information, secure notes etc. Plus you can see your security score. We may have a slight competition about how secure we are on lastpass. NERD ALERT!
2. Use a strong password
My next tip is to always use a strong password. When websites say your password must be between 8 and 32 characters, use a random password generator and generate the most complex 32 character long password you can. Always use a combination of upper and lower case characters, numbers, and symbols if allowed. Memorizing these long random passwords makes a Password Manager come in very handy! I was a total 8 character person for the longest time. One of my passwords can be 70 characters and you better believe it is. HINT paypal.
3. Use two-factor authentication
Two-factor authentication is a security feature that has been around for a few years, yet still isn’t widely used. This security feature requires you to have something you know, like your password, and have something that only you would have, like your cell phone. Websites like Gmail, Facebook, Twitter, and PayPal have this security feature. This is hugely important to us bloggers who need these websites for our daily lives to function correctly. Getting locked out of twitter? NO THANKS! When you attempt to login, the website will send your phone a random code that is required before you can fully sign in. This will happen whenever the website detects you logging in from a new device. It really makes me feel safe, because even if someone stole my password, they would also have to have my cell phone to get the code. By the way, you can have backup phone numbers entered in case you ever lost your phone. I have Andrew’s phone number and my mom’s as mine.
Apple offers two-factor authentication, although, most don’t use it. All those leaked celebrity pictures in the recent news could have probably been avoided if they just had two-factor authentication enabled. A great list of all the websites that support this feature can be found at: https://twofactorauth.org/
Also don’t post naked pictures of yourself….just a thought.
4. HTTPS vs HTTP
Whenever you are entering in sensitive information online (passwords, credit card numbers, etc…), make sure the web address at the top of the browser starts with “https://” and not just “http://”. The “S” stands for secure, which means the website you are connected to is sending your information securely and encrypted. This is really important, especially if you’re ever using public wireless like at a hotel or Starbucks. If the website isn’t using https, someone could be sitting near you and reading everything you type. It’s pretty scary to think about it! I am on the go so much with blog conferences, trips, and working from various locations that it wasn’t even something I thought about it. Then I wanted to curl up into a ball and cry. It’s OK though 🙂
5. Help protect yourself against identity theft
Checking your credit report often is really important. I check mine and have found a few errors on it. You can dispute the mistake and work work the credit bureau to correct it.
You are allowed to check your credit report once a year from each of the three credit bureaus. What I do is view one of the three credit reports every four months so I can always stay on top of them. The only truly free and trusted website to get your credit reports is at https://www.annualcreditreport.com/. This is backed by the Government and does not charge you any hidden fees, unlike some of those commercials you may see for other websites.
Credit Karma (operated by TransUnion) and Credit Sesame (operated by Experian) are also great free resources you can use to check your actual credit score. These websites can also inform you of any suspicious activity showing up on your credit report. It’s better to find out as soon as possible and fix the issue before you need to use your credit and find out it’s ruined by a simple mistake. They both have mobile apps, so I tend to check my credit score often and it sort of becomes addicting to see how high I can get it!
Lastly, we all get those annoying credit card offers in the mail all the time. Did you know that people actually go dumpster diving and try to find those and fill them out to steal your identity?? It’s important to always shred mail that is has any banking information or is an offer to open an account. Even better, you can actually opt-out of receiving these! The FTC has a website available to do so at: https://www.optoutprescreen.com/
Do you feel secure in your online presence? What changes will you be making?