By now, I’ve lost track of how many accounts I had created online. Some are essentials like online banking and tax filing, while others are less so (e.g., movie reservation). With each account created, records of my credential are becoming more ubiquitous on the internet.
As account registration for consuming content and services becomes a widespread requirement, we’ll start giving away our e-mail addresses without thinking twice. And that’s an unsafe practice. Security breach happens (see this and this), which leads to users’ data and credentials being stolen. There is a possibility that some accounts might be linked to the same e-mail address or even share the same password, so when one account is compromised, others could be in danger too.
With that in mind, let’s take a look at some tips that could help to protect our online security using three components that we might take for granted before: e-mails, security questions and passwords.
Secure the access to your e-mail
In a way, e-mail is like a portal for accessing those accounts you’ve created online. Remember the last time you forgot the password to that photo printing website? In a matter of seconds, a link was sent to your e-mail. You reset the password and all is well again. That’s how easy it could be for a person in possession of your e-mail access to gain access to all your other accounts.
Be more careful when giving out your e-mail address. It may appear harmless, like signing up for a free account in order to access some content. Just because something is free, doesn’t mean you have nothing to lose from it. Take a moment to consider if you really need to create that account. Besides saving you inbox from influx of spam, selectively revealing your e-mail address could protect your online accounts from potential unauthorized access.
Furthermore, make it a habit to log off your e-mail account when you leave the computer on while leaving for work, or when you let someone else uses the computer. Pick a strong password that is hard to guess. And, don’t tick that little checkbox stating “Remember me” or “Stay signed in,” especially if other people are using the same computer.
Use multiple accounts for various purposes
While keeping one e-mail account is convenient, it’s not a wise idea to provide the same e-mail address for filing tax and for joining that small boutique’s mailing list. Some countries lack the law that prohibits your contact details from being passed around by one business to another. Before you know it, there’s an increase in spam and phishing attempt arriving in your inbox.
To help screen out unwanted e-mails, sign up for a couple of e-mail accounts and assign each of them a category. For example, reserve one account for high-importance matter such as tax filing, financial management site or online banking. Keep this address private; don’t advertise it on your Facebook page. Next, keep another account for the usual stuff and sites you frequented. This could be for Facebook sign-in or commenting on your favorite blog. Finally, keep one account that functions as a spam-trapper. This could be a throwaway account which you use when reluctantly signing up for something.
Provide your own questions
The usual security questions that sites use to verify your identity is the flimsiest line of defense. For instance, it’s not hard to find out the answers to where were you born or which high school did you attend. This information is displayed on your Facebook page. Even if you keep this information undisclosed, one of your friends might probably dish out the answers when taking that “How well do you know this person?” quizzes.
Therefore, avoid security questions which answers are somewhat of public knowledge. Some sites would let you come up with your own security questions. If you are presented with this option, take advantage of it. Perhaps have a little fun along the way. Create the most ridiculous question that no one but you knows the answer.
Make up your answers
Unfortunately, most of the time you are stuck with preselected security question. Just go ahead and pick “What’s your mother’s maiden name?” or any question of your choice. However, instead of being honest and blurting out the truth, let’s make up the answers. Just make sure you remember the answer of your choice in case that you forgot the password and need to verify yourself.
Use strong passwords
This has been mentioned plenty of times before but is still worth reiterating—use strong passwords. Here’s a refresher for the tips on creating and remembering a password. And once you’ve come up with a password, check out its strength here.
After creating all those online accounts (whether for using cloud storage or accessing trivial apps on my phone), trying to come up with a new, unique password is becoming more difficult. I still use Annika’s tips to come up with a good master password, but for the rest, I’d rather rely on my password manager. I would specify how many characters I want it to be and whether symbols should be included, and then a list of password that fits that specification would be generated.
Change your password after a certain period of time
It is not necessary to change your password every other month, but that doesn’t make it okay for you to survive on the same password for half a decade. Think of it this way, no password is entirely hack-proof. When you choose a difficult password, you are giving it a higher chance to survive an endurance test, where it might be subjected to brute force attacks until it finally cracks. In a short word, the longer you wait, the more time you are buying the hackers to crack your code.
Do not repeat the same password
Don’t use the same password for every accounts you’ve created. When one is compromised, others are put at risk too. The comic explains it quite well. Full version is available for your reading pleasure here. Enjoy 🙂
Image by xkcd (http://xkcd.com/792/).
This is a guest post by F-Secure trainee Mari Mäkinen. The cyber security market is…
July 19, 2017
On a recent trip to the Finnish Archipelago, F-Secure security advisor Sean Sullivan scanned the…
July 13, 2017