Protecting your online identity is critical for preventing widespread data loss.
With the ever-increasing list of online companies reporting breaches of customer data, managing your online presence has never been more important. These breaches usually give the bad guys access to the usernames and passwords of account holders at that site. While having access to your account at one site may not give a would-be identity thief access to anything important, those credentials usually wind up being used or sold so that they can be used for other nefarious ends.
Ever received an email from someone attempting to convince you that you’ve been hacked because they know your password? That password was likely obtained from a security breach on a different site—possibly from an account you don’t use anymore or didn’t even know you had.
Having an online identity stolen can have far-reaching consequences, in both personal and professional contexts. Here are a few useful tools and best practices to help keep your online accounts secure.
1. Use Strong, Unique Passwords
The single most important step you can take toward protecting your online identity is to choose a strong password. Most hackers aren’t trying to break into your account by guessing your password—they’re using a program that can quickly try thousands of password variants in a matter of seconds. This brute force method makes weak passwords effectively meaningless, whereas strong passwords can resist even the most persistent attacks.
When it comes to creating a strong password, you have two options: make it long, or make it complex. You can create a complex password by including random digits, spaces, and punctuation. Creating a sentence out of random words will give you length, and it will usually give you complexity to boot.
2. Use Different Passwords for Different Sites
Even when you choose a strong password, your account can become compromised if someone breaches the site another way. When Tumblr was breached in 2013, 65 million usernames and passwords were stolen. In fact, the breach wasn’t actually discovered until 2016. Having access to 65 million personal blogs isn’t very useful to criminals looking to make money. However, if just a small portion of those passwords are used on multiple sites by the user, then they could potentially be used to get into users’ banking, email, Amazon and other more lucrative accounts.
Using a different password for every online account will ensure that even if one site is hacked, your other accounts will still be secure.
3. Use a Password Manager
Now that you have a unique password for all your online accounts, how are you going to remember them all? Storing your passwords in a password manager not only saves you from having to remember your passwords, but it also allows you to make more random, secure passwords and take them wherever you go.
There are a lot of options when it comes to password management. For personal accounts, make sure to use a service with a proven track record on account security like Google Passwords or Apple’s iCloud Keychain. For enterprise credential management, use a solution with solid encryption standards and centralized management such as RoboForm, Password Hub or Secret Server.
4. Answer Security Questions with Strong Passwords.
Many companies include security questions as a way to recover access to an account if you forget the password. Unfortunately, this can be another possible vulnerability since many of the same security questions are used across different sites, and because many of the answers are easy to discover on social media.
So, the next time an account asks you to choose a security question, answer with another strong password. You might raise some eyebrows if you ever have to talk to a customer service person if you tell them that your mother’s maiden name was +Z(V5G)PLj”w2wDf, but that’s an answer no one else will know, either.
5. Use Two-Factor Authentication
Wherever possible, enable two-factor authentication (2FA) on your accounts. Having a personal device, such as your cell phone, tied to your account means that even if someone gets your password, they still can’t login to your account without having access to your cell phone.
Most sites that offer 2FA use standard authenticator apps such as Google Authenticator. For enterprise, you can add 2FA to your Windows logins with Duo Security. It works on both workstation logins as well as RDS and adds the convenience of sending a push notification, rather than just a 6-digit code. You can also use Duo to secure your SSL VPN connections and Linux SSH connections.
6. Check Your Existing Accounts
You can check to see if your credentials have ever been included in a breach by visiting haveibeenpwned.com. Enter your email address and this site will list all the data breaches your email address was included in. It will also inform you of any breaches of mailing lists, data collection companies, spam lists and others. It’s a good idea to check this site frequently so you can reset your password promptly after a breach.
Consult with a professional about securing your business
Whatever your industry, account security affects every part of your IT infrastructure. Having strong passwords is just the first step. At Brightline, we specialize in data compliance and implementing security standards proven to keep the bad guys out. We can work with you to assess your existing security posture. We can then help with effective solutions such as two-factor authentication and implementing SSL VPN for remote access so you can work more securely and confidently.