In a vacuum the fact that it is harder and harder to name websites or services that don't want you to create a user account and hand over some degree of personal information would not be an issue.  Unfortunately, we don't live in that vacuum.

We live in a world where security breaches are a fact of life.  Chances are that some website or service you use has had user credentials leak, coerced or stolen at some point.  This would be no big deal if we didn't live in a world that is increasingly connected and reliant on the internet.

You have no one who will protect your accounts for you.  

You simply cannot avoid the tentacles of life lived through the internet.

However, this bad news should not be a reason to avoid it.

Anyone can take these 3 steps to protect their information floating around in cyberspace:

  1. Unique passwords for every account
  2. Answers to security questions that mean nothing
  3. Two-factor authentication

This the part where you say, "What the heck is two-factor thingity-thing and how could I possibly have time to manage all of this?"

Maybe you are one of those who says, "I've got a few passwords that I rotate around.  Isn't a unique password for everything a bit of overkill?"  Well....No!  If your password for Facebook were leaked, then I know that password could be linked to dozens of other services.  All I need to do is run these user credentials through some software that matches them against thousands of websites across the web and...thank you for making every hacker's job super easy.  Please, create a unique password for everything so only the compromised site is the site you need to worry about.

O.K. that's great but why should my security questions not be something I could remember and be pertinent to me?  The answer is a little thing called social engineering.  A quick look at any Facebook profile would provide clues and sometimes actual answers to typical security questions.  

  • What is the mascot of your high school?  
  • What is your mother's maiden name?
  • What city were you born in?  

We have started giving the answers to our security questions on the social platforms we participate in and we didn't even notice.  Why don't we make the city we were born in $3xUt6&nnY1* instead of Atlanta next time?

Now for that two-factor thingity-thing.  A unique password is great but what is even greater is a unique password plus something you have physically in your possession.  Those are the two common factors used in typical implementations.  

Twitter is a great example.  When I access twitter.com I enter my username and password and click send.  Twitter presents me with a screen where they want me to enter a 6-digit security code.  At about that moment, my phone buzzes with a text.  I take the security code sent via text, plug it in and submit.  Bingo...I have access.  If some nefarious kid in a basement somewhere has my password, I know they don't have my phone so they are stuck on the outside looking in.

Those steps would be nearly impossible to do by memory or scribbled on a notepad somewhere.  The key to making these 3 steps attainable and keep the convenience of the internet in place is to use a password manager.  These apps allow you to store logins, security answers and loads of other data securely in one place.  The only thing you need to remember is the password to access that vault of data.

Check these out to see what fits you best:

 

 

Comment