In the days of old, people built giant walls to defend their land. It was easy to see the invading army approach. Pull up the drawbridge, light the arrows and defend your city. Today, the walls are digital and the invaders are invisible and often robots; sneaking in the back door or under the radar, pretending to be someone we trust or attacking out of nowhere. So how do we defend our territory in a modern technology age?
Ditch the passwords
Passwords are the first line of defense in protecting your private information. The problem with passwords though is that if you make them strong, they can be hard to remember. And if you follow the sound advice to not use the same password on any site, you may think you have to remember 30 plus long, hard to remember passwords! To this I give you 2 suggestions:
- Get a password manager – Don’t trust Google to save your passwords. (see previous blog) A password manager is a vault to place all those hard to remember passwords in a secure location. Read Consumer Advocate’s top ten choices in their article here
- Use passphrases – Instead of hard to remember letter, number and character combinations, use a full phrase as your password. Pick something you can remember and add modifications to in order to have a unique phrase for different sites. For example, “BobandSusan’sbankaccount!”
Multi-factor Authentication
Requiring 2 forms of verification is becoming a popular and simple way to secure data. Here’s an example one of my money accounts uses. I’m asked for the email, username, or phone number associated with my account. Once entered, I am then asked for a code that will be emailed or texted. This is very easy for me as a user. I don’t have another password to remember, the messages come through quickly and I can access my account. While it’s easy for me, it’s harder for a hacker. Someone would have to be able to access my phone or email to be able to access the original account.
Recognize Imposters
A popular way for hackers to gain access to your data is called spoofing. They send an email from what appears to be a legitimate company claiming something to try and get you to give over your information. Your account has been compromised: type in your password. You’ve won a gift card: type in your password. You have been locked out: type in your password. We’ve seen suspicious activity: type in your password. You get the idea. Hackers use the logo of a trusted company to put you at ease, but when you click on the link it sends you to a spam site that is gathering your data, not resolving an issue. Here are things to look for:
- Is this normal behavior for the company in question? If not, don’t trust the link.
- Check the email address against valid emails you have received from the company
- Look at the link. If you click to a sign in page, check the website address. If you aren’t on the company’s main sign in page, do not put in any information.
- When in doubt, go to your account. If you want to check activity, type in the website address you know and sign in that way. Most companies will post the notifications inside your account so you can verify.