Remember the hack of the Ashley Madison site? The top 3 passwords used on the site were 123456, 12345 and password.

While there are no guarantees that malicious actors won’t get to your information, the following tips will decrease the probability of getting your personal information hacked.

Photo courtesy of Creative Commons.
Photo courtesy of Creative Commons.

Happy New Year! Let’s do some cyber maintenance. In addition to changing your passwords, learn other ways to make your cyber presence safer.

1. Have Complicated, Unique, Difficult-To-Crack Passwords

Hate changing your passwords for your social media, online banking, and other online accounts? So do I. But having someone invade your privacy, social channels, or even financials is a lot worse.

A good solution to create strong passwords (and track them at the same time) is to sign up for a password storage tool. Personally, I use 1Password which carries a yearly fee. I’ve also heard good things about a free tool called LastPass.

ll you need to do, once you have such a tool, is to create one really complex password and remember it. Then you can let the tool auto-generate all your other long and tricky passwords, which you won’t need to remember.

2. Never Reuse a Password

Don’t use the same password or slightly modify it to use it on multiple accounts. Make each password unique, with a mix of upper and lower case letters, numbers, special characters – at least 9 characters, ideally more.

3. Update Your Passwords Regularly

Change your passwords periodically (at least every 6-12 months). While having a really difficult password is the number one way to protect your accounts, changing your password cannot hurt.

4. Prevent “Dictionary Attacks”

Don’t use dictionary words, your pet’s name, your college or any other words that have an obvious correlation to you as a person. These are easy to find, even just via Google, and so-called “dictionary attacks” – that are extremely common and simple – can crack those passwords in no time.

NOTE: Personally, I also discourage publishing your birthday on LinkedIn or Facebook as this date is a crucial detail to cracking and taking over your (online) identity; especially in the USA where birth date and social security number ARE your identity.

5. Tighten Your Security and Privacy Settings

Facebook, LinkedIn and other social media channels occasionally change their privacy options, which is easy to miss (or dismiss) as those changes are generally not very interesting. For a safe 2017, visit your social channels and review your privacy and notification settings. While you are there, disconnect access for apps you no longer use.

6. Enable Two-Factor-Authentication

Something often dismissed as too complicated is two-step-verification. Most social platforms, banks and other accounts let you enable it. Here is how it works:

  • In addition to your password, every time you sign in, you get a text message or app notification with a code that you need to enter before you get access to your account.
  • You’ll be asked to specify your trusted device(s) to receive the code, e.g. your iPhone or iPad, so only you have access.

7. Don’t Store Passwords in Your Browser

I know, it seems convenient but hackers feel the same way. Browser attacks are very common. Here some more information on common threats by Kaspersky.

8. Have a Security Program Installed

You need a virus protection program at a minimum. And many now come with privacy packages to help you in case you do get hacked. Here a suggestion for 10 virus protection programs. Also consider a service that alerts you to invasions into your personal information, like changes in your credit report. One option is Lifelock.

9. Always Install Updates

Don’t dally when it comes to installing updates to your applications, Operation System or website. While I admit that I sometimes wait a few days when a new OS update comes out so that some main bugs can be fixed first, I never wait for more than a week. If the new release is specifically designed to plug security holes in the software, don’t delay.

Phishing is generally an attempt to get users to click on a malicious URL that will upload a virus if you do. Never click on a URL sent by your bank, PayPal or other account that requires you to sign in. Often, malicious actors will steal your password that way or upload a virus. Instead, go to the site directly and log in from there to check on a message.

Also, be suspicious about the senders of any message you receive via email or social media. Sometimes when I see a shortened link I ask the sender to give me the URL to look it up myself.

The bottom line is that you have a responsibility for your own online security. Many security breaches happen because of carelessness. At a minimum:

  1. Never write down passwords or share them with others.
  2. Never use passwords that are “easy to remember” (as that makes them easy to crack)
  3. Never leave any level of “entry” unprotected: Have (unique) passwords on your firewall, your WiFi network, your computer, your phone, your tablet etc.

Read more: