How to Protect Your Online Identigy
Tue, 06/03/2014 - 12:28pm | by Helen Hoart
Many of us still pick convenience over security when it comes to protecting our online identity.
Take this simple test:
- Do you use the same password for all your accounts?
- Is your password something like “password” or “letmein” or your child’s name?
- Is your password your favorite sports team or 1234?
- Is your password just letters and less than six characters?
The questions above are based on typical behavior for many people, according to internet security experts.
Passwords are still central to our online security. Security experts advise us to choose better passwords that will make it more difficult for hackers. But we are predictable and don’t want to give up convenience. It’s just too easy to remember one password for all accounts. But when one site is breached and you’re using the same password for all the sites you use, you are vulnerable.
What can you do?
First, make sure passwords for your bank, your PayPal account or other accounts where your credit card information is stored are different than the password you use for accessing a site that doesn’t hold personal information.
Second, make your passwords for those sensitive accounts at least double digit and use an alphanumeric combination plus punctuation in the password.
Third, don’t store your passwords on your computer in files marked Passwords. Security expert and former hacker Kevin Mitnick says when he does security checks for large corporations he frequently finds text and Excel files with the title Passwords.
Another option is to use a password manager. A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Check out this article in PC Magazine for a review of various password managers.
If you have a Gmail account, Google’s Matt Cutts urges you to use two-factor authentication (also known as two-step verification). It relies on something you know (like a password) and something you have (like a cell phone). Here’s how it works with a cell phone. In addition to your username and password, you'll enter a code that Google will send you via text or voice message when you first set up the two-step authentication. “Crackers have a harder time getting into your account, because even if they figure out your password, they still only have half of what they need,” Cutts said.
PayPal and Dropbox have a similar two-step verification process.
It’s not surprising that many people don’t take advantage of this. It’s an extra step and it’s inconvenient. But … think about how much more inconvenient it would be if your accounts were hacked and your personal information was compromised.