In the ancient mists of the 1990s and before, we used things like file cabinets, photo albums, and mattresses to store or protect important things. Nowadays, we put a great deal of our important stuff in the omnipresent, nearly omniscient hands of the Internet. Life on the Internet affords incredible convenience, being able to access whatever you need from basically anywhere you go. But it also creates new security concerns. Everything we put online is vulnerable. In today’s digital world, we need to attend to “cybersecurity” as much as we attend to home security.
Passwords: the Achilles Heal of the Internet
Pretty much every website and app in the world requires a password. Whether they require combinations of capital letters, numbers, symbols, or a certain number of characters, or whether they just leave it up to you, passwords are a headache. And because we need so many of them, and need them so often, most people use the same passwords over and over again. What about you? How do you come up with passwords?
It’s very common to use a combination of short words and birth dates, like “[email protected]”. But there’s a big problem with this. Because more and more of our personal information is accessible online, cyber attacks (e.g., hacking) has increased tremendously in recent years. Hackers make use of ‘dictionaries’ that will quickly break a password like “[email protected],” despite the clever substitution of “a” for “@”. And the use of personal information, like your birth year, is also risky, since that kind of information can be found on Facebook easily enough.
To make passwords strong, make them weird and long.
One solution is to use a “passphrase” (a random string of numbers, letters, and symbols) instead of a password. But who wants to type out “Kdh4*#(cbnned839%$(@*z3kj” every time you log in somewhere? Instead, as outlined in Kevan Lee’s helpful article, you could use an entire phrase as a password, something that makes sense to you but is complete unguessable gibberish to someone else. For myself, I might take a phrase like, “I had a dog named Rascal who always stole my mittens,” and turn it into a gibberish password like, “[email protected]”, or even use the full phrase as a ridiculously long password, “IHadADogNamedRascalWhoAlwaysStoleMyMittens.” The longer the password and the more varied in its characters, the more time required to crack.
Password-Recovery Questions: The Unguarded Backdoor
Many services, such as Gmail, get you to set up security questions to help you recover your account if you forget your password. This is really helpful, but also introduces another potential security breach. If your questions are too general or your answers too easy to guess, the strength of your password won’t matter if a stranger can guess the answers and gain access to your account.
Your security answers are passwords, too.
To keep even your security answers secure, make both the questions and answers random and unguessable, even if the answer is untrue. For example, if you use a question like, “Where did I go to elementary school?”, there may be hundreds of people who can answer this question correctly.
A more secure question would be: “What’s the best way to prepare a margarita?”
Answer: “Under a lawn mower when the autumn leaves are falling.”
Ridiculous? Yes. Secure? Also yes. Who could guess that you’d have such an odd method for mixing drinks?
Muscle-up with Two-Factor Security
Recognizing the increasing threat of cyberattacks, many internet companies have started adding layers of security to help keep your information safe. Usually this is called “2-factor security” or “2-step verification,” meaning that you must present 2 separate pieces of information in order to log in. In most cases, this will be your password and a one-time code sent to your phone. This way, even if someone guesses your weird password, they will still need access to your text message to gain access to your account.
Of course, it’s a bit annoying to have to input a code each time you log in. Thankfully, the use of 2-factor security is maturing, and companies are finding ways to make the burden of security easier on us users.
Google is a good example: When attempting to log in to Google, the “Google” app on your phone will offer you “Yes” and “No” buttons to allow you to permit or deny the login request without having to type in a code.
HTTPS: Look both ways before you cross the server.
More and more websites are guarding themselves with security certificates. If a website is protected, you’ll see a ‘lock’ icon in the address bar. This means any information you enter on a website is protected from hackers with a high level of encryption. As a security-conscious user, look for the lock before submitting any information. (Of course, it’s also important to consider what kind of website you are on. Scammers go to great lengths to convince you they are legitimate. Check the address bar to make sure you’re on the website you intended to visit before you share any information. Read more about that on Mozilla’s blog.)
Privacy Plugins to Ward Off Cookie Monsters
You can also arm your web browser to stop snooping websites and scripts from tracking your movements, installing unwanted ‘cookies’ on your computer, or sniffing for sensitive information. An excellent option for Chrome is Privacy Badger, which proactively (and aggressively) detects and cuts off scripts and trackers that try to stick their noses where they don’t belong.
Don’t assume you’re immune.
Perhaps by now you’re thinking, “Good grief! This is too much! Who would want my data anyway?”
The word “hacker” conjures up images of a greasy-haired guy in a basement, surrounded by screens and pizza boxes. But these days, the real threats aren’t humans -- they’re scripts. Scripts don’t pursue people, they pursue information, information that all of us have. Whether you’re a small-town beet salesman or a big-time corporate executive, you have bank account information, credit card numbers, a Social Insurance Number, passwords for other accounts -- things that will allow hackers to steal your money, your identity, or both.
It isn’t fun, but it’s necessary.
We brush our teeth, lock the doors at night, and wear seatbelts when we drive. None of these things are fun, but we do them because we know they protect our well-being. The Internet is deeply integrated into our lives. We need to attend to cybersecurity simply because of how much of our lives are connected to cyberspace.
It only takes half an hour.
Take 30 minutes out of your week and protect your online life. Strengthen your passwords. Safeguard your accounts with the security features available to you. Arm your browser against snooping intruders. And then, knowing you’ve done what you can to live well online, go forth footloose and fancy free like Kevin Bacon.