In today’s edition of Unsolicited Tech Advice from Mitch, I’m going to share an awesome way to prevent your accounts from being hacked. It’s simple, free and has saved my butt hundreds of times.
Imagine for a moment this nightmare scenario:
You wake up one morning and can’t log on to Instagram. Worse, you start to get messages from friends about something nasty posted on your Facebook account but can’t log in to that either. You check your email and see that someone has changed the password to your bank account and that a funds transfer has been initiated without you knowing.
It’s a terrifying moment made even more so when you realize that there is nothing you can do to stop it.
To state the problem plainly: There are teams of very sophisticated hackers attempting to break into your accounts online every day. As a result, your financial security, online identity and credit are all at risk. Sorry to scare you but it’s true. So let’s take a minute to easily protect your online identity before it’s too late!
The problem with passwords
Passwords are frankly an awful solution for confirming identity online. They give us a false sense of security. Most of us reuse the same simple password or a variation of it across the web. This gives thieves an opportunity to steal that password with some these tools, and then use automated software to find where else you’ve reused that password across the web.
Most people don’t think about this, and hackers prey on them all the time… all over the world. They’ll succeed and steal your stuff unless you follow the steps below.
How to protect yourself online
1. Create a unique password for each account
The first step to true online security is to ensure that none of your passwords are reused across the web. Luckily, most modern operating systems have introduced tools to help create complicated and unique passwords for each site. For example, iOS will generate a complex password for you, store it in the device’s “keychain” and insert it to make logging in easy. Do this.
iOS also has a Passwords & Accounts section in the Settings app that displays all your usernames and passwords as well as a warning on any accounts with a reused password. I’d recommend taking an hour and changing any reused passwords as indicated in that app. Third party password managers like 1Password offer similar functionality.
2. Two-factor authentication
Given the insufficiency of passwords, most websites now offer a second form of authentication to bolster security. This is commonly known as Two-Factor Authentication. There are a handful of second-factor options out there, but many of these options have their own security issues. I’ll list two of these two-factor authentication options below:
Text message or e-mail: The most common second factor involves a unique code being either emailed or texted for use in tandem with your password. The problem here is that if a thief has access to your email or phone number, this method will not prevent the theft. Remember, thieves are sophisticated and absolutely have the ability to hack your email or gain access to your phone’s SIM card number, receive the unique code and steal your account. They aren’t messing around.
Hardware: A physical factor of authentication is much more secure than a digital one like a text or email. Luckily, everyone in the world already carries just such a piece of hardware in their pocket! This is the better route to go.
There are dozens of apps that turn your smartphone into an impervious form of security for your online identity. These apps create unique log-in codes for each of your accounts that are tied to your specific device and can’t be snooped on or spoofed from any other device in the world. I’d recommend Google’s Authenticator app or Authy. (We use Authy.)
After downloading an authenticator app, you’ll need to go to each of the online services you want protected and enable them in the app. Nearly every online service offers two-factor authentication now and they’ll each have instructions on how to enable it for your account.
This method works simply. Anytime you want to log in to an account online, you’ll be asked for your unique code, so you open the app and find the code for that particular website. It’s as easy as can be and the only way to truly protect yourself online.
Warning: Relying on this hardware solution does take some personal responsibility. If you forget your password, lose your phone or trade it in for a new phone, you’ll lose access to all of your accounts. But don’t let this deter you. It’s still SO important to do it. And luckily, most of these apps have the ability to use a second or third device (like an old phone, tablet or computer) as a backup. They also allow you to create a backup password. But, again, if you lose those devices or forget your backup password, all your accounts will be gone for good. So put some thought into it!
Do it today.
If you’re this deep into the post, I’m guessing that you have concerns about online security. And that’s awesome. Don’t feel overwhelmed; just get started today.