9 tips for protecting your digital life
So much of our lives is online nowadays… and most of the time we don’t really think too hard about how secure our data is. We trust that our passwords are strong enough that no one will guess them. We trust that the services we sign up for have solid protection. But how safe are you really? Mat Honan, a senior writer at Wired.com, recently found out the hard way.
So in the spirit of digital safety, here are 9 things your can do to keep your digital life out of the wrong hands.
1) If you use Gmail and other Google services (and really, who doesn’t?), turn on 2-Step verification on your Google account.
What is 2-Step verification, you ask? 2-step verification adds an extra layer of security to your account by requiring you to sign in with both your password and a code sent to your phone (via text message or voice call). “Trusted” computers, like your home and office computers, only require this code once… but if someone were attempting to access your account without your knowledge, the “untrusted” computer they’re using would prompt Google to require the additional code before granting them access, even if they have your password.
Turning it on is simple. Log into your Google account, and click on your avatar up in the upper right corner, then click on Account in the box that opens. On the lefthand side of the new page, click on Security. 2-Step Verification will be listed as a security option. Click the edit button next to it to set it up. You’ll be asked to re-enter your password for security purposes, and then will be taken to the setup screen. From here, you just follow the onscreen instructions.
If you have an Android phone that uses the account, you’ll need to create an Application-specific password during the 2-Step verification setup so that it will continue to have access (don’t worry… it’s auto-generated and you’ll only need to enter it once on your phone).
2) If you user Facebook (and again, who doesn’t?) turn on one or more of the optional security features.
Log into Facebook, and then click the down arrow in the upper right, and go to Account Settings. On the left, click on Security.
From here, you can enable a number of features designed to make your Facebook use more secure. Among other things, it has a feature similar to Google’s 2-Step verification process, called Login Approvals. You can also have Facebook send you an email or text message any time someone attempts to log into your account from an unrecognized device. It might not be a bad idea to activate Secure Browsing as well, if you do a lot of your Facebooking over wifi or mobile connections.
3) Be careful when daisy-chaining your important accounts.
If someone gains access to one account, they may end up with access to all of your accounts. For example, if your gmail account is compromised, and it is the password recovery address for your Amazon account, the person who broke into your Gmail now has the ability to gain access to your Amazon account as well, with very little effort. With your Amazon account, they can view your billing address as well as the last 4 digits of any credit car you have on file (which many other sites, most notably, perhaps, Apple, use as security verification).
In some cases, this is unavoidable. One thing that can help is to create an email account that is ONLY used for password recovery, and never use it anywhere else or give the address out to anyone. Security through obscurity.
4) Password-protect your wireless network.
It should really go without saying, but put a password on your home wifi… don’t leave your network open out of convenience. Not only is it a security risk, but who knows what your neighbors might be downloading over your internet connection.
5) Backup your data.
As a web developer (and having experienced first hand what happens when you don’t do it and something breaks), I back up almost religiously. Not everything, but certainly the things that I can’t afford to lose. Actually, I dual-backup. First to an external hard drive and then to my Dropbox account. If the worst happens and some random malcontent decides it would be funny to wipe out the data on your MacBook via Apple’s iCloud “Find My” tool, at least you won’t lose your important files.
6) Stop using the same password for everything.
I know you do it. I’ve been guilty of it, too. Stop it. And stop using “password” for your password while you’re at it.
7) Be mindful of what you allow your accounts to sign into.
A lot of sites these days have that nifty little “Sign in with Facebook” or “Sign in with Twitter” or “Sign in with Google” button. Isn’t it nice not having to create dozens of accounts? Well, yes, it is. But it can also be a security issue, since, if the account you use to sign in with gets compromised, the person who broke in now has access to everything the account has access to. That means that if someone gets access to your Facebook, they can post as you not only on Facebook but also on any other site you use Facebook to sign into.
Review what you’ve granted access to on a regular basis, and revoke access to anything you don’t recognize or don’t use anymore.
8) Have your smartphone upload photos to Dropbox automatically.
It’s not so much a data protection tip as it is a phone protection tip. Dropbox has a handly little app that has the option of uploading every photo and video you take with your phone to your Dropbox account automatically. It also has a PIN-protect feature to prevent a theif from disabling this. If you phone is ever stolen and the thief is dumb enough to take pictures of themselves and their surroundings, you’ll have access to those pictures via Dropbox… which can go a long way toward tracking down you phone.
9) Beware of social engineering.
The most common way a person gains access to someone else’s accounts is via social engineering. Getting someone to just GIVE you their password is a lot easier than actually hacking/cracking/brute-forcing someone’s password. And people are surprisingly eager to divulge confidential information to people who are skilled at the game.
Don’t give your passwords out. Most sites state right in their terms of service that they will never contact you asking for your password or other login details. If an email looks suspicious, treat it like it’s an attempt at stealing your account. If in doubt, forward it to the customer service email for the site it claims to be from and ASK if it’s a legitimate email (never reply directly to the From address on the email).