Our ongoing Experiment with the Google Chromebook has naturally led to more reliance on Google’s Cloud services then I had been used to in the past. This prompted me to activate Google’s 2 Step authentication for my account to make it more secure. Shamefully, I admit that I was slacking and should have done this long ago, but you know how things get. It’s fixed now, however the experience prompted me to write about how important it is to take every step possible to protect your online identity.
Let’s look three basic first steps everyone should use to protect their identity online.
Use Encrypted Connections
If your login for email, or any other web site allows for an HTTPS or some other form of encryption for your connection, use that rather than a standard HTTP connection.
Most “normal” POP/IMAP email accounts pass login information in a “clear text” or unencrypted packets of data. These network packets could potentially be intercepted and pieced back together by someone looking at the right piece of the internet at the right time. Note, this is not an easy thing to do, but given the time and the tools it’s possible.
By using an encrypted connection, the same communication packets may be intercepted, but they will be encrypted and extremely difficult to crack. Most email providers do provided an encrypted configuration, so it’s best to check the support site for your email provider and check. Google and others use HTTPS for everything by default now so if you are not sure look at the top of your browser where the web address is located and if you see https:// at the begining of the address bar you are good to go.
Use 2 Step Authentication
If a web site or service allows for 2 Step Authentication, enable it.
2 Step Authentication is a process where any login to your account from an “unauthorized” device will prompt the user for an authentication code before allowing a successful login. If someone is trying to access your Google or Facebook account from a computer that is not yours they will not get in even if they have your password.
Authentication codes are usually sent as either text messages or phone calls to a list of pre-approved phone numbers or email addresses. Once the service detects your login from an unapproved device, they will send you an authentication code. After entering the code you will be logged in normally. Most services have the ability to designate new approved devices so you don’t have to use a code every time you log in.
I can tell you from experience,there is some pain after you set up 2 Step Authentication for the first day or so. You will have to re-login/authenticate all your computers, tablets and phones for the first time, but after that it’s pretty painless.
Sites like Google, Facebook, Twitter, Dropbox, Apple, PayPal, Microsoft, Yahoo! Mail, LinkedIn and others all allow for 2 Step authentication. Check any other web sites or services you may use to see if they support it as well. Again, the benefit here is that even if someone has managed to get your password, they will not be able to get into your account from an unauthorized device.
Don’t Use the Same Password Everywhere
Don’t use the same password for everything! I know that having 50 different passwords is hard. You can never remember them when you need them most, but a simple way of having a unique password is to use a compound password where either the first part or the last part of the password is different for each site and the other part remains consistent.
As an example, let’s say your base password is “Piano?1” and you want to create a password for your bank website. You would then add something to the front or back of your base password that you associate with your bank. Let’s choose
Greedy Interest for the sake of the example. (Though I’m sure you can be more creative than that.)
Our new bank password would be either “InterestPiano?1” or “Piano?1Interest.” By all accounts that’s a pretty strong password. We have more than 8 characters, mixed case letters, special characters, a number and it’s not a single word. This should pass the “Password Strength” test for just about any website.
So we have a plan, but now you’re scratching your head thinking; “But I still have to remember 50 different passwords.” Well you’re right, but these will be easier to remember because the Random part is a word you already associate with the site you are logging into. The Static part is a goofy thing you made up that you will not forget easily, especially after typing it 50 times. Now, if for some reason your password is compromised you only have to really change ½ of the password rather than the whole thing.
Oh and one last tip, everyone says you should not write your passwords down in one place, but everyone does because there are so #@$!@$ many of them. Rather than writing your full password for each site, you now only have to write down the Random part of the password for each site. Since the Static part rarely/never changes you can keep that in your head. This way even if your cheat sheet is compromised, you have not given away all of your passwords.
Now taking these steps will not give you an Iron Clad Guarantee of security, but it’s certainly going to make life harder for someone to hack your accounts. As the last few months of news headlines have shown us, there is really no way to completely secure you data from everyone. However, those who don’t take at least the most basic precautions to protect themselves are doomed.