Some time back a close friend called me for advice on how to protect his passwords, and more generally all of his digital information. He is feeling overwhelmed by the amount of data he has to remember like passwords, usernames, etc. He knows that if he starts writing down sensitive information on paper, I will kill him. Do not write down sensitive information on paper (If you are not going to properly protect this paper of course).
On this post you will find a list of points that will probably help a lot of people, especially if they didn’t do anything of this yet.
Let me start by saying this: Your information is yours and should never be on the hands of someone else without your knowledge. A lot of people I tried to share these tips with across my life, gave me answers like: “I don’t have anything important”…
What these persons usually fail to dimension is that they are not in general conscious about the amount of data that one accumulates over time and through different services.
Today it might just be some pictures of cats and dogs, tomorrow you start adding family photos, then your bank account access information, and then other more sensitive information.
So it’s better to start securing your digital life as soon as possible, and here are some things you can do about it:
1 – Use a password manager
This is an application or service that will help you store safely all passwords, notes and other sensitive information secured as it is encrypted. Usually it will also allow you to configure more than one level of security to access the information. I personally have a LastPass family account which allows you and 5 other family members (or friends) to have a shared account under the same premium account (note that the information of each account is not shared across users unless each person decides to explicitly share it). Other well known online based services are: 1Password, Dashlane, Keeper among others, but I have only used LastPass since years and I am very happy with it.
If you open an account through this link you would get 1 month of free LastPass Premium and I would get another month. Apple and Google also offer their own proprietary solutions if you feel comfortable with them.
Alternatively if you don’t feel comfortable having all your passwords online, you can use an app like KeePass which will runs locally on your computer.
2 – Enable 2 Step Verification
On all the services that actually allow you to do so. In short, 2SV is a way to protect your account with something you know (your password) with something you don’t know, a token. Many years back, physical tokens where handed over by companies to employees to securely connect to their internal systems from the internet, some banks also offered these, and some companies still do this.
Nowadays is more common to see tokens in the form of mobile Authentication apps. I personally use Authy and it works great because it allows you to configure all the services you need, while at the same time allowing you to backup and restore all of them at once in case you need to change your mobile device. If you want to check more information about what 2SV check this link and if you want to know how to enable it for common services like Gmail, Facebook, Twitter, etc. check the following link they have updates guides.
3 – Pay attention to phishing attacks
If you never heard about phishing attacks, these are ways to trick people to share private information or access to services, banks and others without them really willingly doing it or understanding what they are doing. Someone trying to steal your bank access might send an email with your bank logo asking for something. It’s important to check closely the information of the sender, the email address from which the email was sent from and anything out of place. If you pay attention to these details you will mostly be safe. Just remember, no bank or service will ever ask you for your password. They might ask you to change your password, for example because they had a security breach, but still you need to be careful because if the link you open to change the password is not from the company they are claiming to be, you might be entering your real credentials on a fake site, and if you don’t have 2 Step verification enabled on that site, your account will be compromised.
If you have any doubt, always start a new browser window, type de address of the online website manually (or open it from a trusted link like a bookmark) and change the password for the site. A password manager like Lastpass might even offer to change the password for you automatically as these services are implementing automation to offer this as part of their offering. Also be careful with phone-calls sometimes you can be targeted by scammers over the phone, that might trick you with questions to unwillingly share personal information with them, if you suspect you are being victim of a phishing attack hang up the phone or check online, if somebody faced the same type of attack it will most probably be shared by someone else. Alert your friends and families in case something like this happens to you so they are also careful.
4 – Browsing the Internet and share information with caution
Be careful with which websites you share your information. With more and more services being offered over the Internet is natural that we have to register on a lot of them, and some request us more or a bit less of our personal details but all will ask for some sort of them. Ensure that you share information with trusted websites. This is easy to say, but might be difficult to do. A way would be to register on websites and services that you read about on a trusted source (like a review or a prestige media outlet). An alternative is to check if a close friend or that IT expert in the family or friend knows about the service or if he/she recommends it or maybe offers an alternative depending on what you want to achieve (but remember Google your answers before bothering someone, they will be happier to help if they know you did your homework before reaching for help). Try to seek for a reference, the same way you would do it if you hire someone or ask for references on a good plumber 😉
5 – Entering personal or credit card details only on secure websites
This should be a strict rule, DO NOT, enter any credit card or personal details on websites which do not offer a secure connection between your device browser and them. It’s really easy to check this, before entering any of these sensitive details, double check if on the website address bar you see a HTTPS (The S is key here) it could also show a SECURED or closed LOCK and in green colour. These are standard mechanisms that will ensure your connection is encrypted and will minimise the chances that someone in the middle could get the information you enter on an online form. If you have a website of your own, it is highly recommend that you offer a secure experience to your visitors by having a certificate installed and offer “https”.
6 – Protect your device with an anti malware or antivirus software
Especially on computers, ensure you use a good antivirus. I personally use since years Malwarebytes, a very solid service to protect your personal computers from malware. These are like little applications that mostly have a harmful purpose taking a hit on your device security and compromising your data and probably your personal details. Malware can be disguised on web page links, on email attachments, on files you may download from different sources. Never trust a file, a link, an attachment or even a physical media like a USB drive from someone you don’t trust or from a website which you don’t know or have no way to check for references. There are other antivirus solutions with a good grade of prestige like: Symantec, Kaspersky, among others (here you have a TechRadar review for 2019 top antivirus programs). I personally wouldn’t recommend free solutions like AVAST and such which sometimes install additional software (they have to receive some revenue if they give their product for free). The embedded Windows 10 included antivirus is of course better than nothing, but still be careful, you might not have the same level of protection as from a company who primary focuses is to develop a good anti-malware or antivirus solution.
7 – Backup your files
Decide how much of your personal information (files, pictures, videos, etc.) you are willing to lose, if losing everything doesn’t bother you then this point might not matter to you. But if you really would feel frustrated if you lose all the pictures of your family, or those videos of your son or daughter first steps, then you need to ensure you have a backup plan for all these files.
One of the classic old ways of making backups of your files is to copy them on an external hard drive, and this is in general fine. But while this approach is better than nothing, it has the main disadvantage that unless you have a strict conduct, you will probably not remember to connect this external storage unit to your computer as often as you should to keep your backups up to date.
Fortunately there are several things you can do in addition to a manual backup to an external storage media. If you feel comfortable with it, and if you need to primarily backup pictures, you can rely on Google Photos, which will backup all your pictures and videos for free (watch out the resolution is slightly decreased) but it’s free. You might want to check the conditions on which this service is offered though. If you want an alternative more flexible way of backup you can use Google Drive and pay for some extra storage (the free version offers I think around 10GB only). There are very affordable plans like 100 GB for just USD 2 a month. Apple also offers online iCloud storage at similar prices and there are other market pioneers like Dropbox and OneDrive who also offer this type of service. Have a look at what BackBlaze offers, unlimited personal backups for USD 5 a month per computer, and they are in the market since many years.
If you just need to backup only your pictures you can use one of the before mentioned services. I also use SmugMug.com who offer several nice affordable unlimited online storage plans where not only you can backup pictures and videos but also create online galleries and share them with your friends and family. You can even define who you want to also be able to upload pictures to these galleries and collaborate.
Most of the online file backup services offer simple ways of synchronizing your files to their servers automatically (while you are connected to the Internet of course).
The best practice for backing up information is to always have 3 copies of your data. For example:
1 – The original.
2 – The copy on your external media.
3 – The copy in the cloud.
8 – Installing applications only from trusted sources
On mobile devices and computers, ensure that the applications that you install are coming from trusted sources. In Android and iOS (Apple) devices this is from their respective Apps. Stores. Do not install applications from outside these two app stores. In the case of computers, on the Mac you can also trust only applications of the Apple App Store and on Windows, there are more and more applications made available on the Windows Store, both of these options will give you the peace of mind that they were checked for malware and viruses, but they are not bulletproofed.
If you still need to install applications from outside these stores, make sure you have a good antivirus protecting your computer and that is up to date. This will ensure that as soon as you download the installer this is scanned by the antivirus or anti malware program.
9 – Protect your mobile devices with a pin code
Nowadays protecting mobile devices is even simpler than in the past, most modern mobile phones and tablets offer fingerprint readers or face scanners included with them that will help you lock your devices and easy unlock them with the touch of a button or by looking at them. These mechanisms are quite safe and although you may read on the media that some people were able to “hack” them, these hacks would be quite complex to achieve by most people. If your device doesn’t offer a fingerprint reader, make sure to at least lock it with a 6 digit pass code that is difficult for someone else to guess. You don’t want somebody accessing your mobile device, your pictures all your contacts without your authorization.
10 – Choose your passwords wisely
Last but not least, with a password manager which we talked about on point 1, you have the possibility to easily create one individual password per each service you have. So the times of “I can’t remember a password for everything” are over, you don’t really need to remember them anymore. The password manager can help you choose your passwords and you will store them in a safe place, so nothing to write down anywhere and no need to choose passwords you need to remember.
There are websites like https://haveibeenpwned.com/ which show you some interesting statistics about stolen passwords. At the time I wrote this article 6.8 billion accounts of different services had their password stolen or leaked to the internet (and these are just the ones tracked by this website).
Do NOT use the same password on different websites or services, believe me this will ease your pain if one of these websites gets compromised.
If you still choose not to use a password manager and prefer to create your own passwords, make sure they are complex enough to be difficult for someone to guess. And as mentioned on point 2, always use 2 factor authentication when available.
What is your experience? Do you have any other tips that resulted well for you? Feel free to share them below.
If you liked this article, please share it with your friends and social accounts 😉 Thank you!