This post was originally written by David Nield of Field Guide and posted on Gizmodo October 4, 2017.
While you can never be 100 percent safe from hackers, viruses, and other nasties lurking on the internet without going completely off the grid, you can at least cut out the dumbest security mistakes you keep making—seriously, now’s the time to address these, before you have a chance to regret it.
Using the same login details forever You’ve heard it before but we’ll say it again, because a lot of people don’t seem to pay any attention: Do not use the same passwords for multiple accounts, and change your passwords regularly. If you struggle to remember passwords, get an app to do it for you. Using the same password for everything is like having a back door key that also opens your safe, starts your car, and gives access to your bank accounts—if someone should happen across it, they have access to everything. Changing passwords, meanwhile, protects you against the now-regular data leaks happening from companies large and small. If your login credentials appear on the web, it doesn’t matter so much if you’ve since changed them. “Password-cracking technology has advanced by leaps and bounds,” said Darren Guccione, CEO of Keeper Security. “Bad guys now follow their victims on social networks to mine keywords that they feed into malicious programs that use machine intelligence to test variations until the door is unlocked.” “No one likes passwords, but they are more important than ever these days,” he continued. “And the ones that worked for you five years ago are probably useless today.”
Not protecting your phone's lock screen Once someone gets past the lock screen on your phone, they can post to Facebook, read your emails, spam your contacts, and probably order a host of electronic goods from Amazon as well. Still, as many as 15 percent of users still don’t protect their phone with either a PIN or some biometric method of identification. There’s now a wealth of face and fingerprint and iris scanning technology on the market, so there’s no excuse for not using it—and a lengthy PIN code is still just as secure (as long as you’re not entering it in full view of someone else). Something you should definitely avoid is pattern unlock, which is easier to copy, according to a recent study from the US Naval Academy and the University of Maryland Baltimore County. The research showed that two-thirds of people can recreate a pattern having spied on you doing it once through, compared with a six-digit PIN that only 1 in 10 participants were able to copy after a single look. “To protect against shoulder surfing, 6-length Android unlock patterns may appear more secure, but our findings show that 6-digit PINs provide the most security for an observer trying to accurately recreate the passcode,” Ravi Kuber from the University of Maryland Baltimore County, one of the researchers working on the study, told Gizmodo.
Not using two-step authentication We’ve already spoken about how often passwords and login details seem to leak out on the web these days, and two-step essentially puts an extra protective barrier in the way—as well as your username, and password, hackers need another bit of info to log into your account on a new, unrecognized device. That’s sometimes a code generated in an app and sometimes an SMS sent to your trusted phone, but whatever the method, it makes your accounts a whole lot more secure. Just about anywhere you can get an account now offers some kind of two-factor protection: Facebook, Twitter, Google, Apple, Microsoft, Instagram, Dropbox, Amazon... the list goes on and on. The method for setting it up in each case is fairly obvious and straightforward—just dive into your security settings. “If you are just browsing online or watching an item on an online auction, you won’t need multifactor authentication,” Raj Samani, Fellow and Chief Scientist at McAfee, told Gizmodo. “However, if you are buying that item, it’s a whole different story because you are now sharing financial data. You need the right level of security based on the value of the account.” “Hackers find it much less appealing to try to hack a personal account that’s been safeguarded with multifactor authentication, because it won’t be simple.”
Sharing too much information Any information you share publicly on the web can be used to steal your identity, guess your passwords, or answer the security questions protecting your account—from an Instagram photo showing your street to a tweet about your dog whose name you’ve also used for your security question. Of course sharing is the norm now—only people of a certain age will remember how strange (and potentially dangerous) it felt to share photos on Facebook when the feature first rolled out. Still, there’s no reason why you can’t think before you post. That means geotagging only when necessary (and when away from your home or office), keeping real names and personal details down to a minimum, and familiarizing yourself with the tools you can use to restrict the audience for your posts. “It is imperative to understand how you can restrict what someone else can find out about you online,” David Emm, principal security researcher at Kaspersky Lab, told Gizmodo. “Kaspersky Lab research shows that almost a third of people using social networks share their posts, check-ins and other personal information, not just with their friends, but with everybody who is online.” “If you wouldn’t publish something on the front page of a daily newspaper, don’t post it online.”
Using wi-fi without thinking It’s all too tempting just to connect to whatever public wi-fi networks you can find to stay up to speed with Snapchat, Twitter, and Gizmodo, but you should never let your thirst for connectivity cloud your judgment about what’s safe and what isn’t. The trouble with public wi-fi is that everyone else can connect to it as well as you, and that makes it inherently less secure than your home network. If you absolutely have to use wi-fi on the go, the safest way to get online away from home is to invest in a quality VPN package and create your own encrypted route to the web. If you don’t want the expense and hassle of a VPN, there are still safety measures you can take: Check the terms and conditions for getting online, stick to services you’ve already registered for rather than signing up for new ones (where possible), avoid doing anything important on public wi-fi (like banking or emailing), and look for the HTTPS icon before entering any sensitive information. “Public wi-fi is an especially convenient choice for being always on, and is a great alternative to using up our phone data,” said Marty P. Kamden, CMO at NordVPN. “However, public free wi-fi is not safe.”“Hackers and other malicious organizations are always on the lookout for gaps in security they can exploit: Public wi-fi for them is a goldmine if you’re not using the right protective measures to keep your data safe.”