Today’s guest post comes from Dan Q, Web & CMS Developer for the Bodleian Libraries as well as Technical Director of Three Rings.
Practicing good Internet security is like having a burglar alarm. Burglar alarms, contrary to popular belief, don’t prevent burglary. They don’t even prevent burglary against your property. What they do, though, is they stop you from being an easy target, so the criminals go elsewhere. A particularly determined burglar could learn how to override or break the alarm and could watch your house for weeks on end to learn the perfect time to strike. But unless you’re storing priceless diamonds in your living room, they won’t bother: they’ll just leave you alone and find an easier target.
Burglar alarms, multipoint locks, and motion-sensing lights are popular ways to make your home safer because they’re easy to use and easy to understand. So what two things we can all do to easily improve the safety of our online accounts?
Use two-factor authentication
Many websites require you to log in using a password. That’s what we call the ‘first factor’ of authentication – something you know. The problem with passwords is that if somebody else finds out what you know (for example by guessing, by breaking into a database, by using spyware to record what you type or even just by standing over your shoulder), then they can take over your account. You might not even know about it until it’s too late – for example, when they delete all your emails or use your social network accounts to try to con money out of your friends.
The ‘second factor’ of authentication is something you have. If you use online banking, your bank might require you to use not only your password but also a dongle (perhaps one that you put your bank card into) to doubly prove your identity. It’s an incredibly effective way to protect an account, and you can do it in more places than you’d think, using nothing more than your mobile phone. Learn how to set it up on:
- Your Google or GMail account
- Your Yahoo account
- Your LinkedIn account
- Your Facebook account
- Your Twitter account
- Your Dropbox account
Use different passwords everywhere
These days, people are getting pretty good at coming up with passwords that are long and complex, so that they can’t be guessed by hackers. But we’re all still pretty bad at not reusing passwords, and that’s dangerous. If you use the same password for any two of your accounts, then an attacker might only need to break into one of those two systems in order to break into the other. And because the bad guys can rely upon the majority of the people with accounts on the first system using the same passwords for their accounts on the second, this kind of attack is very popular.
Remembering hundreds of different passwords is just-about impossible, though. But the good news is, you don’t have to! There are a plethora of password managers: programs which will remember your passwords for you. Some keep your passwords securely on a pendrive, others store them encrypted on the web, others still represent a ‘formula’ by which passwords can be generated (and re-generated) on demand. Not only do these tools make you more secure online, but – once you get used to them – they actually make your online life faster and easier, too. Try one of these:
- LastPass and DashLane are both easy-to-use, free, web-based password managers, with optional low-priced top-ups for extra features like smartphone editions and advanced two-factor authentication options
- KeePass is free and open source, and runs on your computer or pendrive, which some people consider more convenient or secure, but can take a little more work to get started
- SuperGenPass generates unique passwords for each site you use, based on a master password (that you don’t use anywhere else); instead of remembering passwords, you just re-generate them; and it’s free
- Mac users might also consider 1Password, and Unix geeks might like pass