It seems as if there’s news of another hack almost every day and sometimes it’s hard to know how to stay safe online. But there are five things you can do to protect yourself – and your family.
1. Look after your passwords
First, how do you know if one of your accounts has been compromised? You should get a notification from the company (like this one sent by Yahoo! to its users) but if you want to check if you’ve been caught in previous breaches, Have I Been Pwnd, which is run by security researcher Troy Hunt, is a quick and safe way to find out.
Enter your email address and if it’s been compromised in any of the 245 breaches the website has data on, it will quickly tell you. You can also set up alerts so that you’ll quickly find out if you’ve been caught in any new breaches.
What if you've been hacked? And how can you secure your email account?
First, change your password – and make sure you use a different password for every single website you’ve registered with. That includes your email, Facebook, other social media platforms, online banking and of course WorldRemit.
Every password should be strong: don’t use easy-to-guess words such as your pet’s name, the street you live on or your favourite football team. You should use a mixture of characters, too: upper and lower-case letters, numbers and special characters.
But don’t pick passwords with obvious character substitutions: hackers know those substitutions too, and so “Pa$$w0rd” really is just as insecure as “password”.
One good approach to strong passwords is to pick a phrase – but not a well-known quote. Hackers have lists of common passwords, which means a weak one will be cracked in seconds. A longer, complex phrase – something like “Grandma’s front door is blue and white”, which you’ll remember, is much harder for a hacker to crack using a brute-force attack.
Choosing and then remembering different complex passwords for every site is hard – so use a password manager instead. There are several to choose from – I use LastPass, but you could pick Dashlane, KeePass, 1Password or one of the many others.
These create an encrypted vault for you to store your passwords and they generate strong, unique passwords for each site and offer mobile apps and browser extensions to make best practice easy for you. All you need to do is create (and remember) one strong master password.
Don't do this with your passwords! Picture credit: Lulu Hoeller /Flickr
2. Turn on two-factor authentication
Once you’ve set strong passwords for every app and website you use and protected them with a password manager, the other key thing you must do is enable two-factor authentication (2FA).
This means telling the website to warn you if someone tries to log in from a phone or a computer you haven’t used before. Enabling 2FA makes it much harder for a hacker to get into your accounts, even if they have your password.
Once you’ve turned on 2FA, the website will send you a message – typically by SMS – with a code that you need to input if you’re trying to log in from a new device or browser. Of course, this means that a hacker who doesn’t have your phone won’t get the code – because he hasn’t got your phone - and won’t be able to log in.
One thing to consider here is what happens if you lose your phone and can’t get codes by SMS. It’s a good idea to have some other way of getting those codes – banks issue devices like key fobs that generate codes, or you could use something like a Yubikey, which does the same thing.
While an SMS code is usually good enough, it does pay to think about how you’d get in to your accounts if you didn’t have access to your phone.
3. Keep your personal information safe
Websites often ask for personal information that only you know, such as your mother’s maiden name or the name of your first pet or teacher, to help verify your identity if you need to reset a password.
First, don’t share that information with anyone else. Facebook quizzes that ask you what your space alien name is, for example, which they say is the name of your first pet combined with your favourite Doctor Who monster, is precisely the kind of information hackers look for. So if you’ve just told Twitter or your Facebook friends that your space alien name is Tiddles Dalek, you’ve also potentially told a hacker some valuable details they could use to reset your password.
Also, remember that you don’t have to give a true answer to those questions. Your first pet’s name might well have been Fluffy, but the website doesn’t care if it’s true. It only cares that you give it the same answer you supplied when you signed up if you need to reset your password.
So rather than share your mother’s maiden name, the name of your first pet and your favourite football team with every single website you’ve signed up with – and thus potentially exposing it to any hacker who gains access to your details – give each site different answers to those questions. Many password managers will store that information for you so that you don’t have to remember it.
Don't use your pet's name as a password. Picture credit: Kate Bevan
4. Protect your phone
It’s not much use being careful with your password hygiene if you don’t secure your phone. With most of using smartphones for everything from email and chat to banking and social media, losing your phone could be a disaster if it’s not locked down.
As an absolute basic, use a PIN to secure your phone, and ideally use six digits, or even more if you can. Make sure that PIN isn’t a number someone else could guess, like your date of birth.
Biometrics aren’t perfect, but if your phone supports facial or fingerprint recognition, enable it: they will deter most casual thieves.
If the worst happens, you should be able to wipe your smartphone remotely: both Android and iOS make it easy.
Your fingerprint is a good way to lock your phone. Picture credit: Kārlis Dambrāns / Flickr
Always secure your phone - a PIN is a good way to do that. Picture credit: HishMFaz /Flickr
The thought of being hacked is worrying – but if you follow our steps, even if your account details are compromised, the chances are you’ll still be safe.
Originating at www.worldremit.com
SSNIT must be managed without gov’t interference – Austin Gamey
Ejisu by-election could go either way between NPP and independent candidate — Gl...
We never asked ministers, DCEs to bring NPP apparatchiks for returning officer r...
No one denigrated the commission when you appointed NDC sympathizers during your...
Used cloth dealers protests over delayed Kumasi Central Market project
A/R: Kwadaso onion market traders refuse to relocate to new site
Dumsor: Corn mill operators at Kaneshie market face financial crisis
Jamestown fishermen seek support over destruction of canoes by Tuesday's heavy d...
Election 2024: EC to commence voter registration exercise on May 7
Public schools rebranding: We’re switching to blue and white, we’re painting all...
