Home Photo of Me

Kevin Zuern

Essential Digital Security Strategies

Published: 06 November, 2017 Reading Time: 6 mins

Every day, new security breaches and exploits make their way into the public awareness. With the world as interconnected as it is, maintaining strong security habits in the digital age is becoming increasingly important. According to Privacy Rights Clearninghouse there have been over 7500 publicly disclosed data breaches since 2005. There are likely many data breaches that have gone unnoticed or unreported. Having your personal information compromised seems inevitable.

There is hope however. In this article I will go over some best practices to increase your security and help minimize the impact data breaches will have on you when they occur. These strategies will also help to protect you from targeted hacking.

Never use the same password twice

I cannot stress this enough. Reusing passwords is one of the worst habits you can have with regards to security. Remember that hacks and data breaches are common. Your passwords will be compromised. If you have reused a password, then if one of the sites gets compromised, all of the other sites you’ve used that password on are now vulnerable too!

One researcher found that 75% of passwords in a database of 805M compromised passwords were reused passwords. If you use a unique password for each site, you will isolate your exposure during a breach to that single site.

Many people have difficulties remembering passwords, and I am no different. That is why I use a password manager to keep track of all my passphrases. This way, I only need to remember one password to unlock the manager, and then can copy-paste the password I need. This strategy has several benefits:

  1. Can use a unique password for each site
  2. Each password can be very strong (25+ characters, multiple symbols, characters, and numbers)
  3. Easier to keep track of which accounts you have and with whom.

There are several excellent password managers out there. I would recommend KeepassXC for an excellent, actively developed password manager. Another popular option is Lastpass. Lastpass is a company that provides password management services and is very popular.

Using a password manager you can easily (and securely!) store and retrieve passwords and other information you might need. When using a password manager, always remember to generate long, complex passwords to protect yourself from password-guessing and other brute force type attacks.

Secure your email accounts

Most websites allow you to reset your account passwords via email. This provides a convenient way for hackers to access your accounts. If your email address gets compromised it can become trivial for attackers to reset your passwords for other accounts. For this reason I recommend you use a very secure password (preferably one generated by your password manager) on your email to minimize the risk of your account getting compromised. Further, I would enable 2-Factor Authentication (2FA) for your email account as well, which we will discuss in the next section.

Enable 2 factor authentication everywhere

2 Factor Authentication (2FA) is an additional security measure you can take to enhance your security. 2FA works by requiring 2 types of authentication factor to make sure you are authorized to access your account. This works by requiring something you know (your password), and something you have (physical access to your phone) in order to log in. This is similar to how taking out money at the ATM works: You need 2 factors - your debit card (something you have) and your PIN number (something you know).

2FA can be enabled for many sites, and I recommend you enable it for every site that you use that supports it. You can check which sites do here.

The basic way it works is to require your user name and password (something you know), in addition to a time-sensitive password available from a 2FA app (like Google Authenticator). These time sensitive passwords are only available on your physical device and change regularly to ensure that only physical access to the phone would allow seeing the current password.

Warning about using SMS as a second factor

Be cautious when using a text message (SMS) verification as your second factor. This is not as secure as using a 2FA app because it is relatively easy to access a phone’s SMS messages if you have the IMEI number of the phone. See here for more details.

Be careful who you give your info to

It’s very simple - the less information there is out there about you, the less there is to be compromised. Avoid creating accounts unnecessarily online, and limit the information about yourself that you put out there. An excellent strategy for sites that demand your personal info is to just give them false information.

Security questions

Many websites ask for security questions to reset your account and to help verify that it’s really you. Banks especially love using security questions. This presents a problem however: many of the “security questions” they have are questions whose answers are readily available online or through social engineering. Think about some of these common questions and where the answers might be found:

  1. What is your mother’s maiden name?
  2. What is the name of your first pet?
  3. What was your first grade teacher’s name?

These generic questions aren’t secure because the answers could easily be found online or elsewhere! My recommendation here is to use false-answers to these security questions and write down what your responses were. This will ensure that even if someone does know your mom’s maiden name they won’t be able to access your accounts. It also removes the chances of that information being compromised if a data breach occurs (again, think of how many websites you’ve used the same security Q/As with).

Check if you have already been involved in a data breach

This is where this whole article will really hit home. There are services out there that catalog the email addresses and passwords that get exposed during data breaches, and allow you to check if your information was compromised. This is very good because it lets you see where you have fallen victim to hacking/poor security practices.

With recent hacks (like the massive Equifax hack) it is hard to keep track of which ones might have affected you. This is where services like Have I been pwned? come in. Simply enter your email address and the service will list any data breaches/hacks (that it knows of) that have involved your email address or username. This service is great because it will also tell you the information that was released in the hack(s), and potentially give you perspective on what data about you might already be out there.

Wrapping up

Remember that the weakest link in most security systems is you! Humans have a limited memory and are not suited for remembering dozens of complex passwords. Use a password manager to generate and remember your passwords for you. Don’t give out more personal information than is absolutely necessary, and avoid creating new accounts needlessly. Stay vigilant about your security and use services like Have I been pwned? to keep track of what data about you has already been breached and publicized.