Over the course of the past few months, there have been countless reports on applications being hacked, passwords being stolen and user data leaked. It’s a trend that’s on the rise and it is probably here to stay. In the meantime, can we do anything to protect our digital lives?
Up to a certain point, our security on the internet is in our hands. However, most of us don’t pay much attention to it. Often, for the sake of comfort, we voluntarily choose to use weak passwords. Many of us, have probably gone (or are going) through the phase of using one password for everything. It’s convenient. But the convenience this approach brings us has a big downside. One password means one single point of failure. In case somebody hacks one of the sites you are using, your whole digital presence is compromised.
iOS by default tries to backup all your photos to their iCloud. It’s not only a way to get money out of your pocket for more cloud storage. The real purpose is to protect your data. If your iPhone was to fail one day, you would lose all your photos, it would be the single point of failure. However, by duplicating your data, it is now more resistant to such loss.
Similarly, by using more passwords, ideally unique for each service, you mitigate one very common security problem. Only by using non-repetitive passwords you’ve already greatly increased your security. So, kudos to you.
Unfortunately, nothing comes without any disadvantages. The most obvious trade-off here is the simplicity. We now have a lot of passwords to remember and we also have to create a unique password for each new account. Solution? A password manager.
A password manager can remember all our passwords for us and even generate new ones with ease. Even though password managers can be the single point of failure, with proper security, it is probably the best option for most of us. The key is to create a long and secure master password (the password with which you unlock your vault). If you are a bit skeptical (like me), I recommend you to generate your master password with Diceware and go with at least 6 words. If you’ve chosen a manager that’s hosted somewhere in the cloud (such as LastPass) I also strongly recommend you to opt-in for two-factor authentication (2FA).
When you enable 2FA, you need to input a code generated based on time and a key, to log in to the particular service. Usually, you use an app on your phone (for example FreeOTP) to scan a QR code containing the key and then the app generates the code for you (this is a big oversimplification of 2FA). It’s fairly simple for you, but it does its job (till someone steals your code-generating device, but that involves other problems on its own).
Furthermore, you don’t have to restrain yourself to enable 2FA in your password manager only, you can do so with your emails, and other apps that support it.
To even better protect your accounts, you should regularly change your password and check for any breaches involving you. For the latter, you can use Firefox Monitor, which will periodically check your email address against known breaches.
If you’ve followed the steps outlined here, you’ve probably done your best for your online security. The rest is the responsibility of service providers and other parties you entrust your data to. It’s their job to store your account details securely, not like in the recent Facebook case. Till companies, decide to focus on security as the number one priority, it is all within our hands. Strong unique password, two-factor authentication, regular security checks. Our weapons in the fight for secure internet.