In this digital age a significant portion of our lives is governed by a user id that is in turn protected by a password. This combination of 6 – 14 digits is generally your only defense mechanism against your entire online existence going up in smoke if it becomes compromised. Before we get into how to keep your online accounts secure, we need to identify the habits which make us vulnerable.
- Most users reuse the passwords on multiple sites
- Most users keep the same username
- Most users use a single email address to reset / recover all their other online accounts.
- Most users use that same email address as their user id
Use strong passwords
Use atleast 8 digits that includes letters, numbers and ideally a special character for your password. Use a longer length for more important passwords. Avoid dictionary words, continuous letters on the keyboard, the term ‘password’, your name, date of birth etc as your password.
Enable 2 factor authentication where available
Those who use Gmail should enable Google’s 2 step verification process. The 2 step verification process allows a user to login only after you enter a code through an offline method i.e. via phone call, SMS, backup codes or an authentication app on your smartphone that has already been approved/setup for that account previously. You can read about setting that up here.
Use an anonymous email address that does not imply your name or online identity
Keep your reset email address unique and out of character. Yes keep it meaningless for others. It should be the type you would know. It maybe time to use the email address you are not supposed to put on your CV.
Register sensitive accounts via your anonymous email address
Register all your important user accounts on an address not listed anywhere on the web i.e. on the unique email address you just created (above). Such user accounts typically require a separate user id thus you can keep your online persona but not disclose your personal email address. Never use this email address for any correspondence or outgoing emails. It should only be used to drop communication from your providers.
Give bogus answers to security questions
Your answers to security questions don’t have to be true, you just need to remember them. The next time you setup a security question give an unusual answer that a Google search or your Facebook profile cannot reveal.
Use 3 levels/sets of passwords
Keep your passwords distributed according to your accounts. e.g. the password you would use for your anonymous email id for recovering should be more complicated and hard to guess for anyone. This should be along the same lines for your online banking, PayPal and credit card accounts. Passwords for your utility accounts and any account that keeps your personal information (such as Dropbox and iCloud services) come into the same category. These should ideally not be reused anywhere in any form either.
The second password level can be for your online presence that is known to people and the compromise of such services would set you back significantly. Services as Facebook, Twitter, LinkedIn etc come into this.
The third password set/level can be for the services you test out and other random services and forums that need you to login with an id and password.
The above steps are a way to keep your digital footprint safe from a domino effect if one of your important accounts get hacked or it becomes compromised.