Better Personal Online Security in Two Steps
2 min read
It feels like every month there’s another security breach. Thousands, sometimes millions of accounts and passwords are compromised whenever this happens. If you are active on the internet, it’s almost certain that at least one of your passwords has been leaked.
You can check for yourself at haveibeenpwned.com.
If you use the same password across many accounts, the effects of a leak can be particularly severe. An attacker could gain access to all the accounts that share the leaked password. The solution to this seems simple at first; use a different password for every account. But, with an increasing number of applications requiring you to sign up with a password, it’d be impossible for you to remember them all. And even if you have a unique password for each of your accounts, if your primary email account is compromised, an attacker could use the forgot password functionality to get into all your other accounts.
So there are two key problems to solve here.
First, you need to have unique passwords for your accounts. You can use a password manager to keep track of as many unique passwords as you want.
Next, you need a secondary method of authorization for your accounts. This means that when you log in, in addition to entering your password, you enter a secondary code or other input that your identity. This is called two-factor authentication or 2fa for short.
Let’s break these two steps down:
1) Use a password manager
This may seem intimidating at first. Which one do you use? How can you move a lifetime’s worth of passwords into this?
Tom’s guide has a comparison of password managers to help you choose the right password manager for your needs.
Once you’ve picked one, you can ease the migration by progressively adding passwords to your manager, instead of trying to move everything at once.
Whenever you log in to a website with a memorized password, go to settings and add update your password with one generated by the password manager. Almost all password managers have browser extensions and mobile apps to make this process straightforward and simple. In time, all your frequently used passwords will be offloaded from your brain to your password manager. I started this process two years ago, and currently have 150 accounts in my password manager’s vault.
2) Enable two-factor authentication
Two-factor Authentication or 2fa for short can take a few different forms. It usually takes the form of a numeric code that is either texted to you or is displayed in a dedicated app. I would recommend using the dedicated app route. PC World has an article on what 2fa is and which apps you can use to hold 2fa tokens. How you enable this depends on the application. Generally, you can find it in the security section under settings. If a website or application provides the ability to turn on 2fa, you should do so. At the very least you should turn on 2fa on all your financial accounts, and most importantly on your password manager.
If you follow these two steps, your accounts will be safer than the vast majority of people on the internet. You’ll have strong unique passwords on all your accounts, and even if they leak, an attacker would have to get a hold of your smartphone to get your 2fa codes.
As you might imagine, this is an order of magnitude safer than using the same memorized password across all of your accounts. You can rest assured, knowing that your accounts and passwords are that much safer.