At this time of renewal at the start of the year, it’s traditional to resolve to make improvements in our lives — infusing our health and habits with more virtue and less vice. We change our smoke detector batteries, eat more fish, and sign up for gym memberships. It’s also a good time of year to consider your digital “health.”
2014 was a bumper year for security breaches. Ebay, Home Depot, Chase, and Staples were all compromised in one way or another before the year credit monitoring services Target had to provide for millions of customers expired. Do you have an account at any of those places? If so, does that account share a password with other accounts you use?
At this, the start of 2015, let’s reflect on a few practices that might take a little exertion in the short run, but could save a lot of head- and heartache in the long run.
Consider Email Security
First, consider your email account. Your primary email is, at this point in time, your most precious resource. In fact, it’s probably more important than your bank password, since that’s the place password reset links from any source — from Tumblr to to your stockbroker — get sent. If your email shares a password with any other account anywhere, it’s time to change it, and change it to something good. (Google “How to choose a good password” for a zillion resources.)
If your email provider offers two-factor authentication, turn that on, too — commonly, that involves giving your email provider your cell number so that if your email is accessed from a previously unused computer or browser, you’ll need to input a code that they’ll text to you. I was reluctant to do this for a long time, but now that it’s done it causes me zero trouble, as I’ve already approved every device I use to access my personal email.
Checking up on Your Other Accounts
Next, think about all the *rest* of your accounts. Do they share usernames and passwords, too? Maybe you signed up for an account at $randomwebsite a couple of winters ago to buy a hilarious gag gift. You probably never returned after that. Did you use the same username and password you always do? (And if multi-million dollar chains can get compromised, do you really trust $randomwebsite’s security? It’s time for you to get serious about your health — your digital health. It’s time for you to start using a password manager, and using that manager to keep track of your many, many passwords. Once you get one (LastPass, KeePass, Keeper — there are many, and some are even free!), be determined to make use of it! (Maybe a good strategy would be to get one that costs money — then you’ll want to get your money’s worth out of it.)
Every time you log into a site with the “usual” password, that should be your hint to change that password. Over time, you’ll have fewer and fewer sites that use the same ol’ same ol’. There are sites I only use once a year or so — to download tax forms, for example — and for those I use the password generating feature of my password manager to generate a few dozen random characters — something like >AAX!s”nWEt”SrekNAQq~9s?vRH^2gBDy_)f$J+’?&b8tqSC@}Zb-9@*czV* — because I already know I’m going to have to copy it out of the password manager, so it might as well be a great password.
Don’t Forget About Your Devices
Finally, consider your own devices: Like politics, all security is local. Do you use your browser to remember all your passwords for you? I don’t like doing that, personally; anyone who sits down at my computer can now log in to places as me. If you do, and you can’t give up the habit, then get in the habit of locking your computer every time you get up from the keyboard (on Windows, that’s Command-L; the “windows” key plus the “L” key — on Macs it’s Ctrl-Shift-Eject).
Do you have your computer set to boot to your desktop? I wouldn’t, especially if you have all your passwords saved in your Web browser! Not even your home computer. That may seem paranoid, but houses do get broken into, and computers get stolen. The same goes for your smartphone: Put a code on the lock screen.
That’s probably enough for you to chew on — but if you want general computing security tips from the professionals, contact your friendly neighborhood IT person. No security regime is completely secure, but these measures will separate you from easier targets.
Here’s to a safe and secure 2015!