Enable two-step authentication
If there is one thing we learned from hack after hack after hack after hack after hack in 2014, it’s that our passwords are not safe. Ever. The best thing you can do is to safeguard your account as much as possible in case your credentials are leaked to nefarious parties. The best way for at least a little digital peace of mind is to enable two-factor authentication, which makes it extra hard for people to break into your accounts. In fact, stop what you’re doing and do it right now!
Starting using end-to-end encryption
While we’re on the subject of fending off prying eyes, why not beef up your text messaging too! In 2015, it’s much, much easier to adopt end-to-end encryption since many chat services, like Wire and WhatsApp, have added the super-secure function. Now you don’t have to shove your friends into a silo-ed off application, and the messages that you want private actually stay private.
Be better (or just smarter) about passwords
Passwords are tricky business. One day people say long, complicated passwords are the way to go, but other studies show that the opposite can be true, especially for low-risk websites and services. But passwords are the last line of defense from some nefarious hacker or weird college roommate from breaking in and stealing your banking information or posting embarrassing pictures on your Instagram account. Password managers like 1Password or LastPass can help bring order to the chaos, but at the very least, treat passwords like underwear—change them frequently, please.
This week, Gizmodo gave us 9 Facts About Computer Security That Experts Wish You Knew. Again passwords were at the top of the list:
1. Having a strong password actually can prevent most attacks
Yahoo’s Chief Information Security Officer Alex Stamos has spent most of his career finding security vulnerabilities and figuring out how attackers might try to exploit software flaws. He’s seen everything from the most devious hacks to the simplest social engineering scams. And in all that time, he’s found that there are two simple solutions for the vast majority of users: strong passwords and two-factor authentication.
Stamos says that the biggest problem is that the media focuses on stories about the deepest and most complicated hacks, leaving users feeling like there’s nothing they can do to defend themselves. But that’s just not true. He told me via email:
I’ve noticed a lot of nihilism in the media, security industry and general public since the Snowden docs came out. This generally expresses itself as people throwing up their hands and saying “there is nothing we can do to be safe”. While it’s true that there is little most people can do when facing a top-tier intelligence apparatus with the ability to rewrite hard drive firmware, this should not dissuade users from doing what they can to protect themselves from more likely threats and security professionals from building usable protections for realistic adversaries.
Users can protect themselves against the most likely and pernicious threat actors by taking two simple steps:
1) Installing a password manager and using it to create unique passwords for every service they use.
2) Activating second-factor authentication options (usually via text messages) on their email and social networking accounts.
The latter is especially important since attackers love to take over the email and social accounts of millions of people and then automatically use them to pivot to other accounts or to gather data on which accounts belong to high-value targets.
So I would really like the media to stop spreading the idea that just because incredible feats are possible on the high-end of the threat spectrum, doesn’t mean it isn’t possible to keep yourself safe in the vast majority of scenarios.
Adam J. O’Donnell, a Principal Engineer with Cisco’s Advanced Malware Protection group, amplified Stamos’ basic advice:
Oh, and my advice for the average person: Make good backups and test them. Use a password vault and a different password on every website.
Yep, having a good password is easy — and it’s still the best thing you can do.