Those who work in IT and IT security have long known that that convenience and security are diametric opposites. The more convenient something is, the less secure. As cloud computing emerges and every service and product we use gain the capability to be hooked together, the traditional measures of security, a username and password, are becoming inadequate. The tragic saga of technology journalist Mat Honan and how his digital life was wiped out in under an hour is a cautionary tale that should prompt every Internet user to think about security differently
Security-minded people have advocated for more secure passwords, changing passwords frequently and never using the same password twice. As human beings, we find this to be a great challenge and hugely inconvenient. However, even abiding by these stringent standards is no longer enough when accounts are connected together and cracking a password isn’t necessarily needed to gain access. So, now what? Here are three things you should do to right now to protect yourself.
1 – Use a password keeper
There are many, many different options available out there to keep track of all your different passwords. Pick one and use it. This will assist in using more secure passwords, plus most of them will generate secure passwords for you. Using a password keeper will ensure that you are using unique, secure passwords for all your logins, enable you to change them often and still able to login and use all your critical services.
2 – Turn on two-step verification if it is offered
The concept of two-step verification is far from new, you use it everytime you go to the ATM. In order to get money from your account, you must have the card and your PIN. The point of two-step verification is to require “something you are” or “something you have” in addition to a password (or PIN). “Something you are” encompasses biometric items like fingerprints and retina patterns. “Something you have” would be a card, token (like for VPN), or something else of which you uniquely have physical possession..
Google, Dropbox and Facebook are some high profile services that offer this verification. In order to provide the second part of the verification they use either a mobile app or a text to your mobile phone to give you a unique code. In each case you would have to be in possession of the mobile phone in order to login. There are other measures in place in the case that your mobile phone is lost and those are covered in the setup for each service. Typically this verification is only required once for new devices, thus you won’t have to do it everytime you login, just when you login from a new mobile phone or computer.
In addition to Google and Dropbox, WordPress also offers two-step verification and some financial institutions are starting to implement image you have to identify as part of their website login process.
3 – Back up your data
Again, nothing new here, but according to a 2012 survey by Backblaze, only 10% of computer users perform daily backups of their photos, videos, music and other data. There are many different ways to do backups and lots of services out there that make it very easy to ensure that you don’t lose your treasured pictures, critical documents or precious music library to an act of Mother Nature or a Hacker.