Your existence is scattered across the internet. You likely have accounts at forums you haven’t been to in a decade, and social media services so bereft of users they resemble graveyards. And each and every one of those accounts is a potential avenue into your private life for a hacker. So you need to secure them.
These are some of the best ways to keep those accounts secure—and they’re all quick and simple to do, so you’ve got no excuses.
1) Close the accounts you’re not using
Here’s what happens to your old, unused accounts on the web: They get hacked. And sometimes they lead the way to the more valuable accounts that you really do care about, so it makes sense to keep the number of accounts you’re using down to a minimum. As an added bonus it means you’ve got fewer usernames and passwords to worry about.
2) Set up a password manager
Speaking of usernames and passwords, there are apps that can help out here. Not only do password managers like 1Password or LastPass manage all of your various login credentials for you, they can also generate ultra-secure passwords, saving you from having to remember lots of different ones or resorting to using the same one for everything.
3) Add two-factor verification
We’ve been banging the two-factor verification drum for a while now, and you can set it up on most online accounts, including ones for Apple, Google and Microsoft. It means even if someone gets ahold of your username and password, they won’t be able to log into your account on a new device without an extra code delivered over SMS or through an app. Which means they’ll need physical access to your devices.
4) Protect your password resets
How easy is it for someone to reset your passwords? If one of your email addresses gets compromised, your social networks could be next, but there are ways to stop this—like checking the Require personal information to reset my password tickbox in Settings on Twitter (under the Account tab), and ensuring your “secret questions” are strong ones.
5) Check your account activity
Many of your online accounts let you check up on recent activity—you can head to this page for Facebook and this page for Google, for example—and it’s worth doing this regularly to make sure nothing seems amiss. You can typically log out of all sessions but the current one, and revoke account authorizations for any devices you don’t recognize.
6) Delete third-party account connections
There’s nothing inherently wrong with letting other apps and services connect to your Facebook and Twitter, but you should keep these connections to a minimum and remove any you’re not using, to block off any potential avenues for hackers to use. You can easily manage your connected apps online for your Google, Twitter and Facebook accounts.
7) Keep your software updated
Many a vulnerability comes through outdated software, so you should always make sure your operating systems and browsers are right up to date to keep your computer secure and by extension the online accounts you access through them. Thankfully, most software packages now auto-update seamlessly enough, so it’s not difficult to stay up to date.
8) Trust no one
You’ll hear this mantra a lot if you watch X-Files, and it’s one you should repeat to yourself whenever you receive an email or social media message with dubious contents. Beware of following links without any context and be aware that phishing scams continue to get smarter and trickier to spot. Think before you click and read up on the latest threats.
9) Get extra help
Unless you install something really sketchy and terrible, antivirus programs and other bits of security software can’t do any harm and may well do a lot of good—like guarding against the phishing attacks we’ve just mentioned. There are plenty of good free and paid-for security packages out there for whatever devices you happen to be using.
10) Specify your trusted contacts
If someone should boot you out of your Facebook account, you can get your friends to let you back in, as long as you tell Facebook who you trust beforehand—go to Security in Settings to set this up. It’s simple but effective: Facebook sends your friends one-off codes you can use to regain access, codes which they’re told to only pass on to you.
11) Change your passwords regularly
If you’ve got a password manager set up (see above) then this might be taken care of for you but whatever your situation you should be changing your passwords on a regular basis, and we do mean all of them. You’ve then got much less to worry about should a big batch of them become available to hackers, because you’ll likely have changed yours.
12) Use a secret email address
If someone knows your email address, they’re halfway to knowing how to log into your accounts—and these days it’s not that difficult to find out someone’s email address. Setting up a private email address (that doesn’t really relate to your name) solely for logging into your social media accounts is another way of keeping them more secure.
13) Do you know where your phone is?
Our mobile phones are gateways to many an online account so you need to keep them well protected. That involves both setting up remote wipe capabilities for if your device gets lost (see the instructions for iOS and Android), and making sure your devices are completely and securely wiped should you be selling them or passing them on.
14) Stay informed
One of the easiest but most effective ways of keeping your accounts secure is just to keep up with the tech news—something we can help with. If you know about the latest threats and breaches, and how to deal with them, you won’t be caught out. Of course, keeping your active accounts down to a minimum (see the first point) is going to help here too.
15) Install a VPN
We’ve written before about staying safe on public Wi-Fi and if you spend a lot of time in coffee shops or at hotels then the investment in a solid VPN application is well worth it. As well as letting you spoof your location if you need to, it also adds an extra layer of security to the data you’re sending and receiving, making it harder for anyone else to listen in.
16) Add PIN code protection
A PIN code or password login on your phone or laptop is all that stands in the way of passing strangers and your online accounts, so make sure there’s one in place. Whether your devices offer password protection, or fingerprint ID sensing, or facial recognition, or iris scanning, make sure there’s something there that stops other people from logging in.
17) Keep your accounts to yourself
On a related note, it’s well worth setting up your own account on your computeror your browser or your tablet to keep other people away from your important accounts. We’re not saying your toddler or your housemate is actively trying to hack into your Facebook but from a security perspective it’s always best to limit access as much as possible.
18) Watch what you share online
Your accounts are only as secure as the weakest links protecting them—and those links often involve someone impersonating you. Make sure personal details that can be used to verify your identity, like your home address, your birthday, or even what soccer team you support (is that your “secret security question”?) aren’t all over your social media profiles.
Ways to protect your account with us.
Here are my top methods to maintain safe and secure online accounts.
1. Lock down your password
Good password security is one of the easiest methods to protect your account from hackers.
A strong password – 8 or more characters with upper-case characters, lower-case characters, numbers and symbols in a random order – is very hard for hackers to break.
Of course, you need to create a unique password for every account. That way, if a hacker gets one of your passwords in a data breach, they can’t immediately get into your other accounts.
While you’re making your passwords strong, don’t forget to beef up your security questions, too. A strong password is worthless if a hacker can answer your security question after a quick trip to Facebook.
2. Secure your connection
When logging into a sensitive account, the best place to do it is at home. I’m assuming here that you’ve followed my other security tips about securing your network and making sure your computer doesn’t have a data-stealing virus.
Of course, in an emergency you might need to connect to a sensitive account on the go. For banking, best to use your bank’s app and a cellular connection.
If you have to use Wi-Fi, add extra security with a Virtual Private Network. This creates a secure, encrypted link with a third-party server and you access your sites through that link.
It’s an extra level of protection that hackers shouldn’t be able to crack. On a laptop, CyberGhost is a good option. For a tablet or smartphone, check out Hotspot Shield VPN or avast! SecureLine VPN.
Know that VPNs do slow down your Internet speed. Turn them off for streaming videos or general browsing.
3. Set up account alerts
Many banks will automatically send you text alerts when purchases or withdrawals on your card exceed an amount that you specify. Check your credit cards and other accounts for similar options.
There’s also something called two-step verification, or two-factor authentication, offered by many online accounts. This is great. In order to log in from an unfamiliar device or location, you need a password and a code from a separate email account or smartphone text.
It takes just a few minutes and can save you a bunch of time and hassles.
While on the subject of two-factor authentication, some banks now feature an embedded chip that generates a new pass code for every use. Ask your financial institution if it offers cards with Chip Authentication Program (CAP) or Dynamic Passcode Authentication (DPA) technology. They don’t advertise this. You have to know to ask.
4. Avoid phishing scams
Even if a hacker doesn’t get your credit card information or account number, they usually get the next best thing: Your name and email address.
That’s exactly what they need to launch a phishing attack. A popular type of phishing attack is a fake email claiming to be from a real company that asks you to click on a link or download an attachment.
Thanks to data breaches, hackers know exactly what companies you use. You might get an email claiming to be from JPMorgan Chase telling you that your account has a problem and you need to click a link or download a file for more details.
Of course, the link will take you to a malicious site disguised as a Chase page, or the email attachment will contain a data-stealing virus. Either way, hackers can get your username and password, or other sensitive information.
Remember, no legitimate company will ask you to click a link or download an email attachment to update your account details.
5. Be vigilant
The best way to make sure your online banking account, or any other account, stays safe is to pay attention. Catching small problems early can prevent hackers from making bigger ones later. Here’s why.
In the cybercriminal world there’s a term, “fullz.” A fullz is all the information a thief needs to assume the identity of someone else and apply for credit under their name.
When hackers get your fullz, they often group it with fullz from other people and sell the whole package online.
After buying a fullz, a criminal will test the waters. They place a few small-scale purchases using your account details. If you don’t take any action, they continue making small purchases until they’ve earned the amount they paid for your “fullz” and then some.
Finally, the criminal will max out your card or drain your account without a second thought. How do you stop this? Watch your accounts. If you notice a strange transaction, immediately call your bank or credit card company. Better to err on the side of caution.