Smart Sourced IT
IT support for San Francisco Bay Area schools, nonprofits, and professional services firms

Blog | Smart Sourced IT

Perspective

 

How to Protect your Online Security - Pillar 2: Your Online Services

This article is part of a series on protecting your online identity. In our last post, we explored ways to secure your computer. In this post, we will explore protecting your online accounts.

PILLAR 2: Protect the online services you use

First: Limit the number of online services you use, and cancel any accounts on services you no longer use.

Let’s say you signed up for MySpace back when it was popular.  You stopped using the service when Facebook came along, but didn’t delete your MySpace account.  You used a password familiar to you back then and have maybe used that password -with minimal changes- on other sites.  If hackers compromise your MySpace account, they can guess what other services you use and try your MySpace password -and variations of it- on those other sites.

What you should do: make a list of all services you can remember ever using, and decide if you still have a need for them.  If not, try logging into them and go through their account cancellation process.  Here’s a list of the more popular online services and their cancellation processes. http://justdelete.me/

Another point regarding online services: there are numerous services that compete against one another with similar services.  You don’t need to sign up for competing services.  Each of them constitutes another vulnerability that hackers can compromise to get to your data.

Second: Use Two-Factor Authentication.  Two Factor Authentication, or “2FA”, is available in most online services that store your data, such as email providers, file sharing services, and backup services.  When configured, any login attempt to one of these accounts sends a text (SMS) message with a numeric passcode to your mobile phone; that passcode must be entered in order for access to be granted.

2FA is an excellent way to protect your services from external hackers, because they can’t gain access to your account without access to your mobile phone itself.  While there have been documented vulnerabilities, 2FA provides a simple path to enhanced security for low to no cost.

Third, Use Different Passwords For Financial, Email, and Commerce, and General Use Sites.  Frankly, this recommendation is a compromise, borne from our observation that people are lazy and will not create unique passwords for each site they visit.  So, we advise the creation of different tiers of passwords, each a minimum of 12 characters and none containing any personally identifiable components like birth year, initials, etc.  All passwords should contain upper and lower case letters, numbers, and special characters.

In our next post we will discuss how to secure the communication channel through which your data travels across the internet.

Raffi Patatian