In this article you will learn, what you can do to easily secure your online accounts, without the need to understand too much or remember anything.
(target audience: you just want to know some easy to do things to have secure online accounts)
Let's assume that you have a Google-account on an Android smartphone (which has the highest market share). Replace Google-account with Apple-account if you are using an Apple device, or Microsoft account if you are just using Windows.
Step 1: Don't create passwords
Use the option to sign in with your Google/Apple/Microsoft-account whenever possible instead of creating a new account for the service.
Why is this better than using passwords
Step 2: Don't remember passwords
Make your life easier and more secure: Let Google/Apple/Microsoft handle your passwords in the standard browser (e.g. Chrome). It even synchronizes the passwords across different devices, if you are using Google's Chrome browser also on your Windows PC (use Edge on all devices if you prefer Microsoft over Google). Nothing for you to remember or do.
Why you should use a password manager
Step 3: Set up a device password
To make your life easy and secure, set up a short device password (e.g. Windows Hello or the smartphone PIN) and login via fingerprint or face recognition (activate lock screen).
Then write a random sequence of letters, numbers and symbols on a paper, use it as the main password for your Google/Apple/Microsoft account and store the paper in a secure place. You will only need it as a backup, so make it long. Why not 20 characters? You will use it maybe once a year or even less (read my other article on how to create good passwords).
Why you should use a device password
Step 4: Prevent criminals to access your account with your password
Activate the additional security feature called Two Factor Authentication (2FA) or Multifactor Authentication (MFA). This means, that it is not enough to enter the password but additionally you need to enter a code or approve the login in an app. You know this principle already from your bank card where you need to enter a PIN. Having only the card or only the PIN is of no use for the criminals.
Why 2FA is crucial
Step 5: Install trusted apps only
Often you will install software yourself, which will result in you loosing money. Ensure, that you trust the software, apps and browser extensions you plan to install and that it is really from the supplier. If in doubt, don't install. It is a good idea to only install apps from the Playstore/Appstore, but even there malware can be found.
Why install only trusted apps
Step 6: Install updates
Activate auto-updates and ensure your operating system is also updated.
Why install updates
Step 7: Select a secure service provider
Ensure you use only the services of a trusted company which takes security seriously. There is only so much you can do, to secure your data, if the service provider doesn't care.
Before buying a new device, make a short search if the company has a history of providing regular updates or reacting appropriately to security incidents. Incidents can happen and will happen to the best provider, but it is the conscious decision of the company how to react if your data is in danger. Will they tell you and try to secure it or will they try to cover up and no-one notices?
Why select a secure company is crucial
Step 8: Most important: be aware of scammers
How hard is it for you, to write a false name in the sender field on a postcard? For criminals it is that easy to write messages, which seem to come from someone else. Same for phone calls. They do it, because they want your money. All your money, if they can. The money of your friends, if they can trick them as well. And they are often clever.
They pretend to be the police, your bank, your favorite online-shop, your grandchild, a security advisor, a potential lover or a trusted company.
The call you and ask to be called back. They send you emails or SMS to click on something for a parcel, a refund, a virus message, a police-related matter, a tax-related matter. They create fake websites and hope you don't notice the difference between apple and appIe or googel and google. They let messages pop up in your browser warning you of viruses and want to help you or telling you, that you won something. They pretend to be in love with you and in danger and need your help. Sometimes it looks as if it is a message from a friend, who got hacked, hoping for your curiosity, that you click on a message that reads: "Oh my god, is this you in this video?". Or they call you, pretend to be your bank and ask you to tell them your 2FA-code (which they then use to empty your bank account). Or convince you to transfer them your money.
If something seems urgent or is related to your account safety, assume it is a scam. Never click on links in these emails, not even out of curiosity. Don't open attachments of emails you didn't expect. If someone needs access to your computer, it is a scam. Ignore them. If they don't want you to call the police or call someone you know, it is a scam. No legitimate business asks you for payment via gift cards, cryptocurrencies or by sending them cash per postal service. Criminals do, because those transactions are not trackable. Legitimate companies and state agencies always either accept bank transfer or credit card payments or PayPal.
Check your accounts the usual way, if an email made you suspicious, not via the links or telephone numbers given you by someone else. Be aware, that criminals pretend to be someone else to get your money.
If they succeed and you realize it, immediately call the police and your bank to see if you can limit the danger. Also change all passwords the criminals might have had access to. Be aware, that you were not the first victim, and will not be the last one. It also happens to scam-awareness professionals if the criminals catch them in the right situation, so nothing to be ashamed of.
Let’s take a more detailed look at some measures
What is a password manager?
A password manager is a tool, which creates a unique and secure password for every service. This is essential: humans are really bad at creating passwords, and even if you created a good one (how to create one) it is essential to not use the same password for different services. Good password managers directly paste the password during the login process after ensuring that you are at the correct website and easily work across different devices. Some even check in a secure way, if one of your passwords is publicly known to criminals and alert you.
What is 2-Factor-Authentication (short 2FA) or Multi-Factor-Authentication (MFA)?
This is a security concept related to how you can prove to a service that you are really you. You know this from your bank card which is secured by a PIN. Having only the bank card or only the PIN is of no use. You need both to perform an action.
The theory behind this security concept is that it is harder for a criminal to obtain two different things than just one. There are 3 ways (called factors) how you could prove your identity:
Something you know (e.g. a password, a PIN)
Something you have (e.g. your smartphone, your bank card, your smartphone-SIM-card which allows you to receive SMS)
Something you are (e.g. your fingerprint, your face)
2FA means you need to provide two different factors before gaining access to an account.
Final thoughts
Implementing those measures will increase your security quite a lot if you previously didn't care about security and don't want to invest more time. I tried to give you some relevant and easy to implement and understand measures, which also a 70 year old can implement.
Obviously, there are many more measures you can implement to secure your identity and online accounts and the above measures surely are not nearly sufficient if you are running a business and need to secure it.
Commentaires