Can you hack my Instagram? When people find out I work in the cybersecurity space, this is the first question I am always asked. And it’s a valid question. We continually hear on the news about the next Fortune 500 company that has been hacked and how our personal data has been compromised, again.
If large companies cannot secure the data, how does an individual make sure their data is protected?
Even the United States Nuclear Agency was hacked, so how does a single person ensure that their identity and personal accounts are secure?
I cannot tell you that you can stop all attacks because that’s simply not true. However, here are three simple ways to protect yourself against a LARGE majority of all attacks that target our personal lives.
1. Multi-factor Authentication (MFA), Everywhere
MFA is a term that you might or might not have heard before, but you certainly know it. This is the much-loved feature that Apple implemented that texts you a code then allows you to automatically populate the text field with that code when you are asked for it.
The whole principle behind this is simple. In order to protect yourself, we want to try to make sure it is actually you accessing your account, and we do this in 3 ways: something you have (Phone), something you know (MFA Code), or something you are (Face ID). By using at least 2 of these things we are drastically improving the odds that you are who you say you are.
How do I turn this MFA thing on? Simple.
Most Apps or websites, such as banks, have the option to turn on MFA and offer a couple ways to do this. The preferred way would be through an MFA App, like the no-cost Google Authenticator. But, if you can’t use an app, then the code texting feature is the next best thing. Although it is not perfect and has been hacked before, this is still infinitely better than not having it.
2. Change your passwords to a PASS-PHRASE
I am not going to go too deep technically with this one, but here is a small rant about using your dog, the season, your high school crush, or any other thing related to you as your password. The easiest thing to hack in the world is a person. We are simple. Yes, you really are… You wear the same combination of clothes, eat the same meals, drive to work the same way, and yes, make your passwords all something that is related to you personally.
While this makes remembering them easy, it also makes breaking them easy. There is a misconception that hackers stay in their parent’s basements typing in each unique password until they hack it. That’s not true, there are literally password dictionaries that we can build and input all the info we know about a person to build a very nice, very big, and very customized dictionary to then run through a program that will eventually hack your account.
The key to this is length. When breaking (cracking) passwords, it is much harder and takes much longer to get into a password that is longer than 14 characters than something that is 8. Complexity really doesn’t matter anymore. It takes maybe an hour to go through the majority of your passwords and change them, just do it.
Bad Password Example: IL0veD0gs!
Good PassPHRASE Example: D0gs@ndB33rZf0r3ver
3. Get a Password Manager
Password managers, like Bitwarden and LastPass, are free services that have integrations into almost every device you own and will ‘remember’ your passwords for you.
If you remember what you just read above, length is everything when it comes to passwords, and long passwords can be hard to remember. A password manager can automatically insert your username and password into any site or app you have on all of your devices so that you don’t have to remember them anymore! How great is that?!
What’s the catch? The catch is that we are going to use MFA (Remember what we talked about in step 1) as your ‘Master’ password that unlocks the vault that is your password manager. Essentially, it’s the bank account of your passwords. Just like at the bank when you have to use your debit card (Something you have) and your Pin (Something you know), a password manager works the exact same way.
The big password managers have plugins for your browsers and your phones, which make it insanely easy to use.
How do I get started?
Download the app, make an account, take some time to upload some of your most used account credentials, and have a beer. As you come to new websites or something you haven’t logged into since you got your new assistant, it will ask if you want to add it to your vault. Boom, easy as that.
4. Stop Clicking on Links & Hit Unsubscribe
Do you ever get those emails that just feel ‘off’? Well that’s because they are – adversaries are trying to prey on the tired, stressed, distracted, and desperate. Those emails about a missed Amazon delivery, gift card opportunity, or ‘locked’ account are all preying on human weaknesses.
This one is simple, if something looks weird, the email has the phrase ‘Kindly respond’, strange phrasings, or just makes you think twice… delete it!
The other thing you can do to help yourself, hit Unsubscribe. Let’s be real – you were going to forget to use that 10% off Target anyways. Simplify your inbox and protect your sanity.
I hope these steps help you in protecting your accounts as data – we have a lot going on in our lives and the last thing we need is to add the stress of our accounts getting hacked.
Thanks for reading and go get started on these 4 things!
- Turn on MFA.
- Make your password 15 characters or longer.
- Get a password manager.
- Stop clicking. Start unsubscribing.
