Most of us have a home network with multiple electronic devices, along with hundreds of online accounts and credentials. These tips will help you strengthen your personal online security by helping you better secure your devices and credentials.
Stronger passwords are long and have high entropy (users lowercase, uppercase, numbers, and punctuation). Use tools like passed.pw and LastPass Password Generator to create stronger passwords. Use How Secure Is My Password and LastPass How Secure to test how difficult it would be for an attacker to guess (brute-force) your password. Visit XKCD’s correct horse battery staple for some cartoon humor to drive this point home.
Use a unique password for every website you visit. Using the same password to log in to multiple accounts, like your Target.com account and your Facebook.com account, increases your security risk. When one website gets hacked (say Target.com or HomeDepot.com), those leaked credentials will be traded among criminals. Bad actors will then write scripts to automatically try your compromised Target.com and HomeDepot.com credentials on all other websites; hoping that you didn’t use unique passwords. Creating a unique password for each account reduces this risk and keeps each account more secure. Visit Have I Been Pwned to see if any of your credentials have already been hacked and are being shared among criminals.
Keeping track of hundreds of unique passwords would be onerous. Instead, use a password manager. The LastPass Password Manager is an excellent option that works across multiple browsers and devices. Otherwise, most web browsers have a built-in password manager.
Multi-factor/Two-factor Authentication (MFA/2FA)
Multi-factor authentication (MFA) and Two-factor Authentication (2FA) are essential the same thing. In addition to entering a username and password, you’ll also be prompted to enter a one-time code that changes every minute. There are many forms of MFA. Hardware tokens and software tokens are the best; but phone calls, texting, and emails are better than nothing. Visit twofactorauth.org for a list of which websites support MFA/2FA and their options. The most important would be to add MFA to your password manager, email accounts, banking accounts, and social media accounts.
Patch Operating Systems, Applications, and Firmware
Protect yourself from known security vulnerabilities by promptly patching the operating system, applications, browsers, and plugins. Security vulnerabilities are discovered every week. When you receive notifications to update your software, do so as soon as possible. Configure your operating system to automatically download and install updates, and do the same for your mobile devices. Lastly, logon to your home network router once a quarter to see if it has a firmware update.
Automatically lock your devices
Your mobile devices are a treasure trove of your digital life. Both Apple iOS (Use a passcode with your iPhone, iPad, or iPod touch) and Google Android (Set screen lock on an Android device) devices can be configured to automatically lock.
Remotely Track and Wipe your devices
If your mobile devices is ever lost or stolen, you can visit Apple or Google to remotely lock and/or wipe your data if your device still has a network connection and battery. Visit these instructions for Apple iOS (If your iPhone, iPad, or iPod touch is lost or stolen) and Google Android (Find, lock, or erase a lost Android device). If you also use your mobile device for work purposes, your employer’s IT team may also be able to remotely wipe your device (because company information like email is also on your personal device).
Encryption at Rest and in Transit
In addition to securing your accounts, it’s also important to encrypt your devices and your network connections. For Windows, use Bitlocker to encrypt data on your hard drive. For Apple iOS (This is how we protect your privacy) and Google Android (Full-Disk Encryption), most devices enable encryption by default. For encryption in transit, make sure you are using https for all of your connections to websites. The HTTPS Everywhere browser plugin will help ensure you are encrypting your traffic.
Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names (e.g. youtube.com). Web browsers interact through Internet Protocol (IP) addresses (e.g. 127.0.0.1). DNS translates domain names to IP addresses so browsers can load Internet resources. One easy way to protect all of your home devices from visiting bad websites, is to configure them all to use a DNS provider that filters out bad websites for security, privacy, or even advertising reasons. The best option is to configure your router to use one of these DNS services, which will pass the settings to all devices on your home network.
- cloudflare.com at 18.104.22.168 (security focused)
- quad9.net at 22.214.171.124 (security and privacy focused)
- opendns.com at 126.96.36.199 (security and adult content focused)
- nextnds.io at 188.8.131.52 (security, privacy, adult content, and advertising focused)
Be Skeptical (phishing and social engineering)
Lastly, be skeptical. Avoid clicking on suspicious links, double-check the URL to make sure you are entering data into a legitimate website, and avoid revealing personal information. Even if the message comes from a site you trust, it’s better to avoid clicking on a email link and to instead go directly to their website on your own accord. Legitimate websites will not request that you send passwords or financial information over email.