A non-techie guide.
Your passwords and login processes are not good. They’re not secure. Your accounts can be hacked.
And it really sucks when that happens. Everything from your banking, to your phone and email can be broken into causing a multi-day frantic triage to halt and repair damage. Any extra steps taken to avoid this from happening is worth it.
Common account hacks can originate from any one source. A data leak from a particular website, bots brut forcing entry, or more individual efforts when someone has hold of your information.
Particularly troublesome ones come from the hacker getting access to your phone’s online account, which is really easy to do by either hacking their way in or calling in pretending to be you. From there, they have a ‘level 2’ type of access to the rest of your accounts since they now have control of your phone number and SMS and thus access to text verification codes you might have set up as a security layer. They will quickly move onto changing your account emails to stop you from receiving notifications from suspicious activity. It all happens quickly.
Online banking is another disappointing arena for weak account security. My guess is since the can gets kicked downhill to the insurance companies to recoup any fraudulent costs, banking has little incentive to care about security. Banking also is known for using bad, old tech, and thus weak security. A hacker can call or even online chat with your bank posing as you with little information and essentially gain access, change your email, your phone, and after that, it’s all theirs. I found Wells Fargo to be particularly bad with this which prompted me to leave their service.
Preventative Measures
- set up a verbal passcode with your banking institution, phone service and any account where you can call in. This is required every time you call them. Ensure your verbal passcode is not remotely connected to any password or anything that is discoverable about you.
- Change your debit and credit cards to the new smart chip / contactless kind. You can request this from your banking institution and it won’t change your numbers.
- Require 2-factor authentication / Multi-factor authentication for any online login from Amazon to Google and everything in between. Keep in mind the relevance or popularity of a website is irrelevant to its security and likelihood of hacking.
- The best method is to use an authenticator app like Google Authenticator. This is an app on your phone, which is more secure than SMS verification (as noted above with the phone service account hacking).
- Use a VPN service when you are using your laptop or phone in public places like a coffee shop. We use Nord VPN.
- A VPN is a wifi security layer. Wifi is quite vulnerable, it’s easy to access someone else’s computer/phone via the wifi you share with them, so a VPN gives your wifi a different private address, so it’s not shared with your surrounding users.
- Don’t worry about understanding how it works, you don’t need to. Just purchase a plan and it will walk you through the standard app installation steps.
- Security services like these often offer a password manager tool as well.
- PCs are notorious for malware, spyware and hacking issues. I suggest sticking to Mac.
iPhone:
- Set up Face ID to unlock your phone.
- Ensure your passcode is not used elsewhere, like your ATM PIN.
- Have your phone lock after a few seconds.
- Ensure your Locate My iPhone is set up.
- Ensure your iCloud is set up so you can remotely gain access to your phone’s activity.
Passwords!
- A password should never be used twice.
- A password similar to another password “but slightly different” should also never be used.
- A password should look more like “^dklf99w=+esGFr%.c,md”….not “BeagleBoy21”
So how do you remember all these random passwords? With a password manager.
- Chrome and Safari offer password managers and auto-suggest secure passwords. They also alert you of known password leaks from sites you use. I find this the best and quickest route, and in fact the most secure especially if you have a finger touch login on your laptop and a solid admin password, it makes logging into sites a breeze.
- Mac has an app called KeyChain which will store all your passwords. It requires your main admin password to enter just like any leading password manager tool.
- Your VPN client probably offers a password manager.
- Apps like LastPass and BitWarden are password manager tools. I find these very annoying for personal use and no more secure than using your Chrome/Safari password manager. But these are good tools for sharing passwords across a team.
Packaged Solutions
- A leading software offering multiple protection measures is Norton. If you use a Mac, I don’t think this is needed, just use a VPN.
- Norton also offers LifeLock, which I do think is worth a trial run for a year just as an audit. It deeply scans all your accounts, alerts you of known breaches, and focuses on monitoring ID theft. I appreciate the peace of mind this tool brings.