In light of recent events, security has been a serious priority for all of us. Although there is no 100 per cent foolproof plan, there are ways to greatly improve your online security and plan for the worst. Here are our recommendations.
The Bad News: Nobody's Safe
During the summer of my senior year in high school, I worked at a grocery store as a bag boy and saved up for a laptop. At the end of the summer I was finally able to buy one. Nowadays laptops are commonplace, but this was back when they were pretty rare. I loved it, and I put my life into that computer. A year later I set it up to print in the computer lab and ran into the other room for 30 seconds. When I returned, the laptop was gone. I was amongst people I trusted and gone for under a minute but, still, it didn't matter: the laptop was gone. I thought I'd somehow get it back, but it didn't take long to realise that wasn't going to happen. But, ultimately, it wasn't the laptop I wanted back. I quickly realised all my personal information — all my secrets — were in the hands of someone I'll never find. Someone gained the potential to know the darkest parts of my life and I'll never know who they are. This experience taught me two things:
- No matter how safe you think you might be, something bad can always happen.
- The only way to ensure your private information always remains private and in your control is if it never leaves your own head.
The internet and reality aren't much different, in that sense. There is plenty of, if not more, risk in the real world than there is on the web, but we're just more accustomed to dealing with it. The online world is still very young and so we're learning to protect ourselves as we go along. Nonetheless, like with anything, there is no surefire protection. The web is imperfect. We are imperfect. Ultimately, no site is un-hackable. A person or group with enough knowledge and determination can bring nearly any site down. That said, we can certainly try our best to protect ourselves and be prepared for worst-case scenarios.
Create Strong, Resilient Passwords
There are several ways to keep remarkably strong passwords, but every strategy has a point of weakness and a level of inconvenience that you're going to have to accept. We're going to go over a method that we feel is all-around the best way to go, but include a few variations along the way so you can decide what suits you best.
Create Strong, Secure Passwords that Even You Don't Know
When it comes to our own, individual online security we put a lot of trust in our password managers. Password managers keep track of your passwords on multiple sites so you never need to remember your password when it's time to log in. This way you can memorise your one master password and never have to worry about remembering any of the others. This is enormously convenient, but what's more important is the added security benefits. A good password manager can help generate incomprehensible passwords, store them in its database, and decode them locally, only on your machine, when it needs to enter them into the website. You can use a password manager to generate a unique, complex password for every site you visit. Each site will have a different password, you'll have no idea what any of them are, and all you'll have to do is remember the one master password you set for it.
While there are a number of good password managers out there, like KeePass and 1Password, our favourite is LastPass. LastPass offers incredibly wide support for several operating systems, web browsers, and mobile phones. It's also completely free, remarkably secure, and comes with many features to help you stay as protected as possible. Since you're likely not without a few passwords at this point in your life online, LastPass can help you audit and update your passwords to make them more secure.
But what about creating a secure master password?
While all the passwords LastPass (or your other password manager) will generate will be about as strong as they can be, you want to have a strong master password as well. While your password manager can generate one for you, often times it's going to be too hard to remember and too inconvenient to type (especially on a mobile phone). If you don't mind the extra work for the extra security, your best bet is to have the most secure password you can have. If you want something you're sure you won't forget, Mozilla offers an easy way to create a strong password you'll be able to remember:
If you're not in the mood for a cute strong password public service announcement, the concept goes something like this:
- Pick a phrase you can remember with a number in it, like "A bird in the hand is worth two in the bush."
- Change that number (in this case, "two") to its numerical equivalent: a bird in the hand is worth two in the bush
- Condense the phrase by only using the first letter of each word: Abithiw2itb
- Add some special characters you can remember: #Abithiw2itb!
Doing this gives you all the characteristics of a good, strong password: lowercase and capital letters, at least one number, special characters, and a combination of those things that basically makes no sense when you look at it and turns out to be longer than eight total characters.
While we recommend generating complex passwords with your password manager, you can use this same technique to create unique passwords for individual sites. You can take the password and add a suffix specific to each web site. Sticking with out example, let's say you wanted to use this password for Lifehacker. Just add :[email protected], :Lh, or whatever you'll be able to remember to the end of the password: #Abithiw2itb!:Lh. This way you can type your complex password as you normally would and just append your abbreviation for the site you're logging into. This method is a little easier, but it's not impossible for someone to figure out. Ideally you'll want to let your password manager handle your password generation for you, but if that's just not for you then this method is a reasonable alternative.
If at any point you're not sure about your password's security, head on over to How Secure Is My Password? to get an approximation of how long it would take to crack using an average desktop computer. Our example (#Abithiw2itb!) would take about seven billion years, which seems pretty good. If you're satisfied with the password you've derived, you've got your new master password. If you're not, keep trying and checking.
Keep Your Other Information Protected
Your passwords are not the only kind of important information you don't want floating around the internet, and chances are you have a few gadgets you wouldn't want to fall into the wrong hands. Fortunately there are quite a few ways you can
Protecting Your Credit Cards
If you shop online, your credit card number has been entered into at least one website. While this is unavoidable, and just about as safe as using your credit card out in the real world, the fact still remains that your number could be intercepted and used to make unauthorised purchases. One easy way around that problem is using temporary credit card numbers. While not every bank offers this service, if yours does you might want to take advantage of it. If you're making a purchase online — especially at a site you don't trust — you just generate a unique credit card number that will expire after its first use. This is also extremely helpful if you sign up for a trial and want to prevent automatic re-billing.
Keeping Your Mobile Technology Secure
There really isn't any assurance your technology won't get stolen someday. As previously mentioned, it happened to me in less than a minute. Fortunately there are a number of tools to keep your laptops and mobile phones secure from tampering, or at least initiate a remote data wipe in the event of a breach.
One of our favourite tools is Prey, which is a free tool (for up to three devices) that can help you track and (potentially) recover your stolen laptop or Android smartphone. If you're looking for a solution for your iOS device, Apple now offers find my iPhone for free. If you're not using an iPhone 4, it is still possible to enable the free Find My iPhone, but it'll take a little bit of extra work. Once you get it up and running, you'll be able to remotely locate your iPhone, send it a message, and wipe your personal data. To get started, you can download Find My iPhone in the iTunes App Store. Despite the name, it'll work with any iOS device (but GPS and 3G service certainly help).
That just about wraps it up for our guide to online security. With so many options out there, it's hard to cover the entire spectrum. If you feel we've missed something or have some good tips, please share them in the comments. Thanks for reading, and stay safe!