2 Little Things You Can Do To Protect Your Online Identity
A cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files.
Equifax reports that they became aware of a hack on the 29th of July this year. revealing it to the world last Thursday, though not before three of their executives sold about 1.8 million dollars of Equifax shares.
Being executives, I suppose they predicted the coming storm and got out before their shares took a rather steep dive; really classy.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
That's some really serious stuff.
Are you affected?
It's worth doing this whether or not you are, though, as 143 million people means that about 44% of Americans are affected by this breach.
That's almost half of the American population; it's truly a hack of massive reach and scale.
For what it's worth, they are being sued for about 70 billion dollars in damages.
A small recompense for the true damage of the breach, though the chances of them paying anywhere near that much are quite slim; some people speculate that they'll only see about 100 million dollars – a bit of a drop in their tea cup.
Just another breach
If this information didn't touch a nerve or raise an eyebrow, don't be surprised.
Data breaches are so frequent that we're becoming desensitised to them, just as we are to many serious issues.
Does terrorism hit the same nerve it did when you heard about it for the first time? Probably not, but that doesn't mean it sucks any less than it does.
Je sui une victime?
But that won't happen to me
Spend a minute to check if one of your e-mail addresses has been hacked over at Have I Been Pwned? – you'd be surprised with what has already happened to you.
As the Equifax hack has shown us, a breach of your online information can mean a compromise of your real-life identity, with real-life consequences to boot.
As cute as cats are, a serious topic is at-hand. Your data, online, and real life are at stake.
Led into insecurity
Ever seen one of these?
We've been assaulted by recommendations for good password security.
Not so much, sadly. Years of conditioning has led to us inadvertently making use of bad security practices, and they've told you to do it all along:
Add more of those damned special character hieroglyphic wotsits to your password and you'll be good.
Don't forget to put that number somewhere in there, probably at the end (4t th3 3nd).
Make it long – but not too long – kind of like this long but shorter; okay?
Never use this password anywhere else, even though you've now been forced to memorise a new breed of mathematics.
It's a load of hog's wash
This cartoon demonstrates the problem quite effectively.
You've been there, and I've been there. It's exhausting and frustrating and I honestly couldn't give a damn; all I want is to access my stuff and get on with life.
2 little things you can do
Use a password manager
One of the simplest ways you can protect yourself is to use strong passwords.
The problem with strong passwords is – ironically – that they are strong, which makes them hard to remember, and even harder to keep track of.
Which one did you use for this website again? Ugh, let's just try them all then.
What password managers do
Password managers take care of this problem for you.
They securely store your login details so that you can access them when you need them. You don't need to remember your logins anymore – that's its entire function!
You remember one password and that's it, though you better make it strong.
This one password is called your master password, and it's called your master password for a reason; such a big, scary term.
Your master password is used to securely encrypt your other passwords. If someone finds this, they get your other passwords.
One password? That's even worse!
Not so; your passwords are fully under your control. A hacker cannot access them even if they have your encrypted passwords, since they do not know your master password.
A hacker can access your online life if it has that one password you use everywhere (you know which one I'm talking about), though.
You only need to remember one password; the rest doesn't matter anymore.
Who cares if you need some weird password for a website? Generate it with the password manager and that's that.
Since the password manager remembers it for you, you don't really need to think about it at all.
Freedom of the mind! Freedom from password oppression, and a little less on your shoulders.
Picking a good master password
Simply said, length beats complexity. A long password is hard to guess because it's long!
Pick your favorite line from your favorite song and use that. It's almost guaranteed to be stronger than any password you've ever had.
Which one should I use?
There are a lot of password managers out there, and they all look the same.
What's that thingy? Why do I want it to do that?
Use 1Password – I do, and I work in the security industry. It's actively and well-recommended for good reason.
Open an account and start storing your passwords – that's all there is to it, and I'm not lying.
Go on and give it a shot.
Use two-factor authentication (2FA)
Two-factor authentication means that you need to provide a second piece information to log into a service.
Any self-respecting service allows you to set up two-factor authentication to better secure your account.
To name a few, Facebook, Google, LinkedIn, Twitter, Instagram, and Snapchat all provide two-factor authentication.
Why does it matter?
Your password alone is your single-line of defense against hackers. If a hacker has your password, no matter how strong or unique it is, they win.
Two-factor authentication requires a second piece of information – your token – to log in, which changes frequently and can only be accessed by you.
This means that a hacker that has your password still won't be able to log in because they don't have your token. Huzzah!
What's a token?
Tokens are a few randomised numbers that change over time, which you provide when logging in.
You can get them in a number of ways each time you log in;
- A phone call
- An SMS
- Using a mobile application
How do I get it?
The most-common and best method is to use a mobile application.
Your phone number can potentially be stolen in various ways, which means that a hacker will be able to receive the phone calls and SMSes you receive for two-factor authentication.
They won't, however, be able to steal your phone from Russia or someplace hackers usually reside.
Even then, two-factor authentication applications usually have additional security built-in so that your tokens are still safe if your phone is stolen.
Which one should I use?
As with password managers, there are a lot of options to choose from.
My recommendation is Authy. It's simple, does the job it needs to, and doesn't get in the way. That's all you could want, really.
You download the app to your phone, go through a brief set-up, and visit your favorite websites to get them set up.
That's it, no arcane wizardry or technical know-how involved.
Toward greater security
These two methods of protecting yourself will effectively eliminate 99% of threats you will face.
Let's take a look at why;
- Your passwords will be strong, and you won't need to remember them
- Hackers can't access your account even if they have your password
This is a very powerful combination indeed.