The 12 days of Cyber-Mas Secure (Part 1)

Photo Source: www.bluecoat.com. Some rights reserved.

Enjoy the Christmas break but it should not be all about food and parties! Do a review of all your online accounts and tighten your digital security. This is the best time of the year, when the kids are on long vacation and you are also off from work.  You may be on holiday break but hackers are not.

2016 has seen a spike in hacking, phishing, identity theft, malware attacks, DDOS attacks, and so much more. Make this long vacation the time to go through all your social media and online accounts to strengthen them. You may not have the time after this long break to do it. Leaving those accounts without robust security can open you to digital risks you may not want to deal with.

Inspired by the Twelve Days of Christmas, I made up a list of actions you can do as part of your security sweep during the holidays.

Here are my 12 Days of Cyber-Mas Secure (More Secure) for you.

Day 1: Update all apps and operating systems (OS)

If you are on automated update mode on all your devices, good for you! But some, like me, are on manual update mode because I prefer to select which apps to update first. What’s more important is that you update your apps and OS now!

App and OS updates are not simply for bringing in new features but are also done to plug security loopholes and bugs. Having the latest update usually ensures you are protected for all such bugs and security holes found.

Day 2: Change password and security questions

When was the last time you changed password? A good practice is to change passwords several times a year but if you have not done so in over a year, you need to do it NOW.

Yahoo users, you are especially vulnerable ever since Yahoo disclosed that it was hacked AGAIN (they disclosed their 2014 hack just last September and now, they are saying that they were again hacked in August 2013). The second data breach has compromised over 1 billion of its users — more than double the number of users compromised from the first data breach. It was not just usernames and passwords that were obtained; it is believed that even the security questions were compromised.

  1. Here are some tips to remember when changing passwords and security questions:
    Make a password random and strong. Strong passwords are more than 16 digits long (I have passwords that are much longer than that) and use a combination of upper- and lowercase letters, digits, and symbols.
  2. Do NOT recycle passwords. Have a separate password for each account. That way, if the password is exposed, it does not give the hacker free access to your other accounts.
  3. Many apps, for convenience, now give you the option to log into their app using your Twitter, Facebook, Google+ login credentials. It is indeed convenient not to have to remember another password but note that you are actually allowing your login credentials to be passed on to these apps whose security policy may not be as tight as Twitter’s, Facebook’s or Google +’s. It may be better to disconnect that feature and create a separate login password for each app.

Day 3: Use a password manager

How do I even remember all these passwords if they are long and random?

Get a password manager.

What is a password manager? It is an app that stores, generates and manages passwords and your confidential information such as details of bank accounts, credit cards, personal identities, and even important notes. Different password managers would have different features but some nifty ones include:

  • Generating strong passwords with options to define length and combination of letters, numbers and symbols
  • Logging you into an app with its Automatic Fill and Login feature
  • Detecting and warning you of passwords that have not been changed for some time or weak passwords
  • Syncing among different devices and your desktop
  • Offline mode (so you need not be on the internet to access your passwords)
  • You need to remember only ONE master password to get into the password manager

I never thought a password manager would come in handy but I saw myself recycling passwords. It was also a pain to remember so many passwords.

But what if the password manager itself is hacked? That is indeed a possibility. Sites that hold passwords would be natural magnets for hackers. LastPass, for example, was hacked but they immediately detected the intrusion and addressed it. Users were also asked to change their master passwords as precaution. Password manager developers put a very high priority on security and encryption.

There are free and paid password managers. Start with a free one to get a feel of what it can do. Eventually, you can decide whether you would want to pay for more advanced features.

Day 4: Activate two-Factor Authentication (2FA)

2FA is a second level of security to validate logins. Aside from your password, it will ask for a second code which is either sent to your registered mobile phone, generated from Google Authenticator (Google app linked to your apps that continually generates random login codes), or a backup code previously generated.

2FA is called different names by different apps so you may not always find it. Facebook calls it “login approvals”; Twitter calls it “login verification”; Google and some others refer to it as “2-step verification”.

This article helps you set 2FA on different social media accounts.

 

Read Part 2 of The 12 Days of Cyber-Mas Secure here.

 

This post is supported by a writing grant from the Philippine Center for Investigative Journalism (PCIJ)