Part 2: Accounts & Passwords

The Importance of Digital Security

Continuing this theme of digital security in the midst of a global pandemic, it’s a little longer than my last post, but I hope it’ll be just as helpful.

It would be easy to say “make a strong password!” then list some best-practice tips for creating a good password. But sometimes just a password isn’t enough, or your email inbox is cluttered with all kinds of junk mail. Let’s discuss online accounts, passwords, and ways to ensure everything stays organized and secure.

Nothing online is ever truly free. Period.

It seems that everything online requires a new account. Order shoes from that one website that you’ll never order from ever again? New account. Download the free movie from that bag of chips? Give us your email!

It will always cost you at the very least an email address, if not name, zip code, or even home address.

So how do we combat having millions of accounts while avoiding spam emails and not missing those important emails from your in laws with pictures of your niece? A good place to start is having at least three email addresses. This is something I do personally. It helps keep things separate and organized. Here is the model I use:

1) Personal
2) Junk mail
3) Work

You know that one website that has those shoes you wanted? Chances are they will auto-add you to some blast email marketing and spam your inbox. In that case, give them your junk email. This means you’ll still get the eReceipt and shipping info, but your main inbox won’t be spammed with unwanted marketing. It also means that you won’t miss those adorable pictures of your niece!

This is just one practical application of having multiple email addresses. But how does that play into keeping accounts and passwords organized of things that you actually do want to maintain? Simple: use the junk email address we talked about. Doing so will ensure you always know the email address you used to sign up and that you’ll be able to reset the password easily, since you likely made that account a year ago and definitely forgot the password.

Continuing with this triple-account model and those accounts you do want to maintain: how to you keep track of all the passwords?
Bitwarden

Two years ago I would not have recommended this is a solution, but it has proved to be a valuable and secure resource. My wife and I share a few accounts: email address, electric company, Internet, etc. We use Bitwarden to securely organize these accounts and passwords so that we both can access the necessary info as needed.

Maybe you’re of the opinion that trusting someone else with your passwords is not even an option. I recommend creating a password formula. It’s a way to have a unique password for each website you use and help you remember the password. A simple formula you can customize is use the same number and special character, then change the word or phrase depending on the website. For example: NameOfSite123!
I would not recommend this formula for more important accounts like email, banking, social media, or anything else that asks for personal info other than your name and birthday.

Data privacy and securing personal info has been constantly in motion. One of the best, free, and simplest ways to add extra security to any online account is two-factor authentication (2FA), also referred to as multi-factor authentication (MFA). MFA can be broken down into the following categories:

1) something you know (password)
2) something you have (one-time password via app or USB flash drive)
3) something you are (biometrics)

2FA is the requirement of a code or token to access an account, in addition to your password. The most common method is an SMS text message with a six-digit number that is sent to you every time you login to your account. Other popular methods are smartphone apps like Google Authenticator, Duo Mobile, and Authy. I have used all of these personally and can safely recommend. Each app and account has a slightly unique way of configuring 2FA. If you need help with a specific app, please contact us here.

With the onset of the COVID-19 pandemic, online security has been even more important. Please be even more cautious and skeptical of emails, social media campaigns, phone calls, text messages, or any other form of digital communication you receive regularly. Below are a few articles of things cyber attackers are doing to scam people. Take a few minutes to read them so that you can recognize the signs when you see them.

As always, please contact us here if you have questions about any of this, or if you have a topic you’d like me to write about. Until next time, wash your hands, social distance, and take care of each other.

-Luke

The Hacker News - 7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic
Google's Threat Analysis Group - Findings on COVID-19 and online security threats
Google Safety & Security Blog - Helping you avoid COVID-19 online security risks

Previous
Previous

Part 3: VPN

Next
Next

Part 1: Software