Security New Year’s Resolutions (Infographic)
For many of us, the New Year means setting resolutions. Some of us hope to shed a few pounds, make a bit more money, or spend more time with our loved ones. Well, I have an important one to add to your list: security. Our world is dominated by our constant connection to each other through devices and the web. This can make day-to-day life much simpler, but it also significantly increases the risk of your personal information being stolen. Below are four easy, security-related New Year’s resolutions everyone should set (and stick to) in the new year.
1. Use (and update) complex passwords
The passwords you use should be obscure, almost unexplainable phrases. You may want to think of personally-significant patterns or numbers you can commit to memory, but that are also nearly impossible for an automated system to make sense of. It’s easy to use your kids’ names or your street address to create a password but those basic passwords are also easy for hackers to figure out with a quick internet search. More complex passwords don’t have to be impossible to remember. They should be significant to you, but to others, they will look like a mess of numbers, symbols, and letters. I recommend a minimum of 12-15 characters. For example, the password @1ldEdt$R&s# could translate to the following phrase: “All day every day the sunrises and sets.”
But in our world, having complex passwords isn’t enough. There are many ways even a complex password can become compromised. For example, maybe you shared it with a friend or family member or someone saw you entering it. Even if you have created very complex passwords, regularly updating them is a good practice to maintain online security. When you do update passwords, ensure you are using a password unrelated to your previous one. And, if you update a password on one site, you should update it on all other sites as well.
2. Safely keep track of your passwords
Resolution #1 leads nicely into resolution #2: use a safe password management service to keep track of your online passwords. If you’re updating your complex passwords regularly, it is tempting to write them down or keep them stored in your phone. Saving your secure passwords this way negates all the hard work you put into creating them in the first place!
I recommend using an online password-storing software. There are many options out there, so do some research of your own, but my Security Team at Bankers Trust uses Last Pass. This website can track all your online passwords and even help you generate new ones. Last Pass also understands how important your security is, so the company ensures your password database is encrypted by your device (meaning, Last Pass can’t even view your passwords) so that no one can hack in and steal all of that information. And, the best part, it’s free!
3. Enable two-factor authentication
Most devices or websites now allow users to enable two-factor authentication. Even if you have created the secure passwords I am recommending, using two-factor authentication is the next step to ensuring your personal information stays protected.
Two-factor authentication usually uses two of the following forms of authentication: information you know (like a password or answer to a question), something you have (like a cell phone), and who you are (like a fingerprint). It is then called “two-factor” because you use two of these options to log in to your account. While two-factor authentication might sound like an intimidating and “techy” term, you have probably already used it in your daily life. If you have ever tried to log into a website with a password and then been prompted to enter a PIN or code that was texted to your phone or emailed to you, that was two-factor authentication. Many hackers cannot fight their way through this two-factor wall of authentication because they either need to be you or have your device to correctly go through the process.
4. Discover if you have been involved in a data breach
Unfortunately, data breaches are becoming more and more common. When someone is involved in a data breach, usernames, passwords, and any connected personal information can be stolen and distributed throughout the internet. Ever worry that involves you?
A great way to identify if your email address has been involved in a data breach is to go to Have I Been Pwned? and enter your email into their database. The site tells you other sites that have accessed your information and when. This is also a great reminder on the importance of regularly updating your passwords. If you have been hacked, your email and password combinations are probably floating around in some hacker database somewhere, waiting to be used. It is important you identify if your email has been compromised so you can take steps to secure it for the future.
Make this a year of protecting your personal information. Set, and follow, these four, simple New Year’s resolutions and you will have a safer and more secure year.
Three next steps