It’s a new year, and with a new year comes those things called “resolutions.” You know, the promises you make to yourself that you eventually don’t do, or just for get about entirely. But some are slightly easier to do than others. And while I don’t want you to resolve to be more secure online in 2012, I do want you to be more secure online in 2012.
One of the easiest ways to be more secure online is to use multi-factor authentication wherever possible. If you have a Gmail account, you can turn this on with very little effort. Some banks are also utilizing this form of security for online account logins.
What is two factor authentication? Basically it means you have to authenticate yourself twice before being logged into a site. This is usually done with your password being the first form of authentication and a secondary ever-changing code that is sent to you. The most basic way this is handled is you get a text message with the secondary code.
This means that someone would have to have your password and your phone (or your secondary authentication method) to get access to the account in question. There are other forms of multi-factor authentication, such as the Yubikey, but it’s use is far more limited. Google does text messages or the Google Authenticator smartphone application for processing two factor authentications. Some sites, like LastPass, support Google’s multi-factor authentication.
If you do nothing else suggested in this post, please turn on multi-factor authentication for your email account(s). Doing this will make it more difficult for people that do manage to phish your password to log into your email account.
Phishing is at an all time high these days. More people have more websites that hold more of their personal data than ever before. Facebook alone is a treasure trove of social engineering tidbits about you that someone could use to gain access to your stuff. The thing people phish the most for online is passwords. Why passwords? Because most people use the same password for multiple websites across the internet. There’s a good chance that if you’re reading this, you might have the same password for your Facebook account that you have for your email account. So if someone got your Facebook password, then they also could get into your email account and what ever other sites you use that same password on.
Once someone has your email password, they can do a lot. Like for starters change your email address password and the recovery email address associated with it so that you can’t get it back.
So, for 2012, move away from using one password for all your internet sites and move to using a password safe that uses one really secure password. Most password safes include a password generator that will randomly create passwords for the various websites you visit. This way, you can have a different password for each website, and not have to worry about remembering them as they’ll all be stored in the password safe. Most password safes also include a browser plugin that will allow you to auto enter passwords so you won’t have to do a lot of copying and pasting of passwords.
Full Disk Encryption
Finally, the last thing you should do to help be more secure is to utilize full disk encryption using something like TrueCrypt. If you don’t want to encrypt your whole hard drive, you can use TrueCrypt to create a small secure file, that then creates another “drive” on your computer that you can then copy files to. When the file is not loaded, the data is encrypted. But you should really consider utilizing full disk encryption if you can, because it will encrypt all the data on the disk, and since we store more personal documents on our computers than ever before, making sure that data is encrypted and difficult to gain access to for someone that isn’t you is important.
The downside to full disk encryption is that you can not forget the password you used to encrypt the disk, as the data is then unreachable and there’s nothing that can be easily done to undo it, so keep that in mind when deciding on whether or not to do full disk encryption.