top of page

Protecting Your Digital Identity: Best Practices for Online Security


A hooded hacker on a Mac laptop

Long gone are the days that a thief had to find your home, or you personally, to steal from you. Identity theft is sadly a growing trend in the modern world, with nefarious criminals pretending to be you to open credit cards, bank accounts, and take out loans, profiting while your credit and good name get sullied. Sadly, once you have fallen victim to this type of crime the work you have to put in to set things write can be overwhelming and take a long time, just to prove you didn't suddenly buy $25k worth of apple gift cards at that Target a thousand miles away.


While like any crime, there is no surefire way to ensure you never fall victim to this heinous type of crime, you can definitely lower your chances and be ready to fight back should the need arise. Luckily many of the steps you can take to make the thieves life hard aren't difficult for you to implement.


One of the simplest ways you can drastically increase the work it takes to break into your accounts is a good, unique, password on all your accounts. Identity thieves love it when you password is simple and used all over the place because its a one stop shop for them, letting the get what they want quickly and easily. When making a password, the longer the better, and including multiple types of characters (numbers, lower and upper case letters, and special characters) can make it exponentially harder to crack. I often recommend using "passphrases" since they are long but easier to remember, an example of which may be "YouCan'tCatchMe1984!"


By using these strong passwords, and not reusing them across accounts, it takes much longer for the thief to gain access, and they will have to repeat their process for every account they way to break into. Making it difficult and time consuming will often deter a thief, just like having flood lights, an alarm, and a big dog would deter a would be burglar. The fact of the matter is, most criminals want the most reward for the least work and risk, and if you make it hard and risky they will likely look for easier prey. Remember that there are 95 possible characters in each slot of a password so the long it is, the harder it is to "guess."



biometric scanner symbolizing two-factor authentication

Another step you can take, and it's widely available on many accounts, is Two-Factor authentication, or 2fa. This allows you to add an extra layer of security to your account by requiring another step after entering a username and password. The most common type of 2fa is a mobile authenticator that will put out a One Time Code that changes on a regular basis, meaning that an attacker would need to know your user name and password, and then be able to get access to the one time code before it changes. Given that these codes often only last between 30-60 seconds, that is quite a tall order for any hacker.


Other forms of Two-Factor authentication you may see are biometric, such as fingerprint or facial recognition, email codes, texted codes, or physical keys such as a key card. Regardless of the method, this is another thing the would be thief would need to have access to in order to pretend to be you, and most of these methods involved gaining access to another account, or worse for the thief, your physical property or person.


Moving on to your browser, we all have one and we all use them in a variety of ways, and the way you use your browser can have an impact on how likely you are to fall victim to identity theft. Most cyber attacks, unlike in the movies, don't involve an expert hacker running hundreds of commands in quick succession to break into your machine, in fact most of them start with the victim unwittingly handing over their keys to the thief. So how do you avoid these pitfalls and stop any possible leakage of your credentials?


First make sure you know the sites you are visiting are reputable. In todays world its easier than ever to slap a site together and throw it online, which means its easy for these attackers to have a decent looking site to convince you to put in your username and password which then logs that information for the thief. Avoid clicking on suspicious looking links in emails or on other sites to minimize your chances of hitting one of these.


Another thing you can do is makes sure you use HTTPS as much as possible, and never make financial transactions if this is not active. You can tell by either looking at the URL which will ready https://www.<site> or looking for a 🔒icon next to the URL in your browser. Lastly make sure you are very cautions about clicking through links or opening any attachments on unexpected emails, which happens to lead us into the next topic, phishing.


a phishing attack stealing a username and password

Phishing is a very common method for attackers to gain access to your system and/or accounts. While phishing, which is email based, is the most common, there is also smishing, or text phishing, and vishing, or voice phishing. What all these have in common is that they have the same goal of getting you to hand over user names, passwords, personal or financial information. These scams will often try and give a sense of urgency so you will take less time to think over what you are reading, frequently using threats to get you to reactionarily hand over what they want. Always be on the look out for bad grammar, funny looking email addresses, or other signs that the message may have been hastily put together or may not be official. Lastly hovering over any link in the email will open a popup window that will show the actual URL, and if these don't match that's a big red flag. While in the email the link may say microsoft.com the real link may pop up and show something like "rd2s.jsn.com/sql/adsfn942@5?.php" which is quite obviously not Microsoft.


Another big way for these thieves to gain information is to case out your social media and browsing habits. Just like a burglar may watch your house to see when you are the least likely to be home and what obstacles you have set up, identify thieves will gather as much information about you as they can. Often those fun little Facebook quizzes that ask your name, age, first dog, what street you lived on etc. are put out by these people because, as you may have notices, this information is often used to recover accounts, which could in turn give them full access. Some ways you can protect yourself from this is changing your privacy settings in both your browser and on social media. Preventing every Tom, Dick, and Harry from being able to see everything you post online can make it much harder for thieves to find this information. You should always be careful what you post online, and even more so for things that are fully public as you never know who is watching.



a hacker listening to public Wi-Fi

Another major thing you can do to prevent these thefts is only using secure Wi-Fi networks, and never passing an identifiable information across unsecured networks like those found in airports or coffee shops. While most home networks come with some basic security out of the box, public Wi-Fi frequently has these settings turned off for easy access to users. That being said, getting on your bank account online while hooked up to one of these Wi-Fi connections could be similar to screaming your name and social security number in a crowded room, and you never know who's listening. Utilizing a VPN can help with this by encrypting traffic, even on a public Wi-Fi, so that anyone "listening" to your traffic only gets a garbled mess rather than anything usable. Also make sure any network you connect to matches exactly to a businesses stated network as many attackers will use a "Pineapple" to pretend to be the public network but is really a network controlled by an attacker giving them full access to everything you do online while attached to their network.


Lastly, but far from least, update your software. I know, it can be inconvenient when you see that icon pop up that Windows needs to restart, or when you browser tells you you need to update, but these updates may be the difference to being safe and losing your information. Companies like Microsoft, Apple, and Google are constantly updating their software to fix holes in their security, but if you don't install the update you are left vulnerable to what is now a publicly known exploit. So always update your software as soon as you can to make sure you have most up to date protection.



Armor protecting you online

By following these steps, and keeping this information in mind, you can make sure you are a "hard target" that most thieves will pass over in search of easier prey. Just like a cheetah would prefer trying to eat a rabbit to a porcupine, online criminals want easy prey. So remember to use strong passwords, and not reuse them across accounts, use 2fa when available, change how you browse and use social media to stay secure and be vigilant to possible scams to relieve you of or accounts.







2 views0 comments

Comentarios


bottom of page