The Internet is full of criminals who are actively trying to get hold of your accounts, your identity, and your money. This guide will give you some tips on how you can protect yourself from them, and stay safe online.
Use a different password for each of your accounts
It may be easier for you to have the same username and password for every site and service you use, but it’s also immensely dangerous. If just one site you use gets hacked — and the usernames and passwords are exposed — the hackers will know your logins for everything.
It is fine to use your email address as your username for multiple sites — indeed, sometimes, it’s unavoidable — but make sure that you use a different password for every single one of those sites. And whatever you do, make sure that you have a unique password for your main email account. The first thing any hacker will do if they encounter your credentials is try the email address they have found with the password they have found to see if you’re using it for your email account, too. Don’t make it easy for them.
Use a long string of letters, numbers, and symbols for your passwords
The longer and more complicated your password is, the more difficult it is to guess and the more difficult it is to brute force (automatically try over and over again).
Ideally, your passwords would be sixteen characters long. Naturally, this will make them extremely difficult to remember, which is why you should . . .
Use a password manager
There are a number of different pieces of software on the market that will manage all your usernames and passwords for you. Instead of using a single password for every site, you use a single password to unlock one of these apps, and then it enters your unique and complicated passwords for you on each site. The more sophisticated among them can even warn you when a site has been compromised, so you know you need to change your credentials.
Turn on two-step verification
Most major services now offer two-step verification. This adds a second, well . . . step to your login process, to make sure that it’s really you. Most commonly, this is achieved by the service texting you a code once you’ve entered your username and password (the theory being that a hacker may have your credentials, but he won’t have your phone), but there are also special apps that achieve the same end.
Two-step verification is certainly more annoying than one-step. But it is a lot less annoying than losing your email or bank account to criminals.
Don’t give out your information via e-mail
“Phishing is the process” by which a scammer sends out a fraudulent email that looks like it comes from a major service (Google, Apple) and requests sensitive information such as a credit card number, Social Security number, or password.
As a matter of habit, you should always check the details of any email you receive: it is unlikely, for example, that Apple will send a real email from firstname.lastname@example.org, and unlikely too that its recovery forms will be hosted at a random domain or covered in spelling mistakes. But a better rule is to avoid giving out sensitive information by email ever, for any reason. No reputable company will ask you to, and if you’re worried you should call them.