š Online security 101!
Iāve been living on (and off) the internet since 56k modems, netscape, IRC, ā¦ and Iāve been creating accounts for various websites ever since. Most (if not all) of my passwords were written down on a piece of paper or later in a small notebook. I felt that my passwords were SUPER important, that I should never lose them and I took care of them properly! At the time most people only had to keep track of their ISP, mail, fora accounts credentialsā¦
Today we use a multitude of services and they feel more critical than ever before. Strangely though, we donāt put a lot of effort in them. With the rise of social media the general public got a lot more involved in everything that was happening on the internet. People started creating more accounts online and because people are lazy they started reusing the same password for several websites. Despite all password policies, a website canāt enforce you to not reuse a password from another website. You might have come up with an easy to remember, complex and long password but if youāre using that same password everywhere your online security is at risk. Imagine you register on a small website with the same password you used on all other websites and that website gets hacked, all your other accounts are also affected!
If you go to haveibeenpwned.com you can check which accounts have been compromised and you should update those passwords immediately! As in, NOW!
Best practices for securing online accounts
Iāll be giving some simple basic tips on how to sharpen your online security like a japanese damascus steel knife! Thereās more to tell about securily enjoy what internet has to offer but the next tips are a very solid basis.
1. Use a separate email address for every account you create.
This is something few people know but you can create an alias for every email address you have. Itās called sub-addressing or plus addressing. The best part is that you donāt have to configure anything on your mail provider.
stanny+somedomain@nuytkens.com
is a perfectly valid email address to give to somebody!
Every mail sent to this address will end up in my inbox but you can use the +somedomain
to set filters and because that is the email address used during registration, in case the website has a breach, only this email address will be known to the hacker. And since weāll be using a password manager you donāt even have to remember that!
2. A unique, long, complex password for every account.
Yes, for every account!
No, you wonāt need to come up with a clever password for every account you create.
No, you wonāt need to remember or write down that password.
You can use services like
- bitwarden.com (personal plan)
- lastpass.com
- northpass.com
Most of these services also offer a browser extension so you can easily auto-fill user + password when logging in.
Next blog post Iāll show how you can host one yourself! š
3. Enable MFA (Multi-factor authentication)
Most popular services allow (and sometimes enforce) the user to enable something called MFA. MFA is generally more known as 2-factor-authentication. This will give you an extra layer of security over your user + password combination. MFA enables the user to verify the login through SMS, email with verification code, a token in an app, ā¦
Enabling MFA will require the hacker to not only have your credentials but also the token to verify the login and we donāt want to make it easier for him now donāt we!
Enable MFA for:
4. Use OAuth where possible
OAuth will delegate the sign on process to a well known service like Microsoft, Google, Facebook, Twitter, ā¦ This way you can authenticate yourself through their login so basically you wonāt need to create a new account for the website you are trying to access, you just need to grant them access to read personal information from the provider. Of course you need to make sure that the account used for the OAuth provider is also well secured.
A list of notable OAuth service providers.
To a safer 2022!!