There seems to have been a lot of Security type news recently (cheers Facebook…), and I’ve been surprised at how little people know when it comes to basic internet and password security.
With that in mind, here’s a few basic tips that I think everyone should know.
Note: This blog post is aimed at individuals rather than businesses, however some of the principals are still relevant for businesses and employees.
1. Deactivate Facebook logins for old unused services
To do this click on Facebook’s Settings and then ‘Apps and Websites’. You can then see a list of all the websites that you have logged into with Facebook (and most likely shared a little too much information with them!).
Select any you don’t use any more and remove them.
2. Log out of Facebook sessions that you don’t use
Again under Facebook Settings, head to ‘Security and login’ and take a look at all the Devices/Browsers that your Facebook account is logged in on.
Completely clear this list to force Facebook to log out of all of those places. It’ll keep you logged in to your current session, of course.
3. Don’t use your primary email for rubbish
If you’re signing up for something you never plan to use again (think “Sign up to our Newsletter to get 10% off your first purchase!”), and won’t be sending any confidential information to your email, then use a publicly accessible ‘burner’ email. This can be accessed quicker than your actual email, by using a service such as https://www.mailinator.com. You can thank me later for that tool.
4. Don’t share passwords between websites
I repeat. Don’t. Share. Passwords!
But how do you remember all those different passwords? You don’t. Use a password manager instead, such as https://lastpass.com. You can then simply access all your passwords, on any device, in different locations, using a single Master password.
Just make sure that your single Master password is secure, not used elsewhere, and not written down!
5. Use strong passwords
A nine character “a-z” type password, such as the word “notepads”, can be cracked in milliseconds.
Passwords should ideally be over 8 characters long and contain a mixture of lowercase, uppercase, numbers, and punctuation.
If you use a password manager you can generate these automatically in seconds!
6. Don’t take breach notifications lightly
Companies are legally required to notify you when your data may have been hacked.
If this means they have been able to get hold of the email and password you used for the hacked site, then that now means they likely have your email and password for many other websites which you have shared the same information with. But you don’t have to worry about that, because you don’t share passwords…right?
7. Check the actual Email ‘From’ address of dodgy looking emails
The From address may come up in your email as something normal such as “PayPal”, but if you click the sender to reveal the actual email address, you may find the domain name used in the email doesn’t match the website it claims to be from.
E.g. [email protected] is clearly not from the website PayPal.com.
If the address is different have a google search before clicking any links in the email or opening any attachments.
In this example, the age-old saying "If it’s too good to be true, it likely is" always applies!
This blog post was originally posted on www.rickdonohoe.co.uk.