The pursuit for privacy and security is a major issue debated by many people all over the world today.
Once more of a corporate issue, it is now a topic of many conversations, on the personal level and on the corporate level, all over the globe.
My understanding of these two very important issues is that of a balancing act.
You can reach a very high level of privacy and security but you will have to sacrifice your resources (time and money) and often, some comfort for your end users (or with private people, their own comfort) as you move to a more secure environment with your online digital life.
In this post, I will bring some simple, everyday life examples and tips:
Password complexity
If you were to change the password for your personal computer for instance, you would have to spend some more time logging in maybe, but all your information would be a little harder to reach.
It’s a simple fact, right?
Well, would it surprise you to know that:
- 53% of people rely on their memory to manage passwords.
- 51% of people use the same password for both work and personal accounts.
- 57% of people who have already been scammed in phishing attacks still haven’t changed their password.
- 71% of accounts are protected by passwords used on multiple websites.
- 29% of internet users have more password-protected accounts than they can keep track of.
- 90% of internet users are worried about getting their passwords hacked.
- The password “123456” is still used by 23 million account holders.
- 33% of account-compromise victims have stopped doing business with companies and websites that leaked their credentials.
Many SaaS (Software as a Service) providers are aware of this issue and have tried providing simple tools to secure online accounts but they are mostly unused by private people and corporates mostly choose not to enforce them.
Multi factor authentication
Even if you choose to have a simple password, you can still choose to make it harder for people to access your information by adding some sort of multi factor authentication.
What is that exactly?
Well, if you choose to login to your Google or Apple or Facebook account but you are asked to complete another step in order to complete the login like maybe an SMS sent to your phone, this is what is called multi factor authentication or MFA.
There are many ways to achieve MFA today and yes, it would take another 10 seconds to login to an online account but it would make it so much harder for someone to gain access to that account (even if you chose to use “123456” as your password).
The human factor
Awareness is one of the key factors in the security and privacy game.
Being aware of the risks is an important factor in the way we choose to protect our data.
Again, a simple example:
You may choose a strong and complex password for your computer and have all your online accounts implement MFA and then you are working in a public place like maybe the local cafe and you just keep the computer on and unlocked as you leave for a minute to chat with an old friend you just spotted.
Some Tips & Tricks
Adjust the level of information to the level of security implemented
A good balance would be to adjust the level of security to the importance of the information being stored, maybe create a few passwords in various levels of complexity and match them to the information saved.
Use a password manager
The human brain is not built for storing complex and strong passwords. Make sure you choose a good password manager and use it. Password managers keep updating, just run a search for a good password manager using your favorite search engine.
Some of the more recommended password managers at this time (Feb 2021): LastPass, DashLane, BitWarden.
With the use of a good password manager, all you have to remember now is just the login password for your computer 🙂
Online Password generators
There are many online password generators available today. I tend to use https://passwords-generator.org/. It’s easy to quickly create strong passwords using this generator and then use your selected password manager to store it.
TOTP
A little more complex to use but can give you a whole new level of security, TOTP (Time-based One-Time Password) is a protocol that creates a random 6 digits (may vary) password valid for 30 seconds synchronized between a client like (Google Authenticator, Twillo Authy, Microsoft Authenticator etc.) and the server trying to authenticate you. It may take a little reading to configure it at first, but it’s totally worth it and makes it virtually impossible to access your online accounts (most online accounts today support TOTP).
To sum things up
Many tools are available today to secure online accounts in so many ways. Eventually, it is up to the end user to decide how important is the information stored and how much protection he would like to apply. Investing a little more time into this, especially where sensitive information is stored, is highly advisable. Awareness can be easily developed by private and corporate users given the right education.