Word about the Heartbleed bug spread widely and quickly, prompting many of us to change our passwords on numerous log-in sites. Have a tough time remembering all your passwords? Begrudge the time and effort it took to make the changes?
Protecting online data is an ongoing concern, and changing passwords routinely is a practice that would serve us all well. There has been talk of instituting an annual Change Your Passwords day, but a once-a-year change is probably not enough to alleviate the concern. Hackers, leaks, security fails and program vulnerabilities are part of our wired landscape.
Before a team of security engineers discovered Heartbleed, a weakness in a version of OpenSSL, it existed for more than two years. This was a “resident” vulnerability, not a hacker’s attack or virus.
Being mindful of system vulnerabilities is the first step to minimizing risk in the wired world. Here are some additional steps to take for increased security:
- Passwords. They’re not a ‘one and done’ activity. Schedule regular password changes; make this a recurring item on your calendar, setting aside the time required. Create passwords using a mixture of uppercase, lowercase and symbols. Do not use your birthday, anniversary, family members’ names, recognizable words, sequential letters or numbers, or something else a hacker could easily guess.
- Private. Keep out! Check the privacy settings of your accounts on Facebook and other social media sites three to four times per year. Keep online programs up-to-date, as developers often release security improvements in their updates.
- Beware of fake email warnings. If you receive an email alerting you to the need to change your security settings or passwords on an account, check out its validity before responding. Spammers and phishing programs frequently send out realistic-looking emails; clicking on one of these and entering your personal data may result in compromising your account. Take the time to find out if the email is legitimate. Look at the URL address, visit Snopes.com to search for the sender, or call or visit the website of the official business.
- Use a Password Manager. Programs such as RoboForm, Norton Identity Safe, 1Password and LastPass allow you store, retrieve and change your passwords more easily. Check out the features of these and other password management programs to find out which one works best for you.
- Be defensive. Consider using two-factor authentication (also known as a 2FA) to provide an extra-step of log-in protection. Sites with this feature will require a second form of authentication beyond your password, particularly when the site is accessed from a new device (smart phone, tablet, laptop or PC).
These precautions can increase the security of your websites and personal online data. Have you found an effective tool or a technique for increasing your online security? Please post a comment below to share what you’ve found.