One of the things I decided to focus on this year is online personal security. There have been a number of high profile security breaches this past year and I would be willing to bet that there are steps everyone can take to make them less susceptible to what could be a devastating security breach. This series of posts is a basic how-to guide for improving your online personal security. There are many aspects of this topic, but I think this series is a good outline of the minimum actions everyone should be taking to protect their digital selves.

Why This Matters

If you need to be convinced that online security is important I recommend reading this article. In short, the article describes how a single security breach resulted in the author loosing nearly every bit of digital data he had including every photo he ever took of his child’s first year and other irreplaceable family photos.

If you use a service like Picasa Web, DropBox, or Skydrive to store your family photos then you need to get real about online security. Think about this, while those services are generally considered to be very secure, what happens if you reuse your password on another service that isn’t secure? What if some obscure website you created an account on uses the same password as your Google account? If somebody compromises the little-known site they have compromised your Google account and have access to your entire photo gallery in Picasa.

What happens if you have an old email account with a simple password that is set as your account recovery email in Outlook or Hotmail? If somebody compromises your old account they have also compromised your primary email account. If somebody compromises your primary email account, they can reset your Facebook account password.

Passwords

Passwords are the first line of security for any account you have. There are a couple of simple rules to follow to ensure that your accounts have secure passwords.

Don’t reuse passwords on multiple services

It is fairly likely that one of the online services you use will eventually have a security breach. If you share a password with multiple accounts you are allowing one security breach to propagate across services. A malicious user can take your username, email, and password from a compromised account and try that login on other accounts such as Facebook and Gmail. Additionally, when one account is compromised you will have to reset many passwords to reclaim your digital security.

Often when a company experiences a security breach they will automatically reset their user’s passwords. This will hopefully stop the initial compromise, but only on that service. If a malicious user gets your password to say your Yahoo account and you use that same password on Facebook, Gmail, and your bank it doesn’t matter how well Yahoo handles the security breach - all your other accounts have been comprised at the same time.

Use Strong Passwords

Using your pet’s name, your birthday, your address, your children’s names, or any other personally identifiable information in your passwords creates a much higher likelihood of being compromised as it gives a malicious user a starting point. Remember, you aren’t just concerned about strangers - you should worry about people you know and who may know you. Remember that anyone who is your friend on Facebook probably knows the names of your pets, kids, and other personally identifiable information. This is a great starting point if somebody wants to hack your account.

Good passwords should be at least 8 characters long and should contain letters, numbers, and symbols. The longer and more random the password the better. Below you will find some examples of good passwords.

U8s74spain&Water
Parrot51%grand9W
Wide124ZiduYS#d

Use a Password Manager

Remembering all the passwords you use on various services can be difficult. It becomes especially difficult if you follow the two above rules about not reusing passwords and creating strong passwords. To make things easier I recommend using a password manager. A password manager is a simple program that securely stores all of your passwords so you don’t have to remember all of them.

Personally I prefer 1Password. 1Password is available on Windows, Mac, iPhone, Windows Phone, and Android so no matter what device you have you will be able to access your passwords. 1Password also allows you to setup DropBox to sync passwords between all your devices. With sync enabled when you save a password on one device you can access that password on your  other devices. Additionally, using DropBox sync provides a good backup of your passwords in the event your harddrive crashes.

Another thing to note about a password manager is that since you no longer need to remember passwords, you can now use long and completely random passwords for every account. I recommend generating new passwords in 1Password for all of your accounts this way you are assured to have a strong password.

Password Generator

Next Steps

  1. Passwords (this post)
  2. Two-Factor Authentication
  3. Linked Accounts (coming soon)
  4. Trusted Devices (coming soon)
  5. Mobile Devices (coming soon
  6. Backup (coming soon)