New Year Security

A new year is a good time to consider your computer security. Because so much of our lives are happening in, on, and around computers these days, it is simultaneously necessary and daunting to tackle computer security. But fear not, it doesn’t have to be a giant task.

Start by identifying the ten most important accounts you have and protect those. For most people these will likely include bank accounts, physical computer security, email, social media, and common online shopping locations like PayPal, Amazon, etc.

Once you’ve identified them, you need to go down the list and identify the repercussions of losing access and/or having someone else gain access. With that in mind you can assess what you need to do for that account.

In the case of your bank, you probably don’t have much control over changing your security set up. Most banks require a secure password and probably a 2-step verification (2FA) challenge question or code if you log in from an unknown location.

Consider treating your other important accounts similarly. Most online services require a robust password. And good practice means using unique passwords everywhere. Hackers probably won’t be able to get your password from your Amazon account, but if you use the same password that you use at Bob’s Burger place for online ordering, they may get that one and use it to access Amazon.

Every place you log into online should have a unique password!

Get yourself a password manager like Dashlane or 1Password. For a small fee they will help you make, store, and protect good passwords.

Most important sites have enabled 2FA and you should turn it on if you can. This means a hacker getting your password is not enough. I use Google’s Authenticator on my desktop and my phone and I add the code to both places. That way I can access things away from home, and I don’t lose access if I lose my phone. 2FA isn’t a perfect solution, but the combination with a good password is very good.

These measures won’t help if you don’t practice safe computing online. Don’t accept files, links, friend requests, direct deposits, computer assistance, etc. unless they’re from someone you know and you know they’re coming. 

Check if any of your passwords have been compromised on haveibeenpwned.com. This site will tell you if any of the sites you use was compromised with the possible leaking of your data. If any of them are of concern, take steps to update your security on those sites immediately.

Now that you’ve got your top ten, next month pick another ten and do those, and so on for the year. For non-critical logins, if you’ve picked a good password and enabled 2FA, you’re probably good for a while, especially if you’re checking haveibeenpwned occasionally. For critical sites I recommend a review of your security setup on the site and updating your password every year.

Happy New Year and Happy Computing.