1. For Every Service, Use a Unique Account With a Strong Password.
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have.
2. Use Different Email Addresses for Different Kinds of Accounts
People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it’s fake.
Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it, and create a new one. This is a do-it-yourself version of the masked emails you get from Abine Blur and other disposable email account services.
3. Use Two-Factor Authentication
You know services that send you a code to your phone or email? That’s two-factor authentication. It requires that you verify your login on some other service or device so that you have essentially logged in twice.
Two-factor authentication can be a pain, but it absolutely makes your accounts more secure. If you just use a password for authentication, anyone who learns that password owns your account. With two-factor authentication enabled, the password alone is useless.
Fundscraper will turn on two-factor authentication for accounts by December 4 2020.
If you want security and simplicity, use a secure, existing account from a top tier provider and make sure it uses 2 factor authentication. Microsoft and Google (gmail) accounts are highly secure if you enable 2FA on them.
Fundscraper currently supports logging in from Google, Linkedin and Facebook. Apple, Microsoft, and Amazon log in’s will be supported by December 4, 2020.
For google, access here.
For Microsoft Accounts, access here.
4. Turn Off the ‘Save Password’ Feature in Browsers
Speaking of what your browser may know about you, most browsers include a built-in password management solution. We at PCMag don’t recommend them, however. We feel it’s best to leave password protection to the experts who make password managers.
Think about this. When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If the password manager can do that, you can be sure some malicious software can do the same. In addition, keeping your passwords in a single, central password manager lets you use them across all browsers and devices.
5. Create Strong Passwords
Don’t use the same password for all your accounts. Make sure your password is strong and avoid using actual words. The current recommendations for strong passwords include at least 12 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol although better and more thorough recommendations can be found here.
6. Watch Out For Scams
Watch out for phishing attacks that try to trick you into providing sensitive information, or clicking a malicious link or attachment.
Some examples of phishing scams look like messages from what appears to be a legitimate source such as a bank or an official-looking institution. The message invites you to sign in with your email address and password, but it’s actually a fake website. Other scams look like emails from someone you know which asks you to click a link or open an attachment.
Phishing messages usually have links or attachments. When you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your content.
If you receive an email that looks even slightly suspicious, do the following:
- Hover over the link and look for the name of the actual website the link is sending you to. Make sure it’s what you expect and not misspelled.
- Search for the legitimate website instead of clicking a link in the message.
- If you receive a message from someone you know, but it looks a bit unusual, it could mean the sender’s email account and contact list was compromised. Contact the sender directly and describe the mail you just received and ask if it was legitimate.
Hopefully, these tips will protect your accounts and help ward off any malicious emails and scammers that may come your way.
If you have any questions or concerns, please contact Todd Verstraten, Vice President of Technology at firstname.lastname@example.org.