5 super easy tips for better online security on Safer Internet Day
It's Safer Internet Day! Every February 10, the occasion is meant to be a reminder — particularly to young people — of the perils of the Internet.
The hope is to encourage more responsibility when we use the Internet and mobile technology. That can mean a lot of things and can be as simple as being more respectful online.
But it's also a reminder to better protect yourself and your personal information. Google, for example, is using the day to remind people about the importance of online security. Coincidentally, the U.S. government happened to announce a new government agency completely dedicated to combating cyberthreats on Tuesday
Of course, it's always a good time to remind people that it's easier and perhaps more common than ever before to fall victim to online attackers and cybersecurity risks. Every person should be taking measures to stay safer online. Before your eyes glaze, we have some very easy things that anyone can do to protect themselves online.
1. Use two-factor authentication
With two-factor authentication, users have to provide, in addition to a typical password, a one-time code when using a log-in service. In most cases, the code is sent to your phone — in a text message, for example. So after entering your password, you then have to put in what's basically a one-time second password.
Based on your preferences, two-factor authentication can occur every time you log in to something or only occasionally, like when logging into an account on a new device.
Many major websites offer two-factor confirmations. Google was among the first. But now a bevy of them — including Apple's iCloud, Dropbox, Microsoft, Twitter and Facebook — offer some form of login approval.
It might seem simple, but just a smidgen of time can almost double password security.
2. Update your browser and devices!
Browsers, operating systems and mobile devices often need updates. Sure, this can be a pain, but it's important. Many times, updates are intended to patch just-now-discovered security problems.
Researchers are constantly finding new security holes that cyberattackers can exploit. So if an update notice comes through, never hesitate. It could be the difference between losing 15 minutes of your time and a hacker gaining control of your computer.
3. Use unique passwords and a password manager
People are really bad at making strong passwords. In 2014, the most common leaked passwords were "123456" and "password." It's also typical for people to include their birth year (especially those born between 1989 and 1992) in their passwords.
Hackers are up to your tricks. For each login, each website, each service, you should be using unique passwords that have nothing to do with a dead pet or your birthday. "But how do I remember all these passwords?" you might be asking. Well, you don't have to.
There are a number of good password management services, such as LastPass or 1Password, that can generate and store login information in a virtual vault. Some even offer security-checking features that will let you know if you have duplicate or weak passwords.
4. Get a Google security checkup
Google is offering Drive users an extra 2GB of storage space if they take part in its Security Checkup program by Feb. 17. It takes a few minutes to run some quick tests on your Google accounts.
The feature offers an overview of your recent sign-in activity (to see if any unusual devices are logging into your accounts). With the checkup, users can also grant and revoke account permissions on their devices, as well as add recovery information — such as a phone number — to help Google get in touch if something is up with your accounts.
5. Use HTTPS whenever you can
HTTPS is the secure version of hypertext transfer protocol — the letters that come before the "www." in a web address. That last "S" can provide a big difference, however. HTTPS works to bidirectionally encrypt information sent between you and a website's servers.
It isn't perfect. HTTPS will not protect you from, say, government surveillance, but it can be surprisingly sophisticated in its protections. BMW, for example, failed to use HTTPS when transmitting data via its ConnectedDrive car system. That made the car vulnerable to remote hackers, who could have exploited that oversight to open car doors.
Most major websites are compatible with HTTPS, but it is best to be cognizant of the web addresses you're using. There are tools, too, such as HTTPS Everywhere browser extension, that works to automatically switch any HTTP address over to HTTPS.