I'm currently in the process of revamping my internet security by making small changes in the way I handle passwords, encryption, and data storage. Internet crime is becoming more sophisticated and organized. Syndicates in Asia and elsewhere have successfully changed the business module for cyber crime to quantity over quality. Many of the changes I'm making are a result of reading Kill the Password.
5 ideas:
1. Don't answer your security questions honestly. Your best man's name, your mother's maiden name, the town you were born it, the high-school you went to, can easily be discovered online. Make up odd answers and print them out.
2. Instead of writing passwords down, many of us use only one to three passwords for multiple sites. If a hacker gets access to a site's information and learns your password and email, they can try that combination with other sites to get more info or worse yet, get into our email. Don't be afraid to write down passwords and never use the same password for multiple sites. Especially your email. The chances of your passwords being physically stolen and used from your house are very small (especially if you write them in code).
3. Make passwords as difficult as possible. Especially passwords that you only have to enter once (like your router). This sounds ridiculous, but make a password 30+ characters if allowed. This makes it almost impossible for cracking software to find the combination.
4. Re-evaluate public internet use and data storage. If you have a cheap netbook or backup computer, use it for the coffeehouse or travel and don't use online banking or other important sites on these unsecured connections. Keep files like tax returns and statement on a jump drive or external hard drive that is kept in a secure location at home. Keep these files off any jump drives that are carried on key chains or brought to the store for photo printing in case they are lost or stolen.
5. Use extra security features on your most important accounts. Google's 2-Step verification allows only pre-approved computers to login unless a security code (texted to your phone) is entered. Routers can be setup to hide your network instead of broadcasting it.
