Password Security ABCsWhether on a mobile device or desktop, web security begins with setting up strong, unique passwords to protect each of our online accounts. It is never too late to begin adopting this practice, either. According to Lori MacVittie, evangelist for F5 Networks, educating children into password safety early on can instill in them a lasting security awareness that accompanies them into adulthood:
"Our oldest children were creating per-app, complex, phrase-based passwords for everything in their teens without prompting after years of being reminded to do so, and they continue that practice today. Practicing – and instilling the same practice in children as early as possible – is one of the best ways to protect personal and corporate data from being exposed or stolen. If someone gets your Facebook credentials, it may be embarrassing, but at least they can’t use those same credentials to breach a corporate system or abscond with the balance in your savings account."It is important to note that complex, unique passwords do not just protect our accounts; they also help to protect our online access more generally. For example, Bob Covello, a 20-year technology veteran and information security analyst, is aware of how neighbors can knowingly or not exploit your Wi-Fi bandwidth after coming over for dinner and connecting to your network. This threat reveals that passwords, even those that protect our wireless networks, should be updated on a regular basis.
"Home Wi-Fi networks are among the easiest networks to break into," observes Covello. "It's important to note, however, that this is not about a malicious hacker waiting to infiltrate your home network; it's about a simple oversight that could affect your Internet speed. Something as simple as changing the Wi-Fi access password every few months can be a good way to guarantee that the signal you are paying for is truly yours."
Additional Security Layers for Our Accounts and Mobile DevicesThough you may have created unique, strong passwords, this does not mean that your digital life is now secure. Today's growing list of breaches and hacks testify to the fact that malicious actors can compromise people's login credentials and obtain unauthorized access to their online accounts. In the shadow of this threat, it is therefore important that we as digital citizens take some additional steps to secure our accounts and mobile devices in the event that are passwords are exposed by attackers.
"The first point of call should be two-step verification," recommends Richard De Vere, principal consultant for the AntiSocial Engineer Ltd. "This is a massive hindrance to the ‘baddies’. Even if your password is compromised in this scenario, the attackers would require either your unlocked phone or an amazing level of technical ability to gain access to your online accounts."De Vere specifically urges users to download Google Authenticator and add as many online accounts that support it as possible, especially email accounts. (NOTE: Each two-step verification process provides the user with a backup code in the event that they misplace their mobile device. These codes, explains De Vere, should be stored somewhere safe and secure.)
"The value of a password, like a key is what it opens, and the more of your doors one password opens, the more it fetches online on underground markets, and the more damage that can be done."Acknowledging these risks, De Vere states that users should turn to a password manager, such as KeePassX, that can remember unique, super long passwords for them. These applications can also be synced across mobile devices, such as KeePassX with iOS (MiniKeePass) or Android (KeePassDroid), for easy mobile access. Of course, these extra security layers mean little if you happen to lose your phone. This is why we must also take steps to protect our mobile devices. One way we can safeguard our devices is by installing a mobile antivirus solution that comes with a feature that helps users locate their lost phone, such as Lookout Mobile Security. Then again, as Covello rightly notes, we should be careful with which apps we decide to share our locations.
"Generally speaking, there is no need for any application to know your location unless it is serving a specific purpose to assist you. While I may occasionally enable my camera to record my location, as a general rule, that feature is turned off. I am much more comfortable manually enabling my camera than accidentally letting the entire world know where I was when I post a photo online."Covello recommends that mobile users share their locations only with navigation apps and antivirus solutions such as Lookout. All other apps should be denied this permission.