We tend to focus on business technology, but this time, we wanted to put together a guide that would help, well, everybody! It doesn’t matter how low-tech you are, chances are you still have to manage a handful of online accounts and passwords.
As it turns out, there really isn’t a big difference between protecting yourself as an employee working in an office compared to protecting yourself as an individual. Everyone needs to have strong cybersecurity habits because the entire world has built itself around going digital. Like it or not, this is how it is.
The goal of this guide is to walk you through some steps that will make maintaining your security and protecting your identity so much easier. It will take some time and effort at first, but once everything is set up and working, staying safe will become a much easier process.
We encourage you to share this article with everyone you can, from students to those enjoying their retirement. We all have friends and family who scrawl their passwords on a loose ream of paper, or who might even have worse habits that they think are perfectly healthy but are putting them at risk. This guide might help them reduce the risk of expensive, frustrating problems.
If someone sent you this link, hello! Nice to meet you! We hope you find this guide useful, and we’d love to get feedback from you if you have any!
Why You Should Care About Strong Passwords and Cybersecurity
We don’t want to come off sounding too preachy, but your cybersecurity is very important.
Your personal information is valuable, and protecting it is important. Whether you are on a computer all day at work or you hardly sign in throughout the week, if you use the Internet at all, you need to protect yourself. This includes smartphone and tablet use, laptops, computers, paying your bills, using social media, etc.
The goal of this guide isn’t to sell you anything (although we will recommend tools and products that have paid tiers), but ultimately, this isn’t something we intend to profit from. We want to spread awareness to people, even if they aren’t really a good fit to be a customer of ours. We work with businesses throughout AREASERVED to manage their IT and cybersecurity needs, but we don’t tend to work with individuals. Even so, we hope this guide helps as many people in and around our community as possible.
The rest of our blog discusses cybersecurity extensively; if you find this guide helpful, you can certainly read more articles.
Why Personal Cybersecurity Matters
Storytime! The Internet was originally built to be a network of ideas, information, and commerce. Since then, individuals, organizations, and businesses have come up with many amazing ways to make the Internet more useful, profitable, and critical to our daily lives. Things that used to be reserved for only some of the most technologically-abled users are now normal things that the average person doesn’t think about.
At the same time, scammers, criminals, and con artists have utilized the Internet in creative and dastardly ways.
And then you have the middle ground: the vast majority of enterprising businesses on the Internet sort of take a middle-of-the-road approach. They provide something seemingly very good, but there’s a little bit of a hidden price to pay.
Let’s use Facebook as an example.
When Facebook (back then it was called TheFacebook) launched, it was a closed-off network of select colleges and university students that could connect based on the classes they took. They could upload a photo, talk to classmates, and join groups based on the classes they were in.
(We’re grossly skimming over some history here to get to our point.)
A few years later, Facebook opened up to the general public, and quickly exploded in popularity. It didn’t take long before millions of people shared information about themselves, uploaded photos, and communicated on what would soon become one of the largest, most influential social networks. The world really hadn’t seen something like this before—a singular platform for hundreds of millions (now it’s 3 billion, or over a third of all humans) to communicate and connect.
To develop, maintain, and host this kind of platform, Facebook needed money. Back in 2012, Facebook’s operating cost was about $1 per user per month. They had around 800 million users at the time, so that’s roughly $800 million dollars per month just to run the site, let alone costs for future development, new products, new features, etc.
They don’t charge users to use Facebook, which would defeat the purpose of the platform. Instead, YOU are the product. Facebook’s revenue is based on ads. Facebook makes money off of ads because the people on Facebook produce content that encourage other people to continue to use Facebook. In return, you and I can use Facebook for free.
This is relatively reasonable in the modern world, and something that most of us can more-or-less ignore. However, it brings up just how valuable an individual’s data actually is.
Your activity on Facebook helps Facebook maintain itself and even profit. Granted, Facebook doesn’t have a flawless track record of how they handle your information, who they sell it to, and how people take advantage of the system, but it’s a perfect example of just how valuable your participation and information is.
Most businesses that you work with store information online. Your dentist might allow you to log in to see your dental history or pay your invoices, your trash collector has an account for you to make payments, and your Amazon account knows what types of products you look at, as well as the music and movies you like to watch.
We’re oversimplifying it, but the modern world runs on information, and that information is valuable, especially in bulk.
Let’s use Disney+ as an example. What does Disney+ know about you?
They likely have your name and contact information, credit card information, email address, and the types of devices you use Disney+ on. They also keep track of the movies and shows you watch so they can better serve you and make decisions about how to adjust their services.
It’s easy to dismiss this as the cost of doing business. Sure, Disney+ needs to know who I am to bill me, and obviously, they can track the shows I watch so they know how badly I want Season four of The Mandalorian!
But what if someone else were to get that information?
Well, your contact information is one thing. If the wrong entities get hold of that, you could start getting a lot more spam. They know you are a Disney+ user, so they could pretend to be Disney or pretend to be affiliated with Disney to try to trick you into something. It’s pretty easy to look through the list of devices that someone watches Disney+ on to determine their tax bracket, and look at the content they watch to determine their gender, cultural values, marital status, and even get an idea of when you are home or not. On top of that, there’s credit card information.
That’s a lot of information, and that’s just Disney+! Email providers, cellphone carriers, Internet service providers, banks, and social media sites store even more information about you.
You aren’t going to change this paradigm. You are a part of this digitized future, and you must acknowledge it and follow the steps in this guide to protect your information.
Why Me? What Could Someone Do With My Data?
We hear this one a lot. In fact, almost every single time we help someone who cybercriminals have targeted, this question comes up.
Cybercrime is rarely personal. It’s rarely because you were some kind of target that stood out.
The bad guys don’t care about you as an individual; it’s a numbers game. It’s like any sort of marketing or advertising campaign—they target thousands or millions of people with the expectation that they will get a certain return on their efforts.
Remember our Disney+ example above? If they were to break into Disney+’s network and steal that information from a million accounts, each one of those accounts would be worth a little money on the black market. This happens all the time, as big organizations suffer from data breaches and all of that information gets dumped on the dark web for other criminals to steal, sell, and use.
Maybe Disney+ data isn’t the gold mine, but cybercriminals do know that most users have one weakness that makes them especially vulnerable…
Some of those passwords stolen from Disney+ are likely going to work on other accounts for that user, because most people are notoriously bad at using unique passwords between accounts. In fact, in a survey that interviewed several million people, 52 percent of them admitted that they use the same password more than once.
For a large percentage of users, if I have your Disney+ password (or some other password from a different account), I can likely get into your email, bank, or some other much more valuable account.
If I can get into your email account, I can easily reset any other password for any other account and get right in.
These big organizations get breached all the time, and often take months before they even realize it or tell their subscribers about it.
Want to see how many times your email address has been found in massive data breaches? There’s a great site for checking: https://haveibeenpwned.com/
Fortunately, what we go over today throughout the rest of this guide is going to protect you from this. Thanks for listening to us so far—cybersecurity is something we are passionate about and we just want to help you understand why it’s so important. Let’s get on to the guide so you can protect yourself online!
Let’s Strengthen, Organize, and Document Your Passwords Securely, Once and For All!
In this guide, we will cover several steps to gain control over your passwords. We’re going to discuss a few ways to make strong passwords that are easier to remember, but ultimately, you are going to rely on a secure password manager to remember most of your passwords for you.
This process is going to take you time, but once it’s done, it takes very little effort to maintain.
We’re going to start with making strong passwords, but there is going to be a little house-keeping for you to do as well to help ensure you know how to get into as well.
Here are the steps we’re going to take:
- Create a few strong master passwords
- Choose a primary email that governs your accounts
- Secure that email with a new, strong password
- Choose a Multi-Factor Authentication app
- Set up Multi-Factor Authentication on your primary email
- Select and set up a password manager
- Update every account, secure it, and log it in the password manager
- Delete old passwords stored in your browser
- Maintain the course and continue to practice good cybersecurity hygiene!
Step One: Create Strong, Unique Passwords
A strong password includes the following: capital letters, lowercase letters, numbers, and symbols. The length of the password is also essential, as shorter passwords are easier for hackers to crack. With the right tools, a criminal can crack an 8-character password in just a few minutes. A good goal is 16-to-24 characters (although some sites or accounts might limit you to 12-to-16 characters, so always try to use the maximum possible).
You might think that’s a long password and you are right! It’s hard to memorize and recite a complex password like that, but the good news is that you’ll only need to memorize one or two of them (we’ll get there in a moment).
Ultimately, we are building a master password, and you’ll need to recall this password in order to bring up all of your other passwords. We recommend having two of these—one for your primary email (we’ll get to that in the next blog post) and one for your password manager (covered in part four).
The easiest way to make a password that is both easy to remember and secure is to use passphrases. A passphrase is a string of random words that wouldn’t usually go together, and don’t really have anything to do with you personally. Avoid pet names, family members, phone numbers, zip codes, birthdates, and other personally identifiable information.
Here’s an example:
Jedi Monsoon Spaghetti Dragon Ship
These five words contain 30 characters if we string them together. If we adjust the capitalization to make it a little more complex, add a few numbers and symbols, we get an extremely secure password that is relatively easy to memorize:
JEDImons00nSPAGHETT!drag0n$hip
Obviously you can’t use this one, as it’s posted on the Internet, immediately making it easy for criminals to crack.
If you aren’t feeling particularly creative, you can use this random word generator to spit out some ideas for you.
You Can Cheat a Little and Still Be Secure!
Complex passwords are secure, and by the time you finish this five-part guide, you’ll be using a password manager that does all of the memorization for you. In most cases, you’ll never need to type in most of your passwords except when logging into your password manager. There is an exception to this—your TV.
It’s a huge pain to try to type in a 30-character Hulu password just to watch Cupcake Wars, so here’s a little exception to the rule that you can use specifically for streaming services to make the passwords a little easier to enter.
It’s still critical that these passwords are unique, complex, and random… but maybe you want them to be a little easier to type into a television with a remote control. This also applies to guest Wi-Fi passwords and other accounts that you might need to read out loud or share manually.
Here’s a quick set of tips to make passwords that are easy to type or read out loud to a guest
- Keep capital letters bunched together so you don’t need to tap the shift key repeatedly.
- Keep numbers and symbols bunched together for the same reason.
- Want to be super lazy? Use characters that are near each other on the keyboard.
- Avoid characters that look like numbers or other characters, such as capital Is, lowercase Ls, the numbers 1, 0, and the letter o.
For example, your Netflix password could be something like this:
DRRZVBpkmmmy4958#@!
(obviously, don’t use this password, since it’s published on the Internet)
Note that the first third of the password is all caps, using letters on one side of the keyboard, while the second third is all lowercase using letters from the other side.
It’s much easier to type out with a television remote than something completely random, but this password still follows all of the critical rules that make it a long, complex password! It’s just easier to enter into your television or Wi-Fi.
Stay Tuned for The Rest of This Guide!
This is part one of a five-part guide! Head back to our blog to see the rest of these articles (we’ll post each one every other weekday). You can also click on #Password Guide below to see all the currently published parts.
