thoughts on account management

Seems timely – you can get full on password managers; I never find them to useful but – by no means a definitive guide – Google are better for that

These are just my tips for securing you online accounts, you need to find something that is not only secure but practical, going over the top is what gets most people into trouble writing the passwords down and putting stickers on the backs of phones, you have to weight up the risks and impacts on you versus how hard it is do actually do stuff. In short if you are a nuclear physicist in Iran, you probably want to do a lot more than what’s below.

Some ways to secure your online life a bit more:

  1. If you can use two factor authentication on important accounts
    1. do this on your Google account now! – if you use gmail – this is probably the most important thing to do!
    2. Facebook can do this here
  2. Use OpenID on sites if they have it (that’s login with you google/twitter account on another website) and you trust them

    You can then use your master account to control access to other accounts.

    Google do that here

    Twitter does that here

  3. Don’t use the same passwords everywhere

    Have a password tree – pick a theme, – examples, movies by a director, characters in a book, song titles from a band: add some numbers (not replacement that’s pr3d1ctabl3) and put them in a structure.

    These make good passwords because they are easy to remember and longer than a single word. –

    For example (and no I don’t use this or anything close):

    LongJohnSilver93 , BillyBones93, JimHawkins93 – all characters from treasure island (and you unlike me here should pick a book you have at least read)

    If you put them in some form of structure (you might say Jim Hawkins is the main character so you use it on your top account) you are more likely to remember them.

    ( I admit I do reuse passwords, but it’s a ‘bottom’ level password I tend reuse on forums and stuff where the worst that someone could do is logon to the forum and post something stupid – I am perfectly capable of this myself – so it would be a fruitless hack )

    This is vulnerable to someone getting a couple of your passwords and spotting a pattern, but if someone is really concentrating to that degree on your account, you’re in more trouble than this page is going to help with)

  4. Turn on HTTPS for sites that have it

    HTTPS is basically secure internet browsing, everything from your device to the internet is encrypted before it goes, increasingly sites use this by default but some of them you have to turn it on.

    1. Facebook – go here enable secure browsing
    2. Twitter uses https by default
    3. Gmail uses https by default you can check that in the settings

 

  1. Don’t believe everything on the internet – the reality is the above will protect you from brute force/stolen db attacks , a bit, but it won’t protect you from social engineering where you are basically tricked into revealing something
  2. Don’t be too scared – the high profile stuff makes the news but even 250,000 twitter accounts isn’t a lot when you consider it against 5 00million twitter accounts, and you are very unlikely to be targeted individually, most hackers are looking for bulk so they can sell the information on and make a fast buck. As Nick Ross would say – don’t have nightmares, do sleep well