How to protect your online accounts

Thought I’d continue the holiday cheer by giving y’all a gift today. The gift of cyber security ;P. Here are a few of the best possible things you can do to protect your online accounts.

  1. 2-Factor Authentication! ALWAYS use 2FA! ALWAYS! Try to use app based (like Authy or even Google authenticator)Β  Better but not needed is hardware based like Ubikey and the worst (BUT STILL BETTER THEN NOTHING) is SMS/Email based.
  2. Use unique passphrasesΒ for each of your accounts. Did you know that a password like: “thisismyfavoritesiteIwanttoprotectit4!” is stronger then “Ni*fH9fk”? This is because when I use something like hashcat or rcrack the length of the password is the largest factor to how long it will take to crack.
  3. Use unique emails for important accounts! You do online banking? Great, now make an email called gainsec.bank@gmail.com and use that literally just for your online bank. Have a credit card? Use the email gainsec.cc@gmail.com literally just for your credit card. This is a great way to stop password stuffing and other forms of breached/leaked data being used against you.
  4. Password Manager! You will need to use a password manager for all these emails/passwords. I recommend Keepass/KeepassXC. But if you MUST then you can use LastPass I guess.
  5. Put fake information when possible. Every site you have an account on, ask yourself these questions: Is it illegal to put a fake name/DOB/address/whatever? Will it impede the service/product that I access the site for? For example, You can put a fake name for shipping things to your house, you can put a fake DOB on Amazon too but you need to put your real address otherwise your packages won’t even come. However something like YouTube, doesn’t need your Name, Address or DOB. Putting fake information on the IRS site is most likely illegal but putting fake information on Pinterest is fine.

Did I miss something that you do to protect your online accounts? Lmk on IG, Twitter or comment below!

Leave a Reply