Here are the top 5 ways to harden your security and privacy for your online acounnts!
- 2-Factor Authentication! ALWAYS use 2FA! ALWAYS! Try to use app based (like Authy or even Google authenticator) Better but not needed is hardware based like Ubikey and the worst (BUT STILL BETTER THEN NOTHING) is SMS/Email based.
- Use unique passphrases for each of your accounts. Did you know that a password like: “thisismyfavoritesiteIwanttoprotectit4!” is stronger then “Ni*fH9fk”? This is because when I use something like hashcat or rcrack the length of the password is the largest factor to how long it will take to crack. Better then that, just use your password manager (See number 4) to just generate the password and never even see it!
- Use unique emails for important accounts! You do online banking? Great, now make an email called gainsec.bank@gmail.com and use that literally just for your online bank. Have a credit card? Use the email gainseccard@gmail.com literally just for your credit card. This is a great way to stop password stuffing and other forms of breached/leaked data being used against you. Specifically services like Simplelogin and AnonAddy are perfect for these!
- Password Manager! You will need to use a password manager for all these emails/passwords. I recommend Keepass/KeepassXC. But if you choose to use a cloud solution then you can use 1Password (their family account is perfect for a household).
- Put fake information when possible. Every site you have an account on, ask yourself these questions: Is it illegal to put a fake name/DOB/address/whatever? Will it impede the service/product that I access the site for? For example, You can put a fake name for shipping things to your house, you can put a fake DOB on Amazon too but you need to put your real address otherwise your packages won’t even come. However something like YouTube, doesn’t need your Name, Address or DOB. Putting fake information on the IRS site is most likely illegal but putting fake information on Pinterest is fine.
Did I miss something that you do to protect your online accounts? Lmk on IG, Twitter or comment below!