2020 is over – we can finally say it out loud. While we may not be able to put everything behind us, there are a few things we can pack up and wave a cheery goodbye to. The first one that comes to mind? Bad online security.
While it might not be the most obvious new year’s resolution, scrubbing up online habits can be a little more exciting than ushering in a reduced Netflix schedule.
Internet use changed dramatically over the past year, as companies moved to hybrid work and families opted for virtual gatherings. This shift in online activity comes with an increase in vulnerabilities due to careless online habits, like weak passwords and reusing the same password for multiple accounts (hint: Changing the number at the end just isn’t good enough).
The good news is that, with a few simple changes, you can set yourself up for security success this year.
Start with email
Think of your email as the gateway to each of your other accounts. That said, it’s a logical first step when buttoning up your online security.
Use a password manager with a random password generator to create a strong, unique password – at least 20 characters with a mix of numbers, symbols, and uppercase and lowercase letters. That means no personal information like your birthday, address, or phone number.
If you think your email may have been compromised, head to Have I Been Pwned to confirm. Founded by Troy Hunt, a leader in the security development space, HIBP keeps an updated list of websites that have been “pwned”, and can also alert you if a future breach occurs.
And if you really want to make sure you aren’t affected by a data breach, we’ve built this functionality right into 1Password. Watchtower alerts you to security problems with the websites you use, so you can update any compromised passwords right away.
You can also follow @1PWatchtower on Twitter for regular updates.
Use MFA for added safety
Multi-factor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered.
MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey. YubiKey is easily integrated with 1Password and provides a range of authentication options including two-factor, multi-factor, and passwordless.
Certain sites only offer MFA through text messages, or SMS, which actually presents its own security risks. We only recommend using SMS for MFA if it’s the only option available.
If there’s ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account. Don’t overthink this extra step; you can set up 1Password as an authenticator and make it easy to sign into sites where MFA is turned on.
Turn on automatic updates on all your devices
Here’s another easy one: Stop snoozing the update notifications on your devices and turn on automatic updates. That goes for browsers and apps as well – turning on automatic updates is one of the easiest ways to defend against security vulnerabilities and takes care of the pesky notifications at the same time.
Check your Wi-Fi router
Your router (along with smart home devices) can be an entryway for hackers. Many routers are shipped with the default password and username “admin”, which is essentially a welcome mat for privacy breaches. It’s a good idea to update these default settings as soon as possible. Use a password generator (like the one built in to 1Password) to generate a strong, random password and lock down your home network.
Track down old accounts
Don’t be a victim of passwords past. Have an old blog or untouched social media account? Or maybe you don’t use PayPal anymore since Venmo took over. Old accounts can still hold valuable data and sometimes be more vulnerable to attack. Back in 2013, a simple security flaw compromised millions of MySpace accounts, but the details around this weren’t disclosed until three years later.
Lesson learned. Delete any inactive accounts (only after removing personal information like credit card details, date of birth, or your home address) or update them with a strong password that isn’t used anywhere else.
New year, new tools
Prioritizing online safety in the new year doesn’t have to be complicated. Any new devices you may have acquired over the holidays are a great place to start. Make 1Password your first download to secure your apps and accounts, and if your device supports biometric unlock, set it up with 1Password.