Best practices against data-leaks

Google recently posted an article comparing how security experts and normal people stay safe online.

Here are my thought on how to stay safe:

1. Unique passwords

The most essential thing to not having all your data leaked is not reusing a password EVER.

By reusing a password and a site with that password gets compromised that means the attackers get access to all other sites where you use that password.

The most common way for people to ‘hack’ you is to find ‘data dumps‘ with your password and username and then try it on big sites such as Facebook or Gmail.

If you do it right it means it’s impossible for you to remember your passwords. Which brings me on to the next topic.

2. Use a password manager

Password managers such as 1Password and LastPass is something essential to our current digital lives. These programs won’t only store your passwords but will help you create new good passwords.

If you don’t have to use a password manager’s passwords you can use my password generator. It creates truly unique passwords which I guarantee no one will crack*.

3. Two Factor Authentication

The most common factor of authentication is using something you know, like a password. Two factor authentication or multi factor authentication means using two or more factors of authenticating.

The possible factors of authentication are:

  • Something you know (Like a password)
  • Something you have (Like a phone or the little RSA dongle you get from your bank)
  • Something you are (Like your iris, fingerprint or other things unique to your appearance)

@SwiftOnSecurity made a humoristic image about this:

swiftonsecurity-mfa

Image owned by @SwiftOnSecurity

 

If you want to know which sites support two factor authentication go to https://twofactorauth.org.

 

4. Stay updated to data-leak news

Knowing which sites have been compromised is essential for taking action in order to ensure your data is secure.

I recommend haveibeenpwned.com which will send you email notifications whenever your username or email is found in a data dump.