Your biggest online security mistakes (and how to avoid them)


Don't let online hackers get into your Photo: Scott Schiller/CC
Don't let online hackers get into your home ... directory. Photo: Scott Schiller/Flickr CC Flickr

We all make compromises daily when it comes to online security. Everybody wants to be safe and secure when making purchases online, but practically none of us do everything necessary to keep our data secure.

“People, myself included, are basically lazy,” web developer Joe Tortuga told Cult of Mac, “and ease of use is inversely related to security. If it’s too difficult, then people just won’t do it.”

With all the recent hacks into private as well as corporate data — like the credit card grab from Home Depot and the hack into Sony’s files, there’s no better time to learn some of the things we all can do to protect ourselves. We spoke to some online security experts to get their advice.

“A strong password is one that contains enough separate information to confuse a hacker and any software he might be using to spoof your information.”
–Adam Levin

Tortuga, security expert Adam Levin and Shaun Murphy, CEO of online security agency PrivateGiant, all say we can avoid some of our biggest mistakes with a few simple behavioral fixes.

Don’t reuse user names or email addresses

One thing Murphy suggests is to not reuse your user names or email addresses when signing up for online services.

“What happens is that you build up an online profile of yourself across several sites that hackers can use to guess your weak passwords,” Murphy told Cult of Mac on the phone.

Instead, he suggests that we create unique user names for each new online service we sign up for. The bonus here is that you can write down the user names to remember them; they’re not as sensitive as passwords. He also suggests using something like Gmail aliases to create a new email address for each new sign-up. That way, hackers will have a tougher time figuring out what your password or other personal info might be.

Use secure payment systems (not credit cards)

Murphy suggests moving as much as possible toward things like Apple Pay for all your retail needs, online and off.

“Credit cards are archaic and outdated,” he says, “and using our ancient credit card system breaches the online/real world divide.” This makes it even easier for criminals to get your info.

Murphy suggests using services like PayPal and Google Wallet, as they have very strong security and encryption methods.

“I figured PayPal has a vested interest in not getting hacked/leaking credit cards,” agrees Tortuga, “and will do better than Joe Programmer who doesn’t know as much about it on some random site. The less that information is out there, the smaller the attack surface is.”

Only shop secure websites

Photo: elhombredenegro/Flicker CC
Photo: elhombredenegro/Flickr CC
Security expert Adam Levin adds that making sure you only shop on secure websites is the way to go, and urges everyone to check for the telltale signs of a secure site.

“They’ll have ‘https’ in the address bar and a yellow
padlock logo to the right of the web browser address bar,” Levin says.

He also reminds us that we can double-click on that little lock icon to see the website’s digital certificate, if you want to participate a bit more in the process.

Stop using simple passwords

All three security experts exhorted us to always use strong passwords.

“A strong password,” says Levin, “is one that contains enough separate information to confuse a hacker and any software he might be using to spoof your information.” A password like this will contain at least eight characters, have a combination of uppercase and lowercase letters with at least one number and one symbol, and shouldn’t contain any part of your name.

Both Murphy and Tortuga recommended using software like 1Password and KeePass as ways to manage all these shifting user names and strong, unique passwords.

Tortuga also recommends using two-factor authorization, the system Apple urged its customers to use after the iCloud hacks. He especially suggests using two-factor authorization on your email, since that can be the gateway to many other attacks.

Ultimately, how protected you are depends on how much effort you’re willing to make. If you choose to use the same user name across all your online shopping and social media sites, and simplify your passwords so you can remember them without resorting to a software solution, you just may find yourself a victim of the next big hack. You don’t have to be a computer nerd to get into good habits.

“Security is for everyone,” says Murphy, “not just the tech elite.”


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.