Your biggest online security mistakes (and how to avoid them)

By

Don't let online hackers get into your home...directory. Photo: Scott Schiller/CC
Don't let online hackers get into your home ... directory. Photo: Scott Schiller/Flickr CC Flickr

We all make compromises daily when it comes to online security. Everybody wants to be safe and secure when making purchases online, but practically none of us do everything necessary to keep our data secure.

“People, myself included, are basically lazy,” web developer Joe Tortuga told Cult of Mac, “and ease of use is inversely related to security. If it’s too difficult, then people just won’t do it.”

With all the recent hacks into private as well as corporate data — like the credit card grab from Home Depot and the hack into Sony’s files, there’s no better time to learn some of the things we all can do to protect ourselves. We spoke to some online security experts to get their advice.

“A strong password is one that contains enough separate information to confuse a hacker and any software he might be using to spoof your information.”
–Adam Levin

Tortuga, security expert Adam Levin and Shaun Murphy, CEO of online security agency PrivateGiant, all say we can avoid some of our biggest mistakes with a few simple behavioral fixes.

Don’t reuse user names or email addresses

One thing Murphy suggests is to not reuse your user names or email addresses when signing up for online services.

“What happens is that you build up an online profile of yourself across several sites that hackers can use to guess your weak passwords,” Murphy told Cult of Mac on the phone.

Instead, he suggests that we create unique user names for each new online service we sign up for. The bonus here is that you can write down the user names to remember them; they’re not as sensitive as passwords. He also suggests using something like Gmail aliases to create a new email address for each new sign-up. That way, hackers will have a tougher time figuring out what your password or other personal info might be.

Use secure payment systems (not credit cards)

Murphy suggests moving as much as possible toward things like Apple Pay for all your retail needs, online and off.

“Credit cards are archaic and outdated,” he says, “and using our ancient credit card system breaches the online/real world divide.” This makes it even easier for criminals to get your info.

Murphy suggests using services like PayPal and Google Wallet, as they have very strong security and encryption methods.

“I figured PayPal has a vested interest in not getting hacked/leaking credit cards,” agrees Tortuga, “and will do better than Joe Programmer who doesn’t know as much about it on some random site. The less that information is out there, the smaller the attack surface is.”

Only shop secure websites

Photo: elhombredenegro/Flicker CC
Photo: elhombredenegro/Flickr CC
Security expert Adam Levin adds that making sure you only shop on secure websites is the way to go, and urges everyone to check for the telltale signs of a secure site.

“They’ll have ‘https’ in the address bar and a yellow
padlock logo to the right of the web browser address bar,” Levin says.

He also reminds us that we can double-click on that little lock icon to see the website’s digital certificate, if you want to participate a bit more in the process.

Stop using simple passwords

All three security experts exhorted us to always use strong passwords.

“A strong password,” says Levin, “is one that contains enough separate information to confuse a hacker and any software he might be using to spoof your information.” A password like this will contain at least eight characters, have a combination of uppercase and lowercase letters with at least one number and one symbol, and shouldn’t contain any part of your name.

Both Murphy and Tortuga recommended using software like 1Password and KeePass as ways to manage all these shifting user names and strong, unique passwords.

Tortuga also recommends using two-factor authorization, the system Apple urged its customers to use after the iCloud hacks. He especially suggests using two-factor authorization on your email, since that can be the gateway to many other attacks.

Ultimately, how protected you are depends on how much effort you’re willing to make. If you choose to use the same user name across all your online shopping and social media sites, and simplify your passwords so you can remember them without resorting to a software solution, you just may find yourself a victim of the next big hack. You don’t have to be a computer nerd to get into good habits.

“Security is for everyone,” says Murphy, “not just the tech elite.”

Deals of the Day

  • m4orgot

    I like to use mailinator.com for anonymous, temporary/disposable email addresses. Rarely is it refused and you can make up any unique user name. Very handy!

  • ff11

    So to sum up: Don’t re-use email addresses, don’t re-use names, don’t re-use passwords, and only use complex passwords. In other words, all we have to do is remember an infinite number or user names, email addresses, and complex passwords and we will be safer (as long as we restrict ourselves to secure web sites and change our passwords every couple of months).

    • Grunt_at_the_Point

      Passwords – use a password manager and solve that problem. I use PayPal when possible – its free. I will use Apple Pay as it becomes widely available. Protecting oneself is not as cumbersome as some make it.

      • sanfordandsons

        PayPal is not free, at least to the seller. It’s actually more expensive for the seller to use PP, by about 2%.

      • Grunt_at_the_Point

        Yes, free for the purchaser.

      • sanfordandsons

        Obviously you never took economics. How does that merchant pay for their costs of business?

  • nmt1900

    Yeah right – Paypal with no two-factor authentication (outside US that is) is something with “very strong security”???

  • Hitoshi Anatomi

    Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  It is like we cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images,
    as well as conventional texts.

    By the way, some people shout that the password is dead or should be killed dead. The password could be killed only when there is an alternative to the password.
    Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc). What could be killed is the text password, not the password.