Christopher Sherrod

The Art of Living a Fulfilling Life

3 minute read

A friend of mine got hacked recently, and I helped them recover their account. Here are my notes on how to ensure this doesn’t happen to you.

With digital threats becoming increasingly sophisticated, securing your online presence is more crucial than ever. Two of the most effective methods to safeguard your accounts are using strong, complex passphrases and enabling two-factor authentication (2FA) and passkeys. These measures can significantly reduce the risk of unauthorized access and keep your personal and professional information secure.

Protect Your Identity: Check for Compromised Emails and Phone Numbers

You can check if your email or phone number has been compromised for free at haveibeenpwned.com, which will also provide details on how the leak occurred.

Every year, hundreds of millions of online accounts have their details leaked, including usernames and (usually hashed) passwords. These lists are sold for millions of dollars on the darknet, and hackers use these credentials to access your accounts on various platforms. If you share passwords between accounts, they may be able to access unrelated accounts. Beyond credentials, credit card and social security numbers may also be leaked. Your credit history and overall identity are paramount, and you should be aware of their potential misuse by bad actors.

Great Password managers (which I’ll write about below) tells you what accounts that are compromised as well.

The Importance of Strong Passphrases

A strong passphrase is your first line of defense against cyberattacks. Unlike simple passwords, which are often short and easily guessable, passphrases are longer and more complex, making them much harder for attackers to crack.

What Makes a Good Passphrase?

  1. Length and Complexity: Aim for a passphrase that is at least 12-16 characters long. Combine uppercase and lowercase letters, numbers, and special characters to increase complexity.
  2. Unpredictability: Avoid common words, phrases, or patterns. Use a combination of unrelated words or a sentence that is meaningful to you but difficult for others to guess. For example, “Purple3!ElephantsDance@Dawn” is a strong passphrase.
  3. Uniqueness: Use a unique passphrase for each account. This way, if one account is compromised, the others remain secure. A password manager can help you generate and store unique passphrases without the need to remember each one.

Using a Password Manager

Every login needs a separate passphrase. If a site gets hacked and their logins are stolen, only that site’s passphrase needs to be changed. Reusing passphrases increases the risk of multiple accounts being compromised.

  • Apple’s Built-In Password Manager: Excellent for those using only Apple products.
  • BitWarden: An excellent open-source option for cross platform people. Open-source code can be reviewed for security, ensuring a higher level of trust.

Be cautious when choosing a password manager, as some have been hacked.

Two-Factor Authentication (2FA): An Added Layer of Security

While strong passphrases are crucial, they are not foolproof. Cybercriminals can still exploit vulnerabilities to gain access to your accounts. This is where two-factor authentication (2FA) comes in. 2FA adds another layer of security by requiring two forms of verification before granting access to an account.

How Does 2FA Work?

When you enable 2FA on an account, you’ll need to provide two pieces of evidence to log in:

  1. Something You Know: Typically your password or passphrase.
  2. Something You Have: A code sent to your mobile device, a fingerprint scan, or a hardware token.

Even if a cybercriminal obtains your password, they would still need the second factor to access your account, significantly reducing the risk of unauthorized access.

Sites That Support 2FA

Many popular websites and services support 2FA. For a comprehensive list of sites that support 2FA, visit 2FA Directory. This resource provides detailed information on enabling 2FA for various services, from social media platforms to financial institutions.

Best Practices for Using 2FA

  1. Enable 2FA on All Accounts: Start with your most sensitive accounts, such as email, banking, and social media, and enable 2FA wherever supported.
  2. Use 2FA Hardware Keys: an actual hardware key plugin or tappable is an excellent way to provide your second factor. See Yubico for hardware keys. Human error is the #1 cause of breaches due to phishing. The YubiKey is never fooled, even if users are.
  3. Use Authenticator Apps: Instead of relying on SMS codes, which can be intercepted, use authenticator apps like Google Authenticator or Authy. These apps generate time-based codes that provide an extra layer of security. They are free apps you can install on your iOS or Android devices and require no additional hardware.
  4. Backup Your 2FA Methods: Ensure you have backup methods in place in case you lose access to your primary 2FA method. Many services provide backup codes or the option to add multiple authentication methods.

PassKeys

PassKeys are still relatively new but once have access to it on your password manager upgrade to passkeys. While two-factor authentication (2FA) enhances password security, it’s not entirely foolproof, as some 2FA methods are susceptible to phishing attacks. By using passkeys to log into an account, you can avoid this vulnerability. Passkeys are inherently unique, don’t require memorization, and cannot be phished. Even if a hacker steals a website’s customer login information, that data can’t be used to access that site or others.

Final Thoughts

I know this is complicated to set up and even use at times. But, securing your online accounts is essential in today’s digital world. By using strong, complex passphrases and enabling two-factor authentication and passkeys, you can significantly enhance your online security. Don’t be the easy target. These measures protect your personal information and provide peace of mind in an increasingly connected world. Make it a priority to review your security settings today and take proactive steps to safeguard your digital life.

You may also enjoy